1117843656 P * terr 1117844112 Q * monrad Quit: Leaving 1117844602 Q * shuri Read error: Connection reset by peer 1117845174 Q * brc Ping timeout: 480 seconds 1117845195 J * brc bruce@201008077213.user.veloxzone.com.br 1117845748 Q * alexx Ping timeout: 480 seconds 1117846051 J * alexx ~alexx@82.225.136.176 1117846398 J * nix101 ~nix101@219-88-174-96.jetstream.xtra.co.nz 1117846423 M * nix101 can someone help me with a mounting problem 1117846448 N * Bertl_oO Bertl 1117846483 M * Bertl evening folks! 1117846491 M * Bertl nix101: maybe, what's up? 1117846491 M * nix101 hi 1117846492 M * Loki|muh_ morning Bertl 1117846523 M * nix101 i get the error "wrong fs type, bad option, bad superblock on /dev/loop0, or too many mounted file systems" 1117846533 Q * alexx Ping timeout: 480 seconds 1117846562 M * Bertl nix101: inside a vserver? 1117846581 M * nix101 whats a vsevver 1117846610 M * Bertl how's that channel called again? 1117846622 M * Bertl #offtopic? 1117846623 M * nix101 u i think im in the wrong place 1117846633 M * nix101 sorry 1117846647 M * Bertl np 1117846649 M * jkl_ hehe 1117846664 M * Bertl nix101: chances are good that the error is correct 1117846676 M * nix101 you dont happen to know a good channel for general linux help do you? 1117846806 M * Bertl no, actually not ... there are a lot of distro specific channels ... and #kernelnewbies for kernel related stuff 1117846828 J * alexx ~alexx@82.225.136.176 1117846834 J * eXplasm2 explasm@p549FF304.dip.t-dialin.net 1117846868 M * Bertl nix101: google returned http://www.faqs.org/docs/linux_admin/x2855.html 1117847085 Q * alexx Quit: 1117847217 Q * nix101 Quit: Leaving 1117847275 Q * eXplasm Ping timeout: 480 seconds 1117847967 M * Bertl okay, I'm off to bed now ... night everyone! 1117847999 N * Bertl Bertl_zZ 1117848231 J * Guest6982569 freebsd@219.95.13.249 1117851012 M * jkl_ anyone around that is good with vservers in gentoo? 1117851968 M * jkl_ anyone know what is_vserver_guest is? 1117855184 J * hillct ~hillct@client200-5.dsl.intrex.net 1117855463 M * hillct hi all! 1117855642 M * hillct I wanted to get the consensus feeling on memory rlimits. Suppose I wanted to limit a vserver to 2GB ram. What combination of core, rss and ( that's the other, Share? ) should make up that 2GB? Any rules of thumb in this regard? 1117857615 Q * _mountie Quit: LUNCK! 1117857827 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1117858719 Q * cryo Ping timeout: 480 seconds 1117860057 J * _mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1117860057 Q * mountie Read error: Connection reset by peer 1117860343 N * Guest6982569 MrX 1117861228 J * cryo ~say@212.86.243.154 1117862388 Q * MrX Remote host closed the connection 1117870854 Q * hillct plasma.oftc.net uranium.oftc.net 1117870854 Q * rs plasma.oftc.net uranium.oftc.net 1117870854 Q * jkl_ plasma.oftc.net uranium.oftc.net 1117870854 Q * Doener` plasma.oftc.net uranium.oftc.net 1117870854 Q * Pazzo plasma.oftc.net uranium.oftc.net 1117870854 Q * romke plasma.oftc.net uranium.oftc.net 1117870854 Q * albeiro plasma.oftc.net uranium.oftc.net 1117870854 Q * zimbo plasma.oftc.net uranium.oftc.net 1117870854 Q * lilo plasma.oftc.net uranium.oftc.net 1117870854 Q * mcp plasma.oftc.net uranium.oftc.net 1117870854 Q * maharaja plasma.oftc.net uranium.oftc.net 1117870854 Q * FaUl plasma.oftc.net uranium.oftc.net 1117870854 Q * janra plasma.oftc.net uranium.oftc.net 1117870854 Q * locksy plasma.oftc.net uranium.oftc.net 1117870854 Q * Loki|muh_ plasma.oftc.net uranium.oftc.net 1117870854 Q * DaPhreak plasma.oftc.net uranium.oftc.net 1117870854 Q * meebey plasma.oftc.net uranium.oftc.net 1117870854 Q * gaba plasma.oftc.net uranium.oftc.net 1117870854 Q * eXplasm2 plasma.oftc.net uranium.oftc.net 1117870854 Q * DaCa plasma.oftc.net uranium.oftc.net 1117870854 Q * Vudumen plasma.oftc.net uranium.oftc.net 1117870854 Q * virtuoso plasma.oftc.net uranium.oftc.net 1117870854 Q * Beave plasma.oftc.net uranium.oftc.net 1117870854 Q * duckx plasma.oftc.net uranium.oftc.net 1117870854 Q * ola_ plasma.oftc.net uranium.oftc.net 1117870854 Q * pusling plasma.oftc.net uranium.oftc.net 1117870854 Q * SNy plasma.oftc.net uranium.oftc.net 1117870854 Q * BWare plasma.oftc.net uranium.oftc.net 1117870854 Q * bro plasma.oftc.net uranium.oftc.net 1117870854 Q * case plasma.oftc.net uranium.oftc.net 1117870854 Q * Seraph plasma.oftc.net uranium.oftc.net 1117870854 Q * Hunger plasma.oftc.net uranium.oftc.net 1117870854 Q * stupidawy plasma.oftc.net uranium.oftc.net 1117870864 