1129856175 J * litage ~nick@203.220.55.70
1129858945 J * stefani ~stefani@c-24-19-46-211.hsd1.wa.comcast.net
1129858949 Q * FireEgl Remote host closed the connection
1129859555 J * FireEgl ~FireEgl@Atlantica.US
1129861042 P * stefani parting (is such sweet sorrow)
1129862378 Q * Johnsie Quit: G'bye!
1129867277 Q * monrad Quit: Leaving
1129867808 Q * mcp Read error: Connection reset by peer
1129867829 J * mcp ~hightower@wolk-project.de
1129868633 J * monrad ~monrad@213083190134.sonofon.dk
1129870606 J * gudi ~maurer@nm.it-mn.de
1129870607 M * gudi hi
1129870612 M * daniel_hozac hello
1129870622 M * gudi anyone can help me to start a own init in each vserver ?
1129870627 M * gudi how to do thios ?
1129870630 M * daniel_hozac set the init style to plain.
1129870640 M * gudi daniel_hozac, where ?
1129870652 M * daniel_hozac echo plain > /etc/vservers/<name>/apps/init/style
1129870657 M * daniel_hozac assuming a new-style configuration.
1129870682 M * gudi hmm not have such dir 
1129870756 M * gudi is there no way to do it by default ?
1129870809 M * gudi i used nverver to create my vserver
1129870854 M * daniel_hozac --initstyle plain works for vserver <name> build.
1129871212 M * gudi daniel_hozac, so this should work ? : vserver vserver-mail2 build --initstyle plain --interface 192.168.100.81 --hostname vserver-mail2 -m bootstrap -- -d sarge -m ftp.de.debian.org
1129871605 M * gudi daniel_hozac, so this should work right ? : 
1129871606 M * gudi vserver vserver-mail2 build --force --initstyle plain --interface eth0:192.168.100.81 --hostname vserver-mail2 -m debootstrap -- -d sarge -m ftp://ftp.de.debian.org/debian
1129872558 Q * comfrey Ping timeout: 480 seconds
1129872862 M * daniel_hozac gudi: yep.
1129872921 M * gudi hmm does it not autmaitcly generate the .conf file ?
1129872936 M * daniel_hozac it would generate the new style configuration.
1129872952 M * gudi hmm the conf is the old ?
1129872955 M * daniel_hozac yes.
1129872975 M * gudi hmm ok.. so no need for servername.conf ?
1129872993 M * daniel_hozac nope.
1129873008 M * gudi ok. 
1129873027 M * gudi just wonder cause i dont see the ip address when do a ifconfig in the vserver
1129873135 M * daniel_hozac use ip addr show instead.
1129873136 Q * Greek0 Read error: Connection reset by peer
1129873158 M * gudi daniel_hozac, in the vserver ?
1129873158 J * Greek0 ~greek0@85.255.145.201
1129873165 M * daniel_hozac yes.
1129873169 M * gudi ah ok.
1129873176 M * gudi you use vserver in production server ?
1129873197 M * daniel_hozac nothing large scale or anything, just my servers here at home :)
1129873228 M * gudi hmm i wonder how stable it it to migrate web + mail + dns server to one server on production systems
1129873262 M * daniel_hozac works fine here.
1129873266 M * gudi we have done thesame on solaris with zones but i want use debian 
1129873270 M * gudi any probems ?
1129873286 M * daniel_hozac none that weren't easily solved.
1129873396 M * gudi is it possible to set cpu + memory limit per vserver ?
1129873423 M * daniel_hozac yes.
1129873462 M * gudi also quota on a running system ?
1129873496 M * daniel_hozac user/group quota or per-vserver quotas (disk limits)?
1129873514 M * gudi per-vserver
1129873554 M * daniel_hozac disk limits just require a filesystem that supports them.
1129873562 M * gudi hmm ok
1129873591 M * daniel_hozac (can't remember the list off the top of my head, but 2.0.1-pre2 supports more than 2.0, IIRC)
1129873733 M * gudi you have a link how to set the cpu ?
1129873757 Q * lilo Remote host closed the connection
1129873910 M * daniel_hozac i haven't gotten around to doing that myself, but google site:linux-vserver.org vsched and you should get some nice examples.
