=== jelly-home is now known as jelly | ||
=== markthomas is now known as markthomas|away | ||
bananapie | Hello, other than iptables, what might block a packet from leaving a linux server that shows up on tcpdump but not on the other computer on the same subnet/switch ? | 01:47 |
---|---|---|
sarnold | vlans? smart-switch with acls to enforce? | 01:48 |
bananapie | So I have a server B connected via lan/switch to server A which is connected to server C via OpenVPN, server C is connected to the lan 192.168.122.0/24. | 01:50 |
bananapie | from server B I can ping 192.168.122.1 | 01:50 |
bananapie | but from server C I can not ping server B. | 01:50 |
bananapie | after some investigating, tcpdump shows the packets exiting server A on the correct interface towards server B | 01:50 |
bananapie | but server B never receives the packets ( checked with tcpdump ). | 01:50 |
bananapie | I added iptables -I FORWARD -s 192.168.122.0/24 -j ACCEPT to server A thinking it would fix the issue | 01:51 |
bananapie | the packet counters show that the packets are being accepted by the new rule | 01:51 |
bananapie | but I can't see the packets hitting server B | 01:51 |
bananapie | :( | 01:51 |
bananapie | server B and server A are on the subnet 192.168.2.0 and the VPN is 192.168.3.0 | 01:51 |
bananapie | this should be straightforward, but I can't figure it out | 01:52 |
bananapie | server A and server B can communicate in both directions ( confirmed with pings ) | 01:52 |
bananapie | server A and C can communicate in both directions ( confirmed with pings ) | 01:52 |
bananapie | but for some reason that is beyond me, A and C can not communicate | 01:52 |
bananapie | ip_forward = 1 in /proc/sys/net/.... | 01:53 |
bananapie | it gets weirder. | 01:54 |
bananapie | I added "iptables -t nat -I POSTROUTING -s 192.168.122.0/24 -j MASQUERADE" which causes 192.168.122.0/24 to appear as 192.168.2.1 to server B | 01:55 |
bananapie | and now the pings are going through | 01:55 |
bananapie | my switch has vlans but should not be filtering ips in any way | 01:55 |
bananapie | I never configured ACL on the switch | 01:55 |
bananapie | tcpdump run on both the tun0 interface and the eth0 interface show the packets, so the issue is not with openvpn | 01:57 |
bananapie | route -n shows the right IPs on the right interfaces | 01:57 |
bananapie | I also have server D which is connected to the same VPN with lan 192.168.10.0/24, and it pings server B without issue | 01:58 |
bananapie | I figured it out | 02:03 |
bananapie | server A turns out to be a virtual server and the host machine has a virbr0 interface with a conflicting ip | 02:03 |
sarnold | d'oh :) | 02:04 |
bananapie | at least I figured it out | 02:04 |
bananapie | i forgot that A was a virtual server | 02:04 |
bananapie | good thing I know what I am doing :$ | 02:04 |
bananapie | the virtual host is masquerading my stuff | 02:05 |
bananapie | I removed the offending rule from iptables -t nat, but the stuff is still masqueraded I need to reset the ip connections tracked by iptables | 02:06 |
bananapie | how do I tell iptables to reset all the connections masquerade is following? | 02:09 |
patdk-lap | you don't | 02:09 |
patdk-lap | iptables has no effect on that kind of thing | 02:09 |
bananapie | crap | 02:10 |
sarnold | try something like echo 1 > /proc/sys/net/ipv4/ip_conntrack_max ; echo whatever > /proc/sys/net/ipv4/ip_conntrack_max | 02:10 |
patdk-lap | or just use the conntrack program | 02:10 |
patdk-lap | and tell it to flush | 02:10 |
sarnold | how decadent :) | 02:10 |
bananapie | IT WORKED :D | 02:11 |
bananapie | thaks | 02:11 |
bananapie | I did conntrack -F and it reset everything | 02:11 |
bananapie | thanks :D | 02:11 |
=== CiPi is now known as cipi | ||
sdfsf | hi, my server hp is dead, in this server i have 5 disks (OS Windows 2008 R2 with VM Hyper-V), i can install these disks in ubuntu OS without losing data? | 08:35 |
lordievader | Good morning. | 08:38 |
sysrex | hi guys, I have a stupid question, I have seen someone gzip -9c files but can't find anywhere in the man page what the 9 stands for | 08:38 |