J * hillct ~hillct@client200-5.dsl.intrex.net 1117870864 J * eXplasm2 explasm@p549FF304.dip.t-dialin.net 1117870864 J * rs ~rs@imhotep.rhapsodyk.net 1117870864 J * jkl_ eric@c-67-173-254-242.hsd1.co.comcast.net 1117870864 J * DaCa ~danny@mail.limehouse.org 1117870864 J * Doener` ~doener@p548746C3.dip.t-dialin.net 1117870864 J * Pazzo ~Pazzo@host130-250.pool8172.interbusiness.it 1117870864 J * Vudumen vudumen@perverz.hu 1117870864 J * romke ~romke@procyon.romke.net 1117870864 J * albeiro ~albeiro@albeiro.usercloak.oftc.net 1117870864 J * zimbo ~zimbo@callisto.dom.bonis.de 1117870864 J * virtuoso ~s0t0na@80.253.205.251 1117870864 J * lilo ~lilo@lilo.usercloak.oftc.net 1117870864 J * mcp ~hightower@wolk-project.de 1117870864 J * Beave ~beave@vistech.org 1117870864 J * duckx ~Duck@81.57.39.234 1117870864 J * ola_ ~ola@213.115.168.248 1117870864 J * pusling ~pusling@195.215.29.124 1117870864 J * SNy ~mfr@217.20.120.199 1117870864 J * meebey meebey@booster.qnetp.net 1117870864 J * DaPhreak ~phreak@lms.rz.uni-greifswald.de 1117870864 J * Loki|muh_ loki@satanix.de 1117870864 J * locksy ~locksy@mrtg.sisgroup.com.au 1117870864 J * janra janra@paradox.homeip.net 1117870864 J * FaUl ~immo@ip88.164.1211G-CUD12K-01.ish.de 1117870864 J * maharaja maharaja@ipax.at 1117870864 J * gaba ~gaba@protest.net 1117870864 J * Hunger Hunger.hu@Hunger.hu 1117870864 J * Seraph kk@projects.verfaction.de 1117870864 J * case ~case@donpanic.faveve.uni-stuttgart.de 1117870864 J * bro ~vanity@lanparty.lv 1117870864 J * BWare ~bware@office.intouch.net 1117870864 J * stupidawy foo@you.wish.you.were.pimp.olicio.us 1117871908 J * erwan_ho ~erwan@konilope.dyndns.org 1117872768 J * MattAR DVK@12-216-183-112.client.mchsi.com 1117872773 M * MattAR has anyone seen aaronwl lately 1117875131 J * alexx ~alexx@82.225.136.176 1117878007 J * robig ~robig_m@envoppp26.envia-tel.de 1117878011 M * robig moin 1117878022 M * robig or good morning :) 1117878103 M * robig can sb tell me how to make quota on my vserver? 1117879169 J * nox ~nox@noxlux.de 1117879965 P * nox 1117880075 J * nox ~nox@noxlux.de 1117881703 Q * nox Quit: Lost terminal 1117881732 J * nox ~nox@noxlux.de 1117883154 M * robig can sb tell me how to use quota on my vserver? 1117883834 J * Aiken ~james@tooax6-194.dialup.optusnet.com.au 1117886515 Q * Aiken Quit: Leaving 1117888009 N * Bertl_zZ Bertl 1117888030 M * robig hi Bertl 1117888051 M * Bertl hey, do you know how to use quota on a normal linux system? 1117888084 M * Bertl MattAR: no, who should s/he be? 1117888186 M * robig i think so 1117888214 M * robig an a normal system i would have to edit the fstab 1117888216 M * Bertl robig: so you setup a vroot device for the real device the guest is on 1117888240 M * Bertl you copy the vroot device over into the guest as hdv1 1117888251 M * Bertl then you adjust the mtab (fstab is not relevant) 1117888282 M * Bertl from there on, quota works as normal, given that your context has the quota capability 1117888722 M * robig when i write ,usrquota,grpquota to mtab it will be lost on reboot? 1117888806 M * Bertl what does your mtab contain right now (inside the guest)? 1117888853 M * robig none /proc proc defaults 0 0 1117888853 M * robig none /tmp tmpfs size=16m,mode=1777 0 0 1117888853 M * robig none /dev/pts devpts gid=5,mode=620 0 0 1117888864 M * robig none /proc proc defaults 0 0 1117888864 M * robig none /tmp tmpfs size=16m,mode=1777 0 0 1117888864 M * robig none /dev/pts devpts gid=5,mode=620 0 0 1117888868 M * robig hmpf 1117888889 M * Bertl no entry for / ? 1117888897 M * robig first line /dev/hdv1 / ufs defaults 0 0 1117888925 M * robig my irc client thinks i write a command 1117888958 M * Bertl let me check something ... 1117888975 M * FaUl narf *higlhilgt* 1117889142 M * Bertl it's not my fault ;) 1117889154 M * FaUl narf ;-) 1117889190 M * Bertl robig: there's a config file called mtab 1117889208 M * Bertl it exists for all guests and one for each guest 1117889224 M * Bertl http://www.nongnu.org/util-vserver/doc/conf/configuration.html 1117889250 J * terr ~gilles@ip-213-49-114-75.dsl.scarlet.be 1117889264 M * Bertl hey terr! 1117889286 M * Bertl robig: you want to have something like this: 1117889287 M * Bertl /dev/hdv1 / ufs rw,usrquota,grpquota 0 0 1117889302 M * terr Hi! I didn't really expect to se you on the w-e ;-) 1117889342 M * Bertl robig: I guess the other entries /proc and /tmp will be added automatically ... 