1129873980 J * lilo ~lilo@lilo.usercloak.oftc.net
1129874151 Q * dddd44 Read error: Connection reset by peer
1129874185 Q * derbien Ping timeout: 480 seconds
1129874203 J * chdemon ~m@pipe.vmts.ru
1129874258 M * gudi daniel_hozac, thx for the help.. you was a great help ..
1129874435 J * Johnsie ~john@acs-24-154-53-217.zoominternet.net
1129874608 Q * FireEgl iridium.oftc.net jupiter.oftc.net
1129874608 Q * mcp iridium.oftc.net jupiter.oftc.net
1129874608 Q * Vudumen iridium.oftc.net jupiter.oftc.net
1129874608 Q * nox iridium.oftc.net jupiter.oftc.net
1129874608 Q * eyck iridium.oftc.net jupiter.oftc.net
1129874608 Q * Loki|muh iridium.oftc.net jupiter.oftc.net
1129874608 Q * AndrewLee iridium.oftc.net jupiter.oftc.net
1129874608 Q * click iridium.oftc.net jupiter.oftc.net
1129874608 Q * case iridium.oftc.net jupiter.oftc.net
1129874608 Q * BWare iridium.oftc.net jupiter.oftc.net
1129874608 Q * virtuoso iridium.oftc.net jupiter.oftc.net
1129874608 Q * Millox iridium.oftc.net jupiter.oftc.net
1129874608 Q * ag- iridium.oftc.net jupiter.oftc.net
1129874609 Q * micah iridium.oftc.net jupiter.oftc.net
1129874609 Q * fobi iridium.oftc.net jupiter.oftc.net
1129874609 Q * meebey iridium.oftc.net jupiter.oftc.net
1129874609 Q * Hunger iridium.oftc.net jupiter.oftc.net
1129874609 Q * ag-2 iridium.oftc.net jupiter.oftc.net
1129874609 Q * alexx iridium.oftc.net jupiter.oftc.net
1129874609 Q * Bertl_zZ iridium.oftc.net jupiter.oftc.net
1129874609 Q * jkl iridium.oftc.net jupiter.oftc.net
1129874652 J * mcp ~hightower@wolk-project.de
1129874652 J * FireEgl ~FireEgl@Atlantica.US
1129874652 J * Vudumen vudumen@perverz.hu
1129874652 J * fobi wht@liiifeeee.com
1129874652 J * nox ~nox@nox.user.oftc.net
1129874652 J * eyck eyck@81.219.64.71
1129874652 J * Loki|muh loki@satanix.de
1129874652 J * meebey meebey@booster.qnetp.net
1129874652 J * Hunger Hunger.hu@213.163.11.138
1129874652 J * micah micah@micha.hampshire.edu
1129874652 J * AndrewLee ~andrew@tnlug.linux.org.tw
1129874652 J * ag-2 ag@muaddib.roxor.cx
1129874652 J * alexx ~alexx@proxy.ikse.net
1129874652 J * click click@ti511110a080-4596.bb.online.no
1129874652 J * Bertl_zZ herbert@212.16.62.52
1129874652 J * case ~case@donpanic.faveve.uni-stuttgart.de
1129874652 J * BWare ~bware@office.intouch.net
1129874652 J * jkl eric@c-67-173-249-8.hsd1.co.comcast.net
1129874652 J * virtuoso ~s0t0na@shisha.spb.ru
1129874652 J * Millox ~mattias@shienar.csbnet.se
1129874652 J * ag- ag@caladan.roxor.cx
1129874721 Q * stupidawy Ping timeout: 480 seconds
1129874838 Q * entroposcope Ping timeout: 480 seconds
1129874898 Q * tc Ping timeout: 480 seconds
1129875250 J * AndrewLe1 ~andrew@tnlug.linux.org.tw
1129875350 Q * Vudumen Ping timeout: 480 seconds
1129875370 Q * AndrewLee Ping timeout: 480 seconds
1129875375 Q * BWare Ping timeout: 480 seconds
1129875378 J * BWare ~bware@office.intouch.net
1129875404 J * entroposcope ~entroposc@user-0c992og.cable.mindspring.com
1129875497 J * tc ~sr@213.146.121.144
1129875793 Q * monrad Ping timeout: 480 seconds
1129875947 Q * litage Remote host closed the connection
1129876211 J * Vudumen vudumen@perverz.hu
1129876346 J * monrad ~monrad@213083190134.sonofon.dk
1129876669 M * tc hmm. I'm having a small argument with my vserver machine. The kernel is 2.6.12.4 patched, but when I try to start a vserver, I get:
