| === bittin_ is now known as lunaaabot | ||
| === Lcawte is now known as Lcawte|Away | ||
| JanC | Kartagis: it depends on the web software you use, but I would be surprised if the web server has no (simple) MTA on it, and if not you should probably be able to install one that only relays local mail to your mail server (e.g. nullmailer) | 01:46 |
|---|---|---|
| === Monthrect is now known as Piper-Off | ||
| [Mew2] | hhey guys, how to backup an ubuntu server? | 01:57 |
| patdk-lap | hundreds of ways | 02:02 |
| lordievader | Good morning | 09:04 |
| === Lcawte|Away is now known as Lcawte | ||
| === Guest23594 is now known as EmilienM | ||
| === EmilienM is now known as Guest80105 | ||
| === Guest80105 is now known as EmilienM_ | ||
| === EmilienM__ is now known as EmilienM | ||
| === Piper-Off is now known as Monthrect | ||
| === athairus_oops is now known as athairus | ||
| rinpoo | I have tried to use service iptables restart but I get faild no such file .... I also have ufw running I thought that using both would be more secure, but I get the feeling that ufw interferes with my iptables config | 13:34 |
| rinpoo | should I keep both or use ufw only or iptables only? | 13:35 |
| jdstrand | rinpoo: you can use both, but you need to know what you are doing. in terms of being more secure, it is fine to use just ufw. You may want to look in /etc/ufw/before*.rules if you want to change defaults. I suggest reading 'man ufw-framework' for details | 13:55 |
| === Lcawte is now known as Lcawte|Away | ||
| rinpoo | Ive read that ufw is just a frontend for iptables, I thought they were 2 separate programs. Ill be purging ufw, Im pretty much doing everything myself in the iptables files anyway. | 14:55 |
| jdstrand | ufw is a frontend for iptables. if you are configuring iptables directly, there is no reason to use ufw | 14:57 |
| rinpoo | is there a better alternative to tiger? | 15:26 |
| rinpoo | Im just using it as security audit | 15:30 |
| === Lcawte|Away is now known as Lcawte | ||
| rinpoo | is it possible to use an ip range with ListenAddress in sshd_config? | 18:11 |
| === cpaelzer is now known as cpaelzer_afk | ||
| rinpoo | there is this 192.168.0.1/24 which gives full range from 192.168.0.1 to 255 but I dont really understand how it works and how I can just do 1 to 50 or if it works in the sshd_config | 18:17 |
| jrwren | rinpoo: 24 is a bitmask. look up CIDR notation. | 18:19 |
| jrwren | rinpoo: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation | 18:20 |
| rinpoo | thx | 18:22 |
| rinpoo | so if I want an address range of 32 I need to use 192.168.0.1/27 with an 255.255.255.224 mask is this correct? | 18:27 |
| rinpoo | isnt there something like 192.168.0.1 to 192.168.0.23? | 18:28 |
| teward | rinpoo: by 'range' you mean exactly 32 addresses? | 18:29 |
| teward | because a /27 (255.255.255.224) will give you *30* addresses, I believe, usable | 18:30 |
| teward | and no there's no range that'll cover .1 to .23 | 18:31 |
| jrwren | rinpoo: well, ListenAddress in sshd_config is which addresses to bind on. Its not likely you have 30 addresses on one server, or do you? | 18:31 |
| teward | also, ^ | 18:31 |
| jrwren | rinpoo: what are you trying to do? | 18:31 |
| rinpoo | well Im using dhcp so the ip might change thats why | 18:32 |
| rinpoo | also when friends come over and connect they get different ips | 18:33 |
| teward | um... | 18:33 |
| teward | rinpoo: suggestion: | 18:33 |
| teward | (1) set your DHCP range that DHCP serves from *outside* the entire /24 or whatever's on your net | 18:33 |
| teward | (2) set your server to have a static IP within the /24 that's not in the DHCP range | 18:33 |
| rinpoo | server has static ip | 18:33 |
| teward | ListenAddress should then be that Static IP | 18:33 |
| teward | done | 18:33 |
| rinpoo | ohh ok | 18:33 |
| teward | rinpoo: | 18:34 |
| teward | [2015-12-26 13:32:42] <rinpoo> well Im using dhcp so the ip might change thats why <-- if this is the case then it is NOT static | 18:34 |
| rinpoo | then I missunderstood the whole thing | 18:34 |
| teward | erm i misspoke | 18:34 |
| teward | rinpoo: I meant tell DHCP to serve a specific range of addresses in your /24, and NOT the whole subnet | 18:34 |
| teward | then set the static to an IP not in the DHCP range | 18:34 |
| teward | which, strangely enough, is how I achieve a mix of static AND dynamic addresses on wifi and LAN in my network :P | 18:34 |
| teward | so, .100 - .200 would be the DHCP range | 18:35 |
| rinpoo | no I thought ListenAddress are the IPs the server lsitens too XD | 18:35 |
| rinpoo | listens | 18:35 |
| teward | rinpoo: ListenAddress is the IP of the server itself | 18:35 |
| teward | i.e. what static address it is assigned | 18:35 |
| teward | so if your system gets 192.168.1.150 all the time | 18:35 |
| teward | then ListenAddress is likely 192.168.1.150 | 18:35 |
| teward | so the SSH server binds to that port. | 18:35 |
| teward | for that IP address | 18:35 |
| teward | (so if Port is 22, and ListenAddress is 192.168.1.150, then it will bind to 192.168.1.150:22 | 18:36 |
| teward | and listen there for all incoming connection attempts) | 18:36 |
| jrwren | good dhcp servers bing before assigning address. I use a pretty wide range and a mix of static addresses in that range. YMMV | 18:36 |
| teward | that as wel | 18:36 |
| teward | well* | 18:36 |
| rinpoo | thx a lot | 18:37 |
| teward | jrwren: i take a different approach, either Static DHCP reservations outside the dynamic DHCP range for my static IP things, or static on the servers/systems themselves | 18:37 |
| rinpoo | this would have taken me a whole day otherwise XD | 18:37 |
| teward | in either case *those* systems are always on but meh | 18:37 |
| teward | rinpoo: this is why we're here | 18:37 |
| teward | rinpoo: note that ListenAddress is always the IP of the server, or multiple ListenAddress lines if it's on different LANs or subnets and listens on those, and such. the IP of your other machines on your network getting DHCP should never be an issue | 18:38 |
| jrwren | teward: me too. I was remembering my config wrong. 120-150 dynamic. my static stuff is less than 120. | 18:38 |
| teward | rinpoo: though, if you are getting a dynamic IP, you shouldn't be using a ListenAddress IMO | 18:38 |
| teward | because your IP may change | 18:38 |
| teward | (but if your Server on that network is always getting the same IP (either a static DHCP reservation, or a static IP specifically specified in the server config), then you can set ListenAddress) | 18:39 |
| rinpoo | nono server and router are static, just the client pcs are dynamic | 18:39 |
| teward | rinpoo: OK, that was vague earlier ;) | 18:39 |
| teward | (these kinds of details help expedite identification of answers :P) | 18:39 |
| rinpoo | well I would have told you earlier but you type rly fast | 18:41 |
| rinpoo | but thank you a bunch this was really confusing me | 18:42 |
| rinpoo | or better you two | 18:45 |
| === cpaelzer_afk is now known as cpaelzer | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!