1117889368 M * Bertl terr: yeah? 1117889371 M * robig ok so i create a new file in /etc/vservers/myvs/apps/init 1117889496 M * Bertl yep, which contains just the one line (file called mtab) 1117889514 M * Bertl then restart the guest, and see if the mtab inside is correct 1117889531 M * robig nope: /dev/hdv1 / ufs defaults 0 0 1117889544 M * Bertl okay, so you ahve to add the others too ... 1117889553 M * terr Bertl: Have you some time to enlighten me further on routing? 1117889556 M * Bertl ah, no, wait, it got replaced? 1117889579 M * Bertl terr: guess so, what are you working on this time? 1117889627 M * terr I've sent a message to the ML on my last observations. Did you read it yet? 1117889716 M * Bertl very brief ... yes 1117889739 M * terr ... Mostly trying to understand what's going on during routing. 1117889821 M * terr Something not clear in my description? 1117889830 M * robig it takes no effect 1117890127 M * robig hm.. ive to go now.. 1117890131 M * robig cu 1117890139 Q * robig Quit: Miranda IM! Smaller, Faster, Easier. http://miranda-im.org 1117890162 N * _mountie mountie 1117891381 M * Bertl terr: so you are still working on that setup, it seems ... 1117891430 M * Bertl maybe I should make another example which uses vserver guests? 1117891621 M * terr I succeeded to set up the first part (fully based on your example): 1117891645 M * terr Guest 1 <-> FW <-> Guest 2 1117891671 M * Bertl ah, okay, did extract that from the email ;) 1117891678 M * Bertl s/did/didn't/ 1117891716 M * terr Now I could use a few answers to the questions I asked in the messages to help me understand some more about how routing works. 1117891770 M * Bertl okay, maybe you could repeat them here? 1117891846 M * terr OK. First one: What is the purpose of the "ip route del 172.16.0.0/16" command (and why did I have to remove it to make the setup work)? 1117891874 M * terr (this was in "Host 1 Magic") 1117891926 M * Bertl well, I do not know _why_ you _had_ to remove it ... 1117891944 M * Bertl because, if there is a proper routing table configured 1117891969 M * Bertl then the main routing table (which is addressed here) should not be consulted in the first place 1117892000 M * terr I had to remove it, because it removed my interfaces altogether! 1117892031 M * Bertl you sure about that? 1117892088 M * terr Yes, and then RTNETLINK complained (obviously) "Network unreachable" when attempting to set the new route. 1117892154 M * terr But since the user's tables have higher priority (lower sequence order) than main, 1117892189 M * terr it's no problem to leave it (and, actually, it works as expected). 1117892430 M * Bertl terr: who is setting a new route after that? 1117892577 M * terr Well, I tried to move the "ip route del ..." before and after the other route invocation, without any luck: it just removed the interfaces. 1117892597 M * terr Then I tried without it, and it worked! 1117892686 M * Bertl so, why does it work for me? 1117892724 M * terr I would be happy to know that too :-) 1117892866 M * terr Note that there are some differences between your example and what I used: 1117892940 M * terr Here, all interfaces configurations (ifconfig, vconfig) are done previously (i.e. not in the special routing script). 1117892978 M * Bertl special routing script? 1117893044 M * terr Yes, a small script containing only the "ip" and "iptables" magical invocations of your example. 1117893089 M * terr Shall I past it on pastebin.com ? 1117893100 M * Bertl make it so ... 1117893100 M * terr s/past/paste/ 1117893208 M * terr Pasted at http://harfang.pastebin.com/295053 1117893219 Q * matti Quit: 8-X 1117893448 M * Bertl okay, let's try a few things ... 1117893458 M * Bertl you got your host at hand? 1117893466 M * terr Yes. 1117893501 M * Bertl I have just started a completely unconfigured qemu here with 2.6.11.11-vs2.0-rc3 1117893526 M * Bertl # ip link ls 1117893526 M * Bertl 1: eth0: mtu 1500 qdisc noop qlen 1000 1117893526 M * Bertl link/ether 52:54:00:12:34:56 brd ff:ff:ff:ff:ff:ff 1117893526 M * Bertl 2: lo: mtu 16436 qdisc noop 1117893526 M * Bertl link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 1117893528 M * Bertl 3: dummy0: mtu 1500 qdisc noop 1117893530 M * terr I'm still on 2.6.11.9 ... 1117893531 M * Bertl link/ether da:77:81:02:38:00 brd ff:ff:ff:ff:ff:ff 1117893558 M * Bertl well, should work, network layer hasn't changed that much I guess 1117893604 M * terr Shall I stop vservers and remove all funny routing? 1117893609 Q * Pazzo Read error: Connection reset by peer 1117893639 M * Bertl would be a good start ;) 1117893690 J * matti matti@linux.gentoo.pl 1117893726 J * Pazzo ~Pazzo@host130-250.pool8172.interbusiness.it 1117893737 M * Bertl wb Pazzo! 