mybalzitch | compression level | 08:39 |
sysrex | mybalzitch, could you please be a bit more specific | 08:39 |
sysrex | meaning a higher compression level? | 08:40 |
mybalzitch | yes | 08:40 |
sysrex | oh , thanks | 08:40 |
sysrex | just wondering, what that switch does | 08:40 |
fishcooker | if i have a list of packages a b c and d in case no dependency between them... which one will be installed on the first place..eg: apt-get -y install fail2ban python-paramiko mc git-core | 10:04 |
cluelessperson | something's really screwed up with permissions | 10:58 |
=== cipi is now known as CiPi | ||
=== TheRealAlexz is now known as theRealAlexz | ||
ddddd | my server hp proliant is dead, the server hp have 5 disks, 1 physical Windows Server 2008 R2 and 3 vm hyper-v, i would want load these disks in a system Ubuntu Server on other server hp poweredge r510, is possible? | 12:55 |
ddddd | my server hp proliant is dead, the server hp have 5 disks, 1 physical Windows Server 2008 R2 and 3 vm hyper-v, i would want load these disks in a system Ubuntu Server on other server DELL poweredge r510, is possible? | 12:56 |
mybalzitch | maybe | 12:57 |
mybalzitch | are you planning on installing ubuntu on those drives? | 12:57 |
mybalzitch | or just mounting them | 12:57 |
ddddd | only mount | 12:58 |
ddddd | i want mount this disks how virtualmachine | 12:58 |
ddddd | is possible | 12:58 |
mybalzitch | yes | 12:59 |
mybalzitch | assuming you weren't using hardware raid | 12:59 |
lordievader | ddddd: Wait, do you want to run hyper-v vm's under Linux? | 13:00 |
ddddd | lordievader: yes | 13:01 |
lordievader | Don't think that is possible, but I have never researched it. | 13:02 |
ddddd | mybalzitch i believe that what is raid | 13:02 |
mybalzitch | lordievader: he should be able to boot them inside of virtualbox | 13:02 |
lordievader | I guess if you can get to the disks of the vm's you can put them in kvm and run it that way. | 13:02 |
ddddd | but i am I am not sure | 13:03 |
ddddd | what is kvm? | 13:05 |
mybalzitch | ddddd: a way to virtualize under linux | 13:05 |
=== sysrex_ is now known as sysrex | ||
=== markthomas|away is now known as markthomas | ||
tobyj | hello | 17:51 |
tobyj | I'm working on getting a diskless boot working from an ubuntu server | 17:51 |
tobyj | the kernel boots just fine, but the nfs share with the filesystem on it never mounts | 17:52 |
tobyj | permission denied, NFS over TCP not available from 10.0.0.1 | 17:52 |
tobyj | when it clearly is | 17:52 |
tobyj | Any help? | 17:59 |
herrkin | hi community, yesterday I could ssh into the server I did apt-get update and upgrade, after that I cant even ping it. | 18:01 |
herrkin | the server runs fine, it pings google, everything seems ok | 18:02 |
herrkin | I am in a different network segment from the server. if I plug the server eth cable to another machine and config the same values as the server to it it pings but the server wont | 18:03 |
herrkin | thats very weird to me. | 18:03 |
gerwintmg | @herrkin check if iptables has updated or any other network related service. it could be that a service needs a restart | 18:21 |
=== markthomas is now known as markthomas|away | ||
Capprentice | Hi! I want to run two Caching DNS Resolvers in a single Machine! Is it possible? | 19:27 |
bekks | No, since DNS is using port 53, which cannot be used by two services at a time. | 19:27 |
sarnold | bekks: sure it can, they just need to bind to different IP addresses | 19:28 |
sarnold | one can bind to 10.0.0.2:53, and the other to 192.168.0.2:53 ... | 19:28 |
bekks | sarnold: Yeah, that would be working. | 19:29 |
Capprentice | samold: How do I bind them? | 19:30 |
Capprentice | What resolvers are capable of this? | 19:30 |
Capprentice | Can dnsmasq and bind can do? | 19:30 |
bekks | Capprentice: All DNS servers can be bound to a specific IP address, in their config. | 19:30 |
Capprentice | What should I put in /etc/network/interfaces as dns-nameservers? I normally use 127.0.0.1 ! | 19:31 |
