=== jelly-home is now known as jelly
=== markthomas is now known as markthomas|away
bananapieHello, other than iptables, what might block a packet from leaving a linux server that shows up on tcpdump but not on the other computer on the same subnet/switch ?01:47
sarnoldvlans? smart-switch with acls to enforce?01:48
bananapieSo I have a server B connected via lan/switch to server A which is connected to server C via OpenVPN, server C is connected to the lan
bananapiefrom server B I can ping
bananapiebut from server C I can not ping server B.01:50
bananapieafter some investigating, tcpdump shows the packets exiting server A on the correct interface towards server B01:50
bananapiebut server B never receives the packets ( checked with tcpdump ).01:50
bananapieI added iptables -I FORWARD -s -j ACCEPT to server A thinking it would fix the issue01:51
bananapiethe packet counters show that the packets are being accepted by the new rule01:51
bananapiebut I can't see the packets hitting server B01:51
bananapieserver B and server A are on the subnet and the VPN is
bananapiethis should be straightforward, but I can't figure it out01:52
bananapieserver A and server B can communicate in both directions ( confirmed with pings )01:52
bananapieserver A and C can communicate in both directions ( confirmed with pings )01:52
bananapiebut for some reason that is beyond me, A and C can not communicate01:52
bananapieip_forward = 1 in /proc/sys/net/....01:53
bananapieit gets weirder.01:54
bananapieI added "iptables -t nat -I POSTROUTING -s -j MASQUERADE" which causes to appear as to server B01:55
bananapieand now the pings are going through01:55
bananapiemy switch has vlans but should not be filtering ips in any way01:55
bananapieI never configured ACL on the switch01:55
bananapietcpdump run on both the tun0 interface and the eth0 interface show the packets, so the issue is not with openvpn01:57
bananapieroute -n shows the right IPs on the right interfaces01:57
bananapieI also have server D which is connected to the same VPN with lan, and it pings server B without issue01:58
bananapieI figured it out02:03
bananapieserver A turns out to be a virtual server and the host machine has a virbr0 interface with a conflicting ip02:03
sarnoldd'oh :)02:04
bananapieat least I figured it out02:04
bananapiei forgot that A was a virtual server02:04
bananapiegood thing I know what I am doing :$02:04
bananapiethe virtual host is masquerading my stuff02:05
bananapieI removed the offending rule from iptables -t nat, but the stuff is still masqueraded I need to reset the ip connections tracked by iptables02:06
bananapiehow do I tell iptables to reset all the connections masquerade is following?02:09
patdk-lapyou don't02:09
patdk-lapiptables has no effect on that kind of thing02:09
sarnoldtry something like echo 1 > /proc/sys/net/ipv4/ip_conntrack_max ; echo whatever > /proc/sys/net/ipv4/ip_conntrack_max02:10
patdk-lapor just use the conntrack program02:10
patdk-lapand tell it to flush02:10
sarnoldhow decadent :)02:10
bananapieIT WORKED :D02:11
bananapieI did conntrack -F and it reset everything02:11
bananapiethanks :D02:11
=== CiPi is now known as cipi
sdfsfhi, my server hp is dead, in this server i have 5 disks (OS Windows 2008 R2 with VM Hyper-V), i can install these disks in ubuntu OS without losing data?08:35
lordievaderGood morning.08:38
sysrexhi guys, I have a stupid question, I have seen someone gzip -9c files but can't find anywhere in the man page what the 9 stands for08:38
mybalzitchcompression level08:39
sysrexmybalzitch, could you please be a bit more specific08:39
sysrexmeaning a higher compression level?08:40
sysrexoh , thanks08:40
sysrexjust wondering, what that switch does08:40
fishcookerif i have a list of packages a b c and d in case no dependency between them... which one will be installed on the first place..eg: apt-get -y install fail2ban python-paramiko mc git-core10:04
cluelesspersonsomething's really screwed up with permissions10:58
=== cipi is now known as CiPi
=== TheRealAlexz is now known as theRealAlexz
dddddmy server hp proliant is dead, the server hp have 5 disks, 1 physical Windows Server 2008 R2 and 3 vm hyper-v, i would want load these disks in a system Ubuntu Server on other server hp poweredge r510, is possible?12:55
dddddmy server hp proliant is dead, the server hp have 5 disks, 1 physical Windows Server 2008 R2 and 3 vm hyper-v, i would want load these disks in a system Ubuntu Server on other server DELL poweredge r510, is possible?12:56
mybalzitchare you planning on installing ubuntu on those drives?12:57
mybalzitchor just mounting them12:57
dddddonly mount12:58
dddddi want mount this disks how virtualmachine12:58
dddddis possible12:58
mybalzitchassuming you weren't using hardware raid12:59
lordievaderddddd: Wait, do you want to run hyper-v vm's under Linux?13:00
dddddlordievader: yes13:01
lordievaderDon't think that is possible, but I have never researched it.13:02
dddddmybalzitch i believe that what is raid13:02
mybalzitchlordievader: he should be able to boot them inside of virtualbox13:02
lordievaderI guess if you can get to the disks of the vm's you can put them in kvm and run it that way.13:02
dddddbut i am I am not sure13:03
dddddwhat is kvm?13:05
mybalzitchddddd: a way to virtualize under linux13:05