1117893747 M * Pazzo hi Bertl! 1117893802 M * Pazzo was rebooting my fw with 2.6.11.11-vs2.0-rc3 ;-) 1117893820 M * terr Bertl: Some command you would like to see the output of, to be sure we both start from the same premises? 1117893903 M * matti Hi Bertl. 1117894142 M * Pazzo Bertl: where can I find infos on "interface scopes" (global / global secondary / ...) ? I would like to find out what they are used for / what their meaning is... 1117894302 M * Pazzo and another thing: what's the right way of creating a config for a vserver using the host's primary ip address (avoinding that "vserver xy stop" removes the primary ip) ? 1117894341 M * daniel_hozac nodev? 1117894502 M * Pazzo hehe... thnx daniel_hozac! is it possible that this switch didn't exist some time ago or maybe wasn't working as expected? 1117894692 M * Bertl terr: ip link ls, ip route ls, ip rule ls (pastebin) 1117894708 M * Bertl Pazzo: linux networking? 1117894851 M * terr Bertl: http://harfang.pastebin.com/295061 1117895035 M * Bertl okay, let's remove the vlan interfaces and ips too .. 1117895321 M * terr Bertl: http://harfang.pastebin.com/295067 (Like so?) 1117895357 M * terr (I'd rather keep "eth0.4" to continue receiving your instructions ;-) 1117895463 M * Bertl hmm .. well, okay, let's keep that then ... 1117895503 M * Bertl 'ip addr ls' shows? 1117895545 Q * erwan_ho Remote host closed the connection 1117895555 M * terr Bertl: http://harfang.pastebin.com/295070 1117895586 M * Bertl okay ... 1117895643 M * Bertl vconfig add eth0 2 1117895656 M * Bertl ifconfig eth0.2 172.16.0.1 1117895669 M * Bertl you don't mind using those ips, yes? 1117895693 M * Pazzo /sbin/vshelper: (startup ) returned sync with 256 <- has this something to do with the vshelper-delegate/shutdown workaround? 1117895726 M * terr No. But remind me to change the config of the vservers when we come to that! 1117895763 M * Bertl Pazzo: indirectly, yes 1117895763 Q * Seraph Ping timeout: 480 seconds 1117895783 M * Bertl Pazzo: the tools do not handle startup/shutdown helper yet *sigh* 1117895864 M * terr Bertl: I'll come back in 10 minutes; is that OK? 1117895865 M * Pazzo Bertl: what does this syslog line tell me? and why is shutdown/reboot still such a big problem?? 1117895928 M * terr Anyway I see you have a lot of requests atm :-) 1117896146 M * Bertl terr: np 1117896164 M * Bertl Pazzo: because enrico has not fixed it yet ... 1117896221 M * Pazzo is it a problem with some of the shell scripts or is there to be done some c-coding? 1117896239 M * Bertl very likely just scripts 1117896251 M * Bertl I did a quick hack as example for the reboot 1117896304 M * Pazzo hmmm... what happens / should happen if a vserver issues a reboot? /sbin/vshelper is called with some argument - but "who" does this call, and which arguments are passed? 1117896445 M * Bertl this is simple, the 'guest' executes some stuff, which finally leads to a reboot -f (or to be precise, the sys_reboot() syscall) 1117896475 M * Bertl this results in the kernel calling out for help (i.e. invoking the vshelper) 1117896485 M * Bertl the proper actions now would be: 1117896513 M * Bertl - spawn a process which calls vc_ctx_wait() (done with vwait) 1117896513 M * Pazzo ok, so the syscall is catched by the kernel (vserver patch) and it runs the script named in /proc/sys/kernel/vshelper 1117896533 M * Bertl - kill all remaining processes inside the vserver 1117896542 M * Bertl - kill the init process inside the vserver 1117896551 M * Bertl - return 1117896571 M * Pazzo what does vwait (vc_ctx_wait()) do? 1117896573 M * Bertl now when the context is _really_ gone 1117896590 M * Bertl (after the shutdown helper was executed) 1117896612 M * Bertl the process hanging on the vc_ctx_wait()) will continue to work 1117896629 M * Bertl which in turn would do the startup of the vserver 1117896694 M * Pazzo hmm... 1117896810 M * Pazzo what does "vserver --sync stop" do? 1117896819 M * Bertl no idea ... 1117896825 M * matti ;p 1117896834 M * Bertl probably wait for the shutdown ? 1117896955 M * Pazzo hmmm... also "vserver stop" is waiting 1117897008 M * Bertl no idea, and if, it's most likely done wrong ... (i.e. without vc_ctx_wait) 1117897122 M * Pazzo ok, so the main problem is that "vserver xyz stop" doesn't use vc_ctx_wait() - right? 