1129876672 M * tc chbind: vc_set_ipv4root(): Function not implemented
1129876698 M * tc checking System.map shows a lot of vc_ calls present, but no vc_set_ipv4root()...
1129876705 M * tc what did I do wrong?
1129876790 M * daniel_hozac what utils?
1129876795 M * tc .208
1129876811 M * daniel_hozac what does testme.sh say?
1129876823 M * tc ah, hang on - disable legacy networking kernel api is enabled in the kernel config
1129877182 J * RoT ~bob@203.59.146.87
1129877295 Q * tc Read error: Connection reset by peer
1129877419 J * tc ~sr@213.146.121.144
1129877504 M * gudi hmm where can i set the caps ? i use the new config style 
1129877550 M * daniel_hozac /etc/vservers/<name>/bcapabilities
1129877694 M * gudi is it a file ?
1129877759 M * daniel_hozac yes.
1129877762 M * daniel_hozac see the flower page.
1129877801 M * RoT how can I issue the aetattr command to hide all my proc entrys?
1129877810 M * RoT *setattr even
1129877951 M * daniel_hozac to hide them all?
1129878135 M * RoT well... what is the usual?
1129878171 M * daniel_hozac the default is what vprocunhide sets up.
1129878266 M * RoT well Im not sure about that one, I don't seem to have that command available... I have enabled proc security in my kernel and am playing with setattr --hide
1129878335 M * RoT by default everything was visible
1129878344 M * daniel_hozac in the host context, yes.
1129878384 M * daniel_hozac in guests, the default is to hide everything, thus, vprocunhide to show some entries deemed secure, like /proc/uptime.
1129878562 M * RoT by default everything is visible in the guest
1129878579 M * RoT thats why Im concerned :)
1129878704 J * stupidawy foo@198.77.239.131
1129879397 M * daniel_hozac umm, it shouldn't be, and isn't here.
1129879448 M * daniel_hozac without running vprocunide, the only thing visible inside a guest is the process directories, self, and mounts.
1129879557 M * RoT well yes, my init script is supposed to run ${_SETATTR} -Rx --hide /proc and then ${_VPROCUNHIDE}, but when I enter my vserver I casn see everything( do ps, netstat etc)
1129879593 M * RoT so something is screwed :/
1129879616 M * daniel_hozac you're supposed to be able to do ps and netstat.
1129879643 M * daniel_hozac and as i said, all files are hidden by default. no need to hide them manually.
1129879746 J * derbien ~derbien@whiterabbit.nbmc.de
1129879993 J * Nik_ ~Nik@217.75.141.95
1129879996 M * Nik_ hi all
1129880032 M * daniel_hozac hello
1129880042 M * RoT oh well I don't know, when I was first playing with a vserver I can remember that ps, netstat and top just errored with "proc needs to be mounted", Im not sure what has changed