bekks | Capprentice: then you are using dnsmasq by default. | 19:32 |
sarnold | Capprentice: you'd select whichever one you actually wanted to use | 19:33 |
Capprentice | Yes I am! But in a server which will be used by others what should I put there? I can not put the ips which im bind the dns resolvers to! That will probably create a loop! | 19:33 |
bekks | You dont need to use ! that often. And why cant you put the IPs there? | 19:34 |
Capprentice | Request coming to the IP 10.0.0.2 and then request goes back to 10.0.0.2! | 19:34 |
sarnold | why? | 19:34 |
bekks | Capprentice: you dont need an exclamation mark at the end every sentence. | 19:34 |
Capprentice | everything is surprising to me (^___^) | 19:35 |
=== Luke_ is now known as Luke | ||
=== keithzg_ is now known as keithzg | ||
jelly | Capprentice: most sane recursor software has some sort of "listen-interface" and/or "local-address" option to specify which IP or interface to listen on | 19:44 |
Capprentice | jelly: How to use root servers in DNSMasq? | 19:45 |
jelly | one would hope it uses them by default? | 19:45 |
jelly | how else would it work | 19:46 |
sarnold | dnsmasq does everything, it can also run as a dns forwarder | 19:47 |
jelly | sorry, the only time I've seen dnsmasq used is in NetworkManager applets when internet sharing is enabled | 19:47 |
sarnold | you can build some mighty difficult to debug things out of it -- run one for libvirt, one for lxc, one for local caching, configure them to forward queries to each other, and your VMs might not be able to look up LXC guests, or vice-versa.. | 19:48 |
sarnold | .. but if you configure your vms with one fake tld, and your lxcs with a different fake tld, you make mostly make things work. | 19:50 |
* jelly uses either dnscache (which is trivial to configure bind ip address in) or pdns-recursor (which has an obvious local-address option in the config file) | 19:51 | |
=== markthomas|away is now known as markthomas | ||
stallmen | dw1: why do you use ubuntu | 22:03 |
patdk-lap | !poll | 22:05 |
=== Lcawte is now known as Lcawte|Away | ||
esde | When I run aptitude install -f on an ubuntu server i've configured, this is the result http://pastie.org/private/9vvdtet20mdwoqtqkr4ga. the packages i've got installed up to this point are http://pastie.org/private/keo1olcsmnrxgnjdzduqia. how can i determine which package(s) are triggering aptitude to want to install all those packages?. | 22:24 |
tarpman | esde: try 'aptitude why' on one of the named packages. or run aptitude in interactive mode (with no arguments) and inspect some packages | 22:26 |
esde | for the first few packages I tried that command with it returned "Unable to find a reason to install X" | 22:29 |
tarpman | esde: I'd guess that wireshark and ubuntu-dev-tools are the roots of most of those, but I can't say why it wants to install them | 22:29 |
esde | not literally X, but each package i tried | 22:29 |
esde | wireshark was one of the packages that said "Unable to find a reason to install" | 22:30 |
tarpman | does "apt-get -f install" also want to install those packages? I've seen apt and aptitude develop mismatched ideas of desired package states | 22:30 |
esde | ah | 22:30 |
esde | it does not | 22:31 |
tarpman | right | 22:31 |
tarpman | aptitude has a menu entry to reset package states, IIRC | 22:31 |
tarpman | "Cancel pending actions" in the Actions menu, possibly | 22:31 |
esde | I never used apt-get on this install, only aptitude from the start. That's best practice? or no | 22:31 |
tarpman | I prefer apt-get these days. it has learned most of the features that used to distinguish aptitude, and is more actively developed/fixed | 22:32 |
tarpman | but AFAIK both should be usable and supported | 22:32 |
tarpman | and aptitude's searching/selecting abilities are still unbeatable :) | 22:33 |
esde | great | 22:33 |
esde | it worked! | 22:35 |
tarpman | great | 22:35 |
esde | also i think it's great that aptitude has minesweeper built-in | 22:35 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!