1117897187 J * ax ~andrew@implode.fuckdom.net 1117897321 M * ax hey. I have a problem. my vserver doesn't seem to get an IP. i created the vserver using newvserver, and gave it a host/domain name and an IP. 1117897364 M * ax should I have something in /etc/vserver/newserver/interfaces? 1117897366 M * Bertl which kernel, tools, distro? 1117897368 M * ax mine was empty 1117897387 M * Bertl btw, newvserver is not part of util-vserver tools 1117897402 M * terr Bertl: I'm back. 1117897405 M * ax sarge, vservser-debian or summin 1117897414 M * ax 2.6 patch kernel 1117897509 M * Doener` Bertl: hmm... the user in the vserver calls reboot -f -> vserver xxx stop -> runlevel 6 -> reboot -f 1117897511 M * Bertl well, I don#t know what vserver-debian does ... you probably have to ask the maintainer 1117897553 M * Bertl Doener`: reboot -f should _never_ _ever_ lead to vserver stop ?! 1117897563 M * Bertl and good evening to you! ;) 1117897576 M * Doener` restart --> stop then start 1117897591 M * Bertl it should also never do restart or similar ;) 1117897602 M * Doener` evening Bertl 1117897633 M * Doener` hmm? why shouldn't it? 1117897643 M * Bertl because it is just wrong? 1117897714 M * Bertl reboot -f -> helper -> (create waiter + kill processes) 1117897729 M * Bertl then happens the shutdown script 1117897747 M * terr ax: You should build the vserver with something like "vserver name build -m debootstrap --hostname name.example.net --netdev eth0 --interface 192.168.10.99/24 --context 1099 --initstyle plain -- -d sarge" 1117897753 M * Bertl Doener`: and then the cotnext is disposed 1117897767 M * Bertl which in turn unlocks the waiter, which can do a start 1117897798 M * Bertl (the reboot helper should do all external stuff which is done on a regular stop) 1117897836 M * Bertl of course, as I mentioned several times, it would be _much_ better to have an userspace daemon which does the actual start/stop based on some command sequences 1117897855 M * Bertl vdaemon start hansi 1117897859 M * Bertl etc ... 1117897901 M * Bertl doing start/stop things from the helpers will not work as they are synchroneous now ... 1117897936 M * Bertl ax: why not try 'vserver build -m debootstrap .... 1117897940 M * ax i've just added an IP to eth0, should --netdev be eth0 or eth0:0? 1117897946 M * ax Bertl: trying now .. 1117897994 M * Pazzo Bertl: your "workaround" doesn't look like a workaround - it's working perfectly :-) 1117898018 M * Doener` Bertl: hm, probably I messed up stable and alpha vshelper or sth. like that... 1117898026 M * Bertl ax: depends, do you want the tools to setup the alias/ip for you? 1117898040 M * Bertl then you should specify an interface, otherwise leave it as is 1117898046 M * Pazzo Bertl: (I mean the vwait thing) 1117898078 M * Bertl yup, thought so ;) 1117898119 M * Bertl Doener`: up to 1.9.x we had an asynch helepr (with all the issues this caused) 1117898144 M * Bertl okay, Dinner time .. back in 30 or so ... 1117898156 M * FaUl cya Bertl 1117898173 N * Bertl Bertl_oO 1117898197 M * Pazzo bye bertl! 1117898666 M * ax okay, built with vserver name build, same issue :/ 1117898688 M * ax i have already added the IP I want to use to the NIC, eth0 1117898693 M * ax i then used: 1117898735 M * ax vserver host build -m debootstrap --hostname host.domain.net --netdev eth0:0 -- -d sage 1117898739 M * Pazzo ax: you don't need to manually add an ip - just build the vserver as terr told you and everything should be fine... 1117898844 M * Pazzo Doener: I'm currently playing around with vshelper-hack-01.diff - it's great, shouldn't it also be possible to solve the vshelper-delegate/shutdown problem this way? 1117898884 M * Doener` yes, I assume the two problems to be very similar in what causes them 1117899203 Q * Doener` Quit: Leaving 1117899310 J * Doener ~doener@p548746C3.dip.t-dialin.net 1117899562 N * Bertl_oO Bertl 1117899676 M * terr Bertl: Shall we continue before someone else grabs you :) ? 1117899714 M * Bertl we can try ;) 1117899776 M * Bertl Doener: giving it more thought ... it would be possible to have a 'quick' reboot which doesn't stop/start the context ... 1117899777 M * terr So, I did: ifconfig eth0.2 172.16.0.1 1117899796 M * Bertl good, what do you see now (ip route ls) 1117899833 M * terr 172.16.0.0/16 dev eth0.2 proto kernel scope link src 172.16.0.1 1117899886 M * terr (plus the previous 2 for "eth0.4") 1117899898 M * Bertl okay, fine 1117899919 M * Bertl ip rule add from 172.16.0.1 table 16 1117899924 M * Bertl ip route add default via 172.16.0.2 table 16 1117899975 M * Bertl now let's make a copy of 'ip route ls table local' and 'main' 1117900144 M * terr OK: http://harfang.pastebin.com/295095 1117900300 M * Bertl okay, now let's try 'ip route del 172.16.0.0/16 table main' 1117900315 M * Bertl and check for differences in ip route ls table local 1117900421 M * Bertl (there should be none) 1117900572 M * terr Right. 