1129880067 M * daniel_hozac /proc/uptime was made visible by vprocunhide ;)
1129880074 M * Nik_ RoT: it is not an issue for quite a long time 
1129883579 M * gudi anyone has expirence wtih vsched ?
1129883777 Q * chdemon Quit: Miranda IM! Smaller, Faster, Easier. http://miranda-im.org
1129884135 M * RoT thanks for your help guys
1129884137 Q * RoT Quit: Leaving
1129884208 J * _derbien ~derbien@whiterabbit.nbmc.de
1129884239 Q * derbien Read error: Connection reset by peer
1129884245 N * _derbien derbien
1129884769 Q * Aiken Quit: Leaving
1129885609 J * prae ~prae@ezoffice.mandriva.com
1129888018 J * dddd44 dhb55@60.48.203.112
1129888349 N * Bertl_zZ Bertl_oO
1129888417 M * gudi hmm how to set diskusage per vserver ?
1129888520 M * daniel_hozac http://linux-vserver.org/Disk+Limits
1129889972 Q * virtuoso Remote host closed the connection
1129889996 J * virtuoso ~s0t0na@shisha.spb.ru
1129890050 J * baggins baggins@kenny.mimuw.edu.pl
1129890156 N * Bertl_oO Bertl
1129890163 M * Bertl hey folks!
1129890190 M * Nik_ heya Bertl
1129890196 M * Bertl daniel_hozac: do you, by any chance, remeber that tool to create static binaries from dynamic ones?
1129890204 M * Bertl Greek0: ping!?
1129890242 M * daniel_hozac Bertl: hmm, no, sorry.
1129890260 M * gudi damn no vdlimit binary in debian :-(
1129890286 M * Nik_ Bertl: did you drop ngnet completely or was it included in the 2.1 tree? (couldn't find that...)
1129890378 M * baggins hello Bertl 
1129890389 M * Bertl gudi: get the source tools :)
1129890418 M * Bertl Nik_: well, ngnet is on hold, waiting for sponoring (mef is working on that IIRC)
1129890428 M * Bertl hey baggins!
1129890431 M * baggins I have a question about vserver.stop script
1129890503 M * baggins why, in case of IS_FAKEINIT, vserver.stop does not even try to exec INITCMD_STOP command?
1129890553 M * Nik_ Bertl: ok, 10x for the info. I was too deep in other sh** lately and started testing/upgrading yesterday just to find that there are no newer patches...
1129890553 Q * Hollow Remote host closed the connection
1129890616 J * Hollow ~hollow@82.135.28.84
1129890626 M * baggins that makes runlevel.stop setting pointles because kill -INT 1 makes init run 'ca' setting from inittab which is init 6 in 99% of cases, and without or with almost empty inittab inside vserver, that vserver won't get stopped cleanly
1129890716 M * baggins what about testing for FEATURE migrate and calling INITCMD_STOP despite IS_FAKEINIT?
1129890747 M * baggins and if this fails kill -INT 1 then
1129891100 M * yarihm has anyone an idea how i could force the host to not use an IP of a vserver even though that would be closer to the final destination?
1129891206 M * yarihm in concrete numbers: my administration-interface is 10.1.0.6 on eth1, the vservers are all in 10.0.0.0/24 on eth0 ... now if something in the host wants to access a host in 10.0.0.0/24 it uses as source one of its vserver-ips (10.0.0.25 in my case)
1129891287 M * yarihm (strange enough it still routes through my router which is between 10.1.0.0/24 and 10.0.0.0/24)
1129891315 M * gudi hmm i cannot get iptables to work in my vserver :(
1129891326 M * gudi CAP_NETADMIN
1129891331 M * Bertl gudi: that is not unexpected ... iptables is host only
1129891331 M * gudi  iptables -L -nv
1129891332 M * gudi FATAL: Could not load /lib/modules/2.6.12-p3/modules.dep: No such file or directory
1129891332 M * gudi iptables v1.2.11: can't initialize iptables table `filter': Permission denied (you must be root)
1129891336 M * yarihm gudi: that's on purpose :)
1129891350 M * gudi Bertl, really ? its not possible it vserver ?
1129891353 M * yarihm gudi: imageine if a vserver would be able to change the netfilter rules ... 
1129891359 M * Bertl yarihm: use SNAT to map the guest's ip
1129891393 M * yarihm gudi: maybe its possible, but not without giving more capabilities to the vserver in question
1129891437 M * yarihm Bertl: and what happens if the host wants to connect to some host in 10.0.0.0/24? i wouldn't want to map that one, no?
1129891450 M * yarihm gudi: why do you want iptables inside a vserver anyway?
1129891482 M * gudi yarihm, why not ?;-)
1129891523 M * yarihm gudi: because (for me) the purpose of vservers is an increase in security and if an attacker compromises a vserver i'd rather not have him change anything in the firewall
1129891583 M * yarihm gudi: it kinda defeats a positive aspect of vservers ... imageine an attacker would redirect some critical traffic to himself or some other destination ... that's definitvely not the purpose
1129892089 M * Nik_ gudi: if you give the capabilities to a vserver to change netfilter rules, the client, you gave this possibility to, can also change the rules for all other clients, if you think of hosting. no way to change that. You can try it with less harm with CAP_NET_ADMIN giving the opportunity to a vserver to change IPs...