=== sysrex_ is now known as sysrex
=== markthomas|away is now known as markthomas
tobyjI'm working on getting a diskless boot working from an ubuntu server17:51
tobyjthe kernel boots just fine, but the nfs share with the filesystem on it never mounts17:52
tobyjpermission denied, NFS over TCP not available from
tobyjwhen it clearly is17:52
tobyjAny help?17:59
herrkinhi community, yesterday I could ssh into the server I did apt-get update and upgrade, after that I cant even ping it.18:01
herrkinthe server runs fine, it pings google, everything seems ok18:02
herrkinI am in a different network segment from the server. if I plug the server eth cable to another machine and config the same values as the server  to it it pings but the server wont18:03
herrkinthats very weird to me.18:03
gerwintmg@herrkin check if iptables has updated or any other network related service. it could be that a service needs a restart18:21
=== markthomas is now known as markthomas|away
CapprenticeHi! I want to run two Caching DNS Resolvers in a single Machine! Is it possible?19:27
bekksNo, since DNS is using port 53, which cannot be used by two services at a time.19:27
sarnoldbekks: sure it can, they just need to bind to different IP addresses19:28
sarnoldone can bind to, and the other to ...19:28
bekkssarnold: Yeah, that would be working.19:29
Capprenticesamold: How do I bind them?19:30
CapprenticeWhat resolvers are capable of this?19:30
CapprenticeCan dnsmasq and bind can do?19:30
bekksCapprentice: All DNS servers can be bound to a specific IP address, in their config.19:30
CapprenticeWhat should I put in /etc/network/interfaces as dns-nameservers? I normally use !19:31
bekksCapprentice: then you are using dnsmasq by default.19:32
sarnoldCapprentice: you'd select whichever one you actually wanted to use19:33
CapprenticeYes I am! But in a server which will be used by others what should I put there? I can not put the ips which im bind the dns resolvers to! That will probably create a loop!19:33
bekksYou dont need to use ! that often. And why cant you put the IPs there?19:34
CapprenticeRequest coming to the IP and then request goes back to!19:34
bekksCapprentice: you dont need an exclamation mark at the end every sentence.19:34
Capprenticeeverything is surprising to me (^___^)19:35
=== Luke_ is now known as Luke
=== keithzg_ is now known as keithzg
jellyCapprentice: most sane recursor software has some sort of "listen-interface" and/or "local-address" option to specify which IP or interface to listen on19:44
Capprenticejelly: How to use root servers in DNSMasq?19:45
jellyone would hope it uses them by default?19:45
jellyhow else would it work19:46
sarnolddnsmasq does everything, it can also run as a dns forwarder19:47
jellysorry, the only time I've seen dnsmasq used is in NetworkManager applets when internet sharing is enabled19:47
sarnoldyou can build some mighty difficult to debug things out of it -- run one for libvirt, one for lxc, one for local caching, configure them to forward queries to each other, and your VMs might not be able to look up LXC guests, or vice-versa..19:48
sarnold.. but if you configure your vms with one fake tld, and your lxcs with a different fake tld, you make mostly make things work.19:50
* jelly uses either dnscache (which is trivial to configure bind ip address in) or pdns-recursor (which has an obvious local-address option in the config file)19:51
=== markthomas|away is now known as markthomas
stallmendw1: why do you use ubuntu22:03
=== Lcawte is now known as Lcawte|Away
esdeWhen I run aptitude install -f on an ubuntu server i've configured, this is the result http://pastie.org/private/9vvdtet20mdwoqtqkr4ga. the packages i've got installed up to this point are http://pastie.org/private/keo1olcsmnrxgnjdzduqia. how can i determine which package(s) are triggering aptitude to want to install all those packages?.22:24
tarpmanesde: try 'aptitude why' on one of the named packages. or run aptitude in interactive mode (with no arguments) and inspect some packages22:26
esdefor the first few packages I tried that command with it returned "Unable to find a reason to install X"22:29
tarpmanesde: I'd guess that wireshark and ubuntu-dev-tools are the roots of most of those, but I can't say why it wants to install them22:29
esdenot literally X,  but each package i tried22:29
esdewireshark was one of the packages that said "Unable to find a reason to install"22:30
tarpmandoes "apt-get -f install" also want to install those packages? I've seen apt and aptitude develop mismatched ideas of desired package states22:30
esdeit does not22:31
tarpmanaptitude has a menu entry to reset package states, IIRC22:31
tarpman"Cancel pending actions" in the Actions menu, possibly22:31
esdeI never used apt-get on this install, only aptitude from the start. That's best practice? or no22:31
tarpmanI prefer apt-get these days. it has learned most of the features that used to distinguish aptitude, and is more actively developed/fixed22:32
tarpmanbut AFAIK both should be usable and supported22:32
tarpmanand aptitude's searching/selecting abilities are still unbeatable :)22:33
esdeit worked!22:35
esdealso i think it's great that aptitude has minesweeper built-in22:35

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!