1117900608 M * terr But something happened, although I don't know what exactly... 1117900620 M * Bertl now let's check if ICMP works (i.e. configure 172.16.0.2 on the other end) 1117900659 M * Bertl then ping -I 172.16.0.1 10.0.0.1 1117900672 M * Bertl packets should arrive at 172.16.0.2 1117900744 J * Doener` ~doener@p54875361.dip.t-dialin.net 1117900906 M * terr # ping -I 172.16.0.1 10.0.0.1 1117900906 M * terr PING 10.0.0.1 (10.0.0.1) from 172.16.0.1 : 56(84) bytes of data. 1117900906 M * terr --- 10.0.0.1 ping statistics --- 1117900906 M * terr 143 packets transmitted, 0 received, 100% packet loss, time 142377ms 1117901070 M * terr As I said: *Something* happened after 'ip route del 172.16.0.0/16 table main' 1117901109 M * Bertl no, that it doesn't work is fine ... 1117901126 M * Bertl just tcpdump on the other end (172.16.0.2) on interface eth0.2 1117901150 M * Bertl you should see an arriving icmp request there ... 1117901183 Q * Doener Ping timeout: 480 seconds 1117901244 M * terr Yes I see it. 1117901253 M * hillct Bertl hi 1117901259 M * Bertl hey hillct! 1117901267 M * hillct how goes it? 1117901284 M * Bertl terr: okay, now let's try with an ssh to 172.16.0.2 1117901288 A * hillct still owes you a howto for X86_64 1117901302 M * Bertl hillct: well, kernel side fine, tools could be better atm ... 1117901303 M * hillct now that things are working 1117901311 M * hillct yah 1117901346 M * ax okay, cool that works. its got an IP now. cheers. only thing is, it built to the wrong directory, /var/lib/vservers. where do I change this? I have DEFAULT_VSERVERDIR= in util-vserver-vars configed 1117901355 M * hillct one question though 1117901359 M * hillct I wanted to get the consensus feeling on memory rlimits. Suppose I wanted to limit a vserver to 2GB ram. What combination of core, rss and ( that's the other, Share? ) should make up that 2GB? Any rules of thumb in this regard? 1117901385 A * hillct really needs to get another box for testing at this point 1117901531 M * Bertl how much ram do you have in total? 1117901531 M * terr Bertl: # ssh -p 2222 172.16.0.2 1117901545 M * terr ssh: connect to host 172.16.0.2 port 2222: Connection refused 1117901548 M * hillct total 8GB 1117901559 M * Bertl ax: it's configured at build time (tools) 1117901579 M * Bertl ax: and IIRC for debian that _is_ the political correct place ;) 1117901588 M * hillct I want to alocate a total of 2GB to this one vserver but am not sure of how to break it up as resource core etc 1117901631 M * Bertl you probably want to limit the rss to 2GB then, and leave the VM (AS) unlimited 1117901642 M * hillct ah 1117901646 M * hillct K. thanks 1117901665 M * hillct I'll probably tweak it once I get a handle on it but wanted to get a decent starting point 1117901666 M * Bertl keep in mind that the limits are pages (IIRC) and x86_64 pages are 16k instead of 4k 1117901673 M * terr ax: /var/lib/vservers is the right place indeed. 1117901675 M * hillct ah 1117901679 M * hillct good point 1117901684 A * hillct forgot about that 1117901693 M * terr ax: (for Debian) 1117901730 M * Bertl terr: is an ssh running on the other end (for 172.16.0.2, 2222) check with lsof 1117901742 M * hillct thanks 1117901766 J * yarihm ~yarihm@217-162-204-252.dclient.hispeed.ch 1117901795 M * Bertl welcome yarihm! 1117901831 P * hillct 1117901863 J * hillct ~hillct@client200-5.dsl.intrex.net 1117901874 M * hillct one other question 1117901878 M * Bertl wb ;) 1117901911 M * hillct Can I change rlimits while a vserver guest is up? Does it periodically poll the config durring normal operations? 1117901924 M * Bertl yes and no ;) 1117901931 M * hillct uh.. 1117901942 M * Bertl but you can use vlimit to change it at runtime 1117901952 M * hillct ah 1117901954 M * hillct K 1117901966 M * yarihm hi Bertl 1117901983 M * Bertl hillct: feel free to add support for a 'vserver update' or so 1117902007 M * hillct so it'd be safe to set it in the config while it's up, knowing that will have no effect except after restart, then change using vlimit for the realtime change 1117902009 M * hillct ah 1117902017 M * hillct that would be an interesting little project 1117902031 A * hillct still wants to write a webmin module for vserver management first though 1117902039 M * Bertl yeah, most settings can be changed at runtime 1117902064 M * hillct cool. thanks again. 