1129892129 M * Nik_ gudi: ip a a 192.168.0.0 dev eth0 would work within a vserver, and eth0 isn't even the interface for the vserver
1129892177 M * Nik_ gudi: one can also do ifconfig eth0 down, which could cause a complete DoS if this is the interface the vservers talk to the world
1129892437 M * Bertl yarihm: just SNAT the guest ip, if the host accesses the guest, it will not be changed
1129892677 M * yarihm Bertl: hmm ... i think i can't follow you. if the guest (vserver) accesses anything it's all ok. the problem is the host because it refuses to stick with the source-address i gave him for that purpose and uses one of its guests IP to access things ... 
1129892748 M * Nik_ yarihm: try ip a l - you will find the source addres for each subnet as scope global
1129892798 M * Nik_ yarihm: you should set the desired source address of the host first, and start up the vservers afterwards
1129892842 M * Nik_ yarihm: you should also use a gateway for the host within the subnet of the host ip, not the vservers' ips
1129892897 M * Nik_ yarihm: meaning if the host has e.g. 10.1.2.3/24 and the vservers 10.0.0.0/24 the router for hte host should be within 10.1.2.0/24 and not e.g. 10.0.0.1
1129892939 M * yarihm Nik_: well ... that's more or less what i have ... i'll paste my setup on pastebin.com ... give me a second
1129892976 M * Nik_ yarihm: ok
1129893087 M * yarihm http://paste.debian.net/2417
1129893122 M * yarihm Nik_: i also have ip route add default via 10.0.0.1 dev eth1 table vservers
1129893141 M * yarihm (somewhere ... but i don't know where :-/ ... embarassing)
1129893142 M * gudi hmm ok the firewlling should be done on the glabal server
1129893143 M * gudi thx
1129893210 M * Bertl okay, off for lunch ... back later
1129893216 M * Greek0 Bertl: pong
1129893225 M * yarihm Nik_: i add the default-gw everytime a vserver starts via pre-start-script
1129893226 M * gudi we want to use vserver just to setup a few virtual servers to better use the servers cpu and not need to have 3 server when one can handle the 3 serverics for sure
1129893229 M * Bertl Greek0: ah, static binaries from dynamic ones?
1129893240 M * yarihm Nik_: i mean the default-gw for the table vservers
1129893245 M * Bertl Greek0: just /msg me plz ...
1129893246 M * gudi so the admin should know what he do when he is in the vserver
1129893250 N * Bertl Bertl_oO
1129893253 M * gudi or is that not a good use for a vserver ?
1129893288 M * Nik_ gudi: it's may be the best way to do it
1129893288 M * yarihm gudi: it sure is, but then it might be better providing all admins access to the host-instance as well
1129893299 M * yarihm (for iptables-administration)
1129893304 M * gudi sure.
1129893317 M * gudi anyone of you use a vserver for such a solution ?
1129893322 M * yarihm gudi: if you hesitate to give them full root-access you can configure sudo to only allow iptables
1129893325 M * Nik_ yarihm: why do you make this so complicated? tables, source routing.. do both NICs end up on the same switch?
1129893342 M * yarihm Nik_: well ... yes, at the moment. but that should change somewhen
1129893374 M * yarihm Nik_: the idea is to have a managing-network and one for services, they will be physically separated
1129893398 M * yarihm there is a router routing between them ... at the moment all nics are attached to the same switch
1129893411 M * gudi i want to migrade my mailserver my webserver and my dns server to the vserver
1129893432 M * yarihm gudi: should be no problem :)
1129893470 M * Nik_ yarihm: err... ok. not that bad. So, you sould have no default gateway in the main table
1129893479 M * gudi ok we use qmail vpopmail courier-imap and the mailserver. apache2 + mod_ssl + proftpd on the web and bin9 on the dns
1129893507 M * yarihm Nik_: hmm ... only the one routing-tables maintenance and vservers?
1129893542 M * Nik_ as you are doing source based routing you should add ip r a 0/0 via <IP> t vservers
1129893549 M * yarihm gudi: are you sure this ends ub in a vserver-question and not in a distribution/daemon-related? :)
1129893599 M * gudi yarihm, yes im sure ;-)
1129893617 M * gudi hmm anyone knows where th vdlimit command can be found ?
1129893618 M * yarihm Nik_: let me think about that a second, i'm not yet sure what it would do
1129893674 M * gudi i cannot find it and i want to setup the discspace per vserver
1129893916 M * yarihm Nik_: i don't get it ... what would "ip route add 0/0 via 10.0.0.1 table vservers" change? i'd remove the default-gateway in the main routing table too, but that would probably not change much since i specified the gateway for all routable source-ips i have in the two tables maintenance and vservers ... all possible source-addresses end up in one of these two tables, no? i'm not sure if i got that right now
1129893995 M * Nik_ yarihm: do you have only one router for the host and the vservers? and does this router have 2 IPs - one for the maintainer network and one for the vservers?