1117902067 P * hillct 1117902372 M * terr Bertl: OK, fine, sorry, "Listen" directive in "sshd_config"! 1117902380 M * Bertl ;) 1117902392 M * Bertl now let's setup the second vlan 1117902406 M * Bertl ifconfig eth0.3 172.17.0.2 1117902415 M * Bertl ip rule add from 172.17.0.1 table 17 1117902418 M * Bertl ip route add default via 172.17.0.2 table 17 1117902427 M * Bertl ip route del 172.17.0.0/16 table main 1117902446 M * Bertl configure the other end (172.17.0.2 as done before) 1117902455 M * Bertl same test with ping/tcpdump and ssh 1117902524 M * jkl_ can anyone direct me to a doc that describes how to get host <-> vserver networking working? 1117902525 M * jkl_ heh 1117902548 Q * Hollow Remote host closed the connection 1117902561 M * Bertl jkl_: it works out of the box, no doc required 1117902598 M * Bertl (i.e. every linux host can talk to itself ;) 1117902630 M * jkl_ hm, well i can't seem to make connections between the two of them 1117902643 M * jkl_ but they both can get to other hosts just fine 1117902651 M * Bertl firewalling? 1117902660 M * jkl_ that is a possibility 1117902677 M * jkl_ can you setup a firewall on a vserver or just on the host? 1117902688 M * Bertl for now, just on the host 1117902714 M * jkl_ then a firewall issue it must be 1117902718 M * jkl_ i will investiage 1117902727 M * jkl_ er 1117902730 M * jkl_ investigate even 1117902788 M * Bertl most likely, keep in mind host <-> guest networking uses lo device ;) 1117902789 M * ax thanks for the pointers guys. 1117902797 M * ax sorted. 1117902802 M * Bertl ax: you're welcome! have fun! 1117902804 P * ax 1117902812 M * jkl_ ah, interesting, but that would make sense 1117902885 M * terr Bertl: OK, I've done the tests, everything works fine. 1117902914 M * jkl_ perhaps this would do the trick? 1117902916 M * jkl_ iptables --append INPUT --source 0.0.0.0/0 --in-interface lo --jump ACCEPT 1117902925 M * terr Bertl: Sorry, but I'll have to leave for a few hours :-( 1117902942 M * Bertl terr: np, cy later 1117902953 J * Hollow ~Hollow@home.xnull.de 1117902955 M * terr Bertl: Can we continue later today? 1117902967 M * Bertl jkl_: might work, don't know your setup ... 1117902981 M * Bertl terr: sure ... emphasis on _continue_ ;) 1117903023 M * terr Yes, yes, I leave everything as is! ;-) 1117903088 M * jkl_ Bertl:sweet it works, thanks 1117903113 M * terr Bertl: See you later, and thanks. 1117903180 M * Bertl jkl_: you're welcome! 1117903186 M * Bertl terr: cya, my pleasure ;) 1117904511 M * Bertl FaUl: we could start with ngnet stuff this evening? 1117905333 M * Bertl okay, it got silent ... off for now ... back later ;) 1117905343 N * Bertl Bertl_oO 1117905663 M * jkl_ hmpf 1117905680 M * jkl_ does DNAT port forwarding work between host <-> vserver? 1117910754 J * serving ~serving@217.164.244.235 1117911649 M * FaUl Bertl_oO: depends on how you define evening :) 1117911666 M * FaUl Bertl_oO: well, i'm on later - i think 23:00 CEST or something 1117911669 M * FaUl like that 1117911703 Q * rs Quit: rs 1117912538 J * rs ~rs@imhotep.rhapsodyk.net 1117913071 J * knoppix_ ~knoppix@dsl-213-023-130-147.arcor-ip.net 1117919849 M * FaUl re 1117923098 Q * pusling Quit: Lost terminal 1117923163 J * pusling ~pusling@195.215.29.124 1117925785 N * Bertl_oO Bertl 1117925811 M * Bertl back now ... 1117925842 M * Bertl jkl_: port forwarding: no, port/ip mangling, yes 1117925883 M * Bertl FaUl: yeah, right ;) 1117927283 M * terr Herbert? 1117927333 M * matti Uh. 1117927347 M * Bertl terr: Gilles? 1117927377 M * matti Does anybody use ebtables for connection and packet marking based on MAC address? 1117927390 M * terr A little time for a few more steps? 1117927393 M * matti I am just curious. 1117927422 M * Bertl matti: do you have a bridgin setup? 1117927425 M * Bertl +g 1117927434 M * Bertl terr: sure ;) 1117927465 M * matti Bertl: No i just need somethin' that can mark packet in 2 OSI. 1117927566 M * matti Yh. 1117927570 M * Bertl non ip packets? or general? 1117927604 M * matti Bertl: Soon, I'll have users with dynamic IPs. 1117927618 M * matti Bertl: But each user have different bandwidth. 1117927653 M * terr Bertl: Summary: icmp and ssh work from Host 1 to Host 2 on the 2 vlan interfaces. What next? 1117927655 M * daniel_hozac iptables -m mac --mac-source ... doesn't work? 1117927664 M * matti daniel_hozac: This is not the 2 ISO. 1117927689 M * Bertl well, it is for ip packets ;) 1117927697 M * matti Yes. 1117927725 M * Bertl terr: okay, now let's add the magic on both hosts ... 