1129894042 M * yarihm Nik_: yes, it does ... it even has two interfaces, one for each of the networks but since they are all attached to the same switch that won't matter for now ...
1129894113 M * Nik_ than add a default route in each table with the appropriante IP
1129894135 M * yarihm Nik_: the router is "3-legged" ... one interface for the external network, one for maintenance (10.1.0.0/24) and one for the servers and clients (10.0.0.0/24)
1129894151 M * Nik_ and leave the main table with no default GW
1129894179 M * yarihm Nik_: ok, i'll remove the default-gw from the maintable ... the other thing i already did
1129894239 M * Nik_ yarihm: should work. works for me in a more complex setup :-)
1129894249 M * yarihm Nik_: ok :)
1129894494 M * yarihm Nik_: maybe you have hints on this: i got problems the moment i added a transparent http-proxy on my router but only for access of external servers. i have a debian-cache on a vserver (10.0.0.27) that stopped working from all servers but the one that hosts it ... i get "503 Service Unavailable"-errors ... tcpdump says i recieve an answer from 10.0.0.27 ... do you have any hints on this?
1129894537 M * Nik_ yarihm: sorry... i;ve no clue on that atm
1129894538 J * renihs ~renihs___@193.170.52.70
1129894591 Q * nokoya Read error: Connection reset by peer
1129894604 M * yarihm Nik_: lucky you :) otherwise you would have had to explain it to a stupid person ;)
1129894620 J * nokoya young@hi-230-82.tm.net.org.my
1129894761 M * Nik_ yarihm: i'm a supporter anyway, so.. i'm kinda used to such things :-) BTW... ypu might consider adding the source routing rules not per ip, but per network, e.g. from 10.0.0.0/24
1129895910 J * sebi_ ~sebi@Fd6ed.f.strato-dslnet.de
1129896016 Q * sebi Ping timeout: 480 seconds
1129897552 J * micah_ micah@micha.hampshire.edu
1129897970 Q * micah Ping timeout: 480 seconds
1129901877 Q * Johnsie Ping timeout: 480 seconds
1129902183 Q * gudi Quit: Verlassend
1129902529 M * yarihm Nik_: yeah, i thought about that, but what if ... well ... i just thought that it was more tight when doing per IP :) i can do so easily with the pre-start-scripts and post-stop scripts
1129902616 M * Nik_ yarihm: ok, I'm not sure if the more checks would slow down the routing or not.. but it would be more readable ;-)
1129902747 M * Nik_ yarihm: and you will not need to execute one more command per start/stoping a vserver. on loaded systems it is to be avoided when possible :-) and you reduce the efford while creating the vserver
1129902967 M * yarihm well, since vservers are started sequentially i consider the additional overhead unproblematic :)
1129906341 N * micah_ micah
1129907233 J * patulon ~patulon@host242.201-252-55.telecom.net.ar
1129907247 N * Bertl_oO Bertl
1129907253 M * Bertl welcome patulon!
1129907261 M * patulon Hello !!
1129907265 M * patulon how are you ?
1129907299 M * Bertl fine, thanks! and you?
1129907327 M * patulon I'm very very happy with the performance of the vservers !!
1129907336 M * Bertl excellent!
1129907352 M * patulon they are great !!, I thing its as fast as a real server
1129907364 M * patulon I think, sorry...
1129907395 M * patulon I have the question of the day... :P
1129907399 M * Bertl yeah, if you put more guests on it, it can be even faster then the real thing ...
1129907412 M * patulon amazing !!!
1129907499 M * patulon I'm trying to use realserver streaming on the vserver, and it tries to bind the 7070/tcp among other ports over the 127.0.0.1 IP... and it fails because of this:
1129907505 M * patulon ¨could not open <127.0.0.1:7070> - Address already in use¨
1129907588 M * patulon if a execute an "ifconfig" i don't see the loopback iface... is that correct ?
1129907687 M * Bertl well, the guest has no direct lo access
1129907699 M * Bertl the 127.0.0.1 ip is mapped to the first guest ip
1129907716 M * Bertl but I assume your host already binds the guest ip somehow (at port 7070)
1129907816 M * patulon actually I don't think so, the real server its using just 3000/tcp (ntop)...
1129907971 M * Bertl hmm .. well, try switching from 127.0.0.1 to the first assigned ip
1129907987 M * Bertl or if that fails, try to assign 127.0.0.1 as first ip (hack)
1129908103 M * patulon could I add the 127.0.0.1 addr to the vserver ?
1129908118 M * Bertl yes, that's what I meant, but as I said, it's a hack
1129908171 M * patulon oh... I'll try it
1129908579 M * patulon Look, I don't know why, but in the vserver02 I have this:
1129908579 M * patulon vs02:/# ip addr list
1129908580 M * patulon 1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
1129908580 M * patulon     link/ether 00:50:8b:f3:93:e7 brd ff:ff:ff:ff:ff:ff
1129908580 M * patulon     inet 127.0.0.1/32 scope host eth0
1129908581 M * patulon     inet 200.68.216.101/28 brd 200.68.216.111 scope global secondary eth0
1129908581 M * patulon 2: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
1129908583 M * patulon     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
1129908583 M * patulon     inet 127.0.0.1/8 scope host lo
1129908593 M * patulon But in the vserver 1 have this:
1129908599 M * patulon vs01:/# ip addr list
1129908599 M * patulon 1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
1129908599 M * patulon     link/ether 00:50:8b:f3:93:e7 brd ff:ff:ff:ff:ff:ff
1129908599 M * patulon     inet 200.68.216.100/28 brd 200.68.216.111 scope global secondary eth0
1129908617 M * patulon look, in the vs02 there is a lo interface !!!
1129908715 J * stefani ~stefani@superquan.apl.washington.edu
1129908800 M * patulon Yeahhhhh !!!! it works !!!!....
1129908856 M * patulon I've learn today that I can bind the loopback to every vserver... could it make something go wrong ??
1129908905 J * matto ~matt@53.124.233.220.exetel.com.au
1129909065 Q * Nik_ Quit: Hybernating my Brain.....
1129909370 M * Bertl patulon: the drawback is, every guest will see the localhost traffic of the other guests ...
1129909663 M * patulon ohh... that's a privacy problem...
1129909682 M * mrec Bertl: a simple question ... http://rafb.net/paste/results/2znVi755.html what do you think does test return?
1129909691 M * mrec hey btw :)
1129909711 M * mrec (without trying!)
1129909849 M * Bertl return?
1129909860 M * Bertl it should return 0
1129909903 M * Bertl output should be AB
1129909948 M * mrec why AB?
1129909950 M * mrec and not ABC?
1129909966 M * Bertl because *nprintf size is including trailing zero
1129910005 M * Bertl at least I remember that from the man page
1129910101 M * mrec wonder why I used it actually :)
1129910106 M * Bertl so is it right?
1129910109 M * mrec yes
1129910117 M * mrec just wondered about that
1129910146 J * Neso neso@slip139-92-103-241.tur.it.prserv.net
1129910148 M * mrec Thus, a  return  value
1129910149 M * mrec        of  size  or  more means that the output was truncated.
1129910155 M * mrec ok :)
1129910166 P * Neso 
1129910720 J * oliwel ~mail-at-o@host-62-245-151-178.customer.m-online.net
1129911010 Q * matto Quit: 
1129911238 J * Berserker ~Berserker@213.184.241.254
1129911388 M * Berserker hi all ! Here is my question : How to separate  localhost and IP sockets  inside VPS? If apache tries to bind 127.0.0.1:80, it cant, because squid already at 10.16.70.11:80
1129911414 M * Berserker 10.16.70.11 is IP of VPS
1129911746 M * Bertl you normally don't do it ...
1129911752 M * Berserker When apache tries to bind 127.0.0.1:80, really is bind IP:80 , I see that in `netstat -tnlp`. IP is IP of VPS.