1117927726 M * matti But I iptables cannot know, what IP user have at the moment. 1117927737 M * Bertl on host 1 1117927738 M * Bertl iptables -t nat -A OUTPUT -d 172.17.0.1 -j DNAT --to 172.17.1.1 1117927738 M * Bertl iptables -t nat -A OUTPUT -d 172.16.0.1 -j DNAT --to 172.16.1.1 1117927784 M * matti Ethernet sucks, why I don't have CaTV or DOCISS??? ;< 1117927795 M * Bertl terr: and on host 2 1117927798 M * Bertl iptables -t nat -A PREROUTING -d 172.16.1.1 -j DNAT --to 172.16.0.1 1117927798 M * Bertl iptables -t nat -A POSTROUTING -s 172.16.0.1 -j SNAT --to 172.16.1.1 1117927802 M * Bertl iptables -t nat -A PREROUTING -d 172.17.1.1 -j DNAT --to 172.17.0.1 1117927802 M * Bertl iptables -t nat -A POSTROUTING -s 172.17.0.1 -j SNAT --to 172.17.1.1 1117927812 M * daniel_hozac matti: so you'll have a lot of non-IP traffic? 1117927840 M * Bertl matti: DOCSIS actually depends on the version ;) 1117927864 M * Bertl matti: probably ATM FR is more what you want ;) 1117927950 M * terr Bertl: Done. 1117927978 M * matti Bertl: Yes. But I must use 802.3 in most cases. 1117927991 M * matti s/DOCISS/DOCSIS/ 1117927995 M * Bertl terr: now let's test again with ping and ssh, should work the same 1117928061 M * Bertl matti: too many windows machines? 1117928129 M * terr Bertl: Right. 1117928149 M * Bertl matti: usually 802.2 LLC / AAL5 is enough over ATM 1117928214 M * Bertl (but for the desperate there is LANE too ;) 1117928286 M * Bertl terr: okay, now let's enable forwarding on host 2 (if not already done so) 1117928289 M * matti daniel_hozac: Lets say - you've some pool of routable IPs. Each user have different bandwidth, and one IP from that pool. But each time user plug-in in to network, he revice different IP from DHCP server - but he still own same bandwidth all the time. 1117928302 M * Bertl terr: also make sure you disable any firewall rules on host 2 1117928309 M * FaUl re 1117928328 M * matti Bertl: Yes, over 95% users use Windows ;/ 1117928380 M * Bertl terr: then let's do 'ping -c 1 -I 172.16.0.1 172.17.0.1' and watch the packet flow on host 2 with 'tcpdump -vvnei eth0.2 icmp 1117928386 M * Bertl wb FaUl! 1117928547 M * FaUl Bertl: still intrested in creating v6-patches for ngnet this night? 1117928556 M * FaUl or is it to late for now? 1117928560 M * Bertl haha, no v6 won't be done tonight ... 1117928587 M * Bertl but we can start disassembling the existing patch, and putting it together piece by piece ... 1117928615 M * FaUl have you had a closer look on my iptables-patch? 1117928638 M * Bertl no, why? 1117928650 M * FaUl hmm, is there an existing patch? 1117928665 M * Bertl not for v6, I meant for ngnet ;) 1117928674 M * matti daniel_hozac: OK, there is some post on LARTC mailing list about torubles with -m mac and tc. Let's see. 1117928684 M * FaUl ah, ok 1117928688 M * Bertl FaUl: unless you want to go back to 2.6.8.1 + ngnet 1117928740 M * FaUl i don't understand 1117928751 M * Bertl okay, let me explain 1117928791 M * Bertl a week ago (maybe a fortnight) I told you that it would be easy to allow v6 in ngnet ... 1117928836 M * Bertl well, I was wrong, but not because it would be hard, but because the kernel networking changed and ngnet is broken with recent kernels ... 1117928859 M * FaUl ah, uhm 1117928875 M * Bertl so we are back a few squares, and we have to 'rebuild' the ngnet first 1117928917 M * Bertl but, as we now have a working 2.0-* release, we can start integrating the ngnet pieces into a 2.1 branch, right? 1117928920 M * FaUl had i mentioned that i hate that we still have no developement kernel and all changes are made on the 'stable' one? 1117928993 M * FaUl i think it's not on me to decide this 1117929009 M * Bertl 2.6.x or vserver wise? 1117929021 M * Bertl (I guess 2.6.x) 1117929023 M * FaUl both not :-) 1117929041 M * FaUl ok, now i've time 1117929061 A * FaUl watched star wars episode 3 until now :) 1117929065 M * terr Bertl: Done. 1117929074 M * Bertl FaUl: *tsts* 1117929078 M * FaUl hehe 1117929099 M * Bertl terr: pastebin? 1117929148 M * terr http://harfang.pastebin.com/295205 1117929205 M * Bertl okay, and now with tcpdump -vvnei eth0.3 icmp 1117929308 M * terr http://harfang.pastebin.com/295207 1117929427 M * Bertl terr: excellent! 1117929447 M * Bertl now let's try an ssh with the following commands: 1117929479 M * Bertl chbind --ip 172.16.0.1 -- ssh user@172.17.0.1