1129911761 M * Bertl yep, precisely
1129911785 M * Bertl why not take a different ip (private range) to bind squid to?
1129911799 M * Bertl e.g. 10.17.70.11 :)
1129911923 M * Berserker Bertl,  Do you mean that all applications inside VPS can bind at some ports but only at one IP??
1129911939 M * Bertl no, they can bind to _all_ assigned ips
1129911950 M * Bertl but 127.0.0.1 is _not_ assigned
1129911956 M * Bertl (for security reasons)
1129912137 Q * prae Quit: Execute Order 69 !
1129912271 M * Berserker Berserker,  Is 127.0.0.0/24 network common for all VPSes and main machine ? I mean if one application bind 127.0.0.2:80 then in every VPS I can get connection at 127.0.0.2:80 ?
1129912297 M * Berserker Bertl,  question was for you :) not for me
1129912327 M * Bertl yeah, all ips are common/shared across all guests and the host
1129912344 M * Bertl there is no network virtualization, except for the 127.0.0.1 -> first ip mapping
1129913021 Q * oliwel Quit: Chatzilla 0.9.68.5 [SUSE 1.0.6-4.1/20050715]
1129913323 J * menomc ~amery@200.75.27.83
1129913371 J * liquid3649 ~liquid@p54975DA0.dip.t-dialin.net
1129913431 Q * mnemoc Ping timeout: 480 seconds
1129913451 J * Johnsie ~john@acs-24-154-53-217.zoominternet.net
1129913818 J * oliwel ~mail-at-o@host-62-245-151-178.customer.m-online.net
1129914631 Q * liquid3649 Quit: Verlassend
1129915884 J * prae ~benjamin@sherpadown.net
1129917239 Q * menomc Quit: leaving
1129917286 J * mnemoc ~amery@200.75.27.83
1129917913 M * patulon well...thanks! :)...I'm leaving 
1129917934 Q * patulon Quit: 
1129918484 Q * bragon Remote host closed the connection
1129919896 P * stefani I'm Parting (the water)
1129920428 J * Nik_ ~Nik@soflan.net
1129920431 M * Nik_ hi all
1129921723 Q * oliwel Quit: Chatzilla 0.9.68.5 [SUSE 1.0.6-4.1/20050715]
1129925647 J * mrec_ ~revenger@p54B00506.dip0.t-ipconnect.de
1129926052 Q * mrec Ping timeout: 480 seconds
1129926309 J * shedi ~siggi@inferno.lhi.is
1129926445 M * shedi hello
1129926460 M * shedi in the new style configuration can I define a secondary network interface for one virtual guest server
1129926478 M * Nik_ shedi: hi. yes, you can
1129926522 M * Nik_ shedi: just create .../interfaces/0 .../interfaces/1 and so on and put the different settings within the dirs
1129926559 M * shedi that's fantastic
1129926573 M * Nik_ shedi: e.g. if the two interfaces should differ only in the IP address of the same subnet you can put all other config files in .../interfaces and just ip in both subdirs
1129926594 M * shedi they would be on different vlans
1129926646 M * Nik_ shedi: to be on the safe side - put everything in the subdirs
1129926680 M * shedi thanks Nik_ 
1129927013 M * Nik_ shedi: np :-)
1129927678 Q * shedi Quit: Leaving
1129927970 J * stefani ~stefani@superquan.apl.washington.edu
1129928299 N * Bertl Bertl_zZ
1129929047 Q * Berserker Quit: ðÏËÉÄÁÀ
1129932647 Q * FireEgl Ping timeout: 480 seconds
1129933823 J * FireEgl Atlantica@Atlantica.IPv6Tunnel.Info
1129934766 Q * yarihm Quit: Leaving
1129935725 J * `83DC ~hetore@139.56.2.15
1129935751 Q * `83DC Quit: 
1129936012 Q * sladen Ping timeout: 480 seconds
1129936178 J * sladen paul@starsky.19inch.net
1129937216 Q * lilo Remote host closed the connection
1129937515 J * lilo ~lilo@lilo.usercloak.oftc.net
1129938229 Q * kaRma0 Quit: using sirc version 2.211+KSIRC/1.3.12
1129938617 P * stefani I'm Parting (the water)