1169164902 M * matti Bertl: :0
1169165587 J * ruskie_ ruskie@goatse.co.uk
1169165607 M * Bertl hey matti!
1169165631 J * tamitall_ ~tam@gw.nettam.com
1169165652 J * comfrey ~comfrey@70.91.185.84
1169165663 Q * ruskie osmosis.oftc.net larich.oftc.net
1169165663 Q * harry osmosis.oftc.net larich.oftc.net
1169165663 Q * comfrey_ osmosis.oftc.net larich.oftc.net
1169165663 Q * daniel_hozac osmosis.oftc.net larich.oftc.net
1169165663 Q * tamitall osmosis.oftc.net larich.oftc.net
1169165663 Q * thunder1 osmosis.oftc.net larich.oftc.net
1169165663 J * harry ~harry@d54C2508C.access.telenet.be
1169165683 J * daniel_hozac ~daniel@c-2c1472d5.010-230-73746f22.cust.bredbandsbolaget.se
1169165687 N * ruskie_ ruskie
1169165726 J * thunder1 ~thu@tor-irc.dnsbl.oftc.net
1169167630 N * Piet__ Piet
1169167637 Q * meandtheshell Quit: Leaving.
1169167807 M * Guy- can I have /vservers on nfs?
1169168060 M * Bertl yep
1169168091 M * Bertl if the server is using a patched kernel, you can even use xid tagging
1169168249 M * Guy- I don't need that now, but good to know
1169168256 M * Guy- I'm migrating from a 32bit box to a 64bit one
1169168263 M * Guy- and all the disks are in the 32bit box
1169168273 M * Bertl i.c.
1169168280 M * Guy- I want to set up the 64bit vservers on the disks before I switch motherboards...
1169168295 M * Bertl well, be careful, if there is heavy disk I/O, it will kill your performance :)
1169168337 M * Guy- I only have 100BaseTx-HD here, so the speed doesn't exactly blow my head off anyway :)
1169168440 M * Guy- a vserver should receive broadcast packets, if its IP is in the subnet being broadcast to, right?
1169168477 M * Bertl depends on the setup and the kind of broadcast
1169168567 M * Guy- like, udp to 192.168.0.255
1169168573 M * Guy- the host has 192.168.0.4/24
1169168584 M * Guy- the vserver has 192.168.0.5/24
1169168658 M * Bertl yep, if you set the bcast ip for the guest, it will work
1169168733 M * Guy- OK
1169168755 M * Guy- thanks
1169168766 M * Guy- and now, some sleep
1169168772 M * Guy- g'night :)
1169168774 M * Bertl good night then!
1169170567 Q * blino Remote host closed the connection
1169172420 M * Bertl okay, I'm off to bed now .. have a good one everyone! cya!
1169172425 N * Bertl Bertl_zZ
1169174650 J * Aiken_ ~james@tooax6-178.dialup.optusnet.com.au
1169174975 Q * Aiken Ping timeout: 480 seconds
1169175619 J * thunder18 ~thu@tor-irc.dnsbl.oftc.net
1169175658 Q * thunder1 Remote host closed the connection
1169175681 N * thunder18 thunder1
1169181871 Q * bronson Quit: Ex-Chat
1169189134 J * bronson ~bronson@adsl-75-36-145-166.dsl.pltn13.sbcglobal.net
1169190480 Q * cdrx Ping timeout: 480 seconds
1169191889 Q * Piet Quit: Piet
1169193118 Q * bronson Remote host closed the connection
1169193662 J * derjoerg ~Miranda@199.42.240.136
1169194316 M * derjoerg Hello everybody
1169194343 M * derjoerg I hope somebody can help me with my vserver-problem
1169194344 M * daniel_hozac hi
1169194391 M * matti Morning *.
1169194397 M * daniel_hozac morning matti
1169194426 M * derjoerg I have an installed ubuntu dapper and use the patched kernel from derjohn 2.6.17.6 with vserver 211-rc29
1169194443 M * daniel_hozac hmm, that's a really old kernel.
1169194454 M * derjoerg everything works fine so fare
1169194486 M * derjoerg I've installed the ubuntu packages util-vserver (0.30.210) and vserver-debiantools (0.2.5)
1169194505 M * derjoerg I can create vserver and everything is OK
1169194529 M * derjoerg but after a rebbot of the complete system my default-vservers aren't up and running
1169194549 M * daniel_hozac did you mark them as default?
1169194551 M * derjoerg after a "/etc/init.d/util-vserver start" I get the following error:
1169194598 M * derjoerg Fixing visibility of /proc entries for Vservers...done.
1169194598 M * derjoerg Starting vservers of type 'default'...The following problem(s) were encountered while verifying vshelper
1169194598 M * derjoerg functionality:
1169194598 M * derjoerg * The vshelper state-directory '/var/run/vshelper' does not exist; since
1169194598 M * derjoerg it is created by 'make install', this indicates a serious problem with
1169194599 M * derjoerg your util-vserver installation
1169194599 M * derjoerg To fix this, you can:
1169194601 M * derjoerg * disable vshelper entirely by executing
1169194601 M * derjoerg   | touch "/etc/vservers/.defaults/apps/vshelper/disabled"
1169194603 M * derjoerg * disable only this message by executing
1169194603 M * derjoerg   | touch "/etc/vservers/.defaults/apps/vshelper/warning-disabled"
1169194605 M * derjoerg * configure the util-vserver vshelper script, e.g. by adding
1169194605 M * derjoerg   | kernel.vshelper = /usr/lib/util-vserver/vshelper
1169194607 M * derjoerg   to /etc/sysctl.conf and rebooting the machine, or by executing
1169194607 M * derjoerg   | echo "/usr/lib/util-vserver/vshelper" >/proc/sys/kernel/vshelper
1169194609 M * derjoerg Failed to start vserver 'dns'
1169194609 M * derjoerg make: *** [.dns.stamp] Error 1
1169194615 M * daniel_hozac please use paste.linux-vserver.org for longer pastes.
1169194623 M * derjoerg ok, one moment
1169194625 M * daniel_hozac i.e. anything longer than 3 lines.
1169194649 M * derjoerg http://paste.linux-vserver.org/903
1169194654 M * daniel_hozac you really should use the latest util-vserver packages.
1169194666 M * daniel_hozac i believe 0.30.212-1 should work.
1169194696 M * derjoerg the strange thing is, after removing and reinstalling util-vserver everything is ok until the next reboot
1169194706 M * daniel_hozac as expected.
1169194730 Q * m`m`h Ping timeout: 480 seconds
1169194798 J * cdrx ~legoater@blueice1n1.uk.ibm.com
1169195500 Q * kugg Ping timeout: 480 seconds
1169196380 J * FireEgl Atl-NA@adsl-17-137-63.bhm.bellsouth.net
1169196410 J * kugg ~kugg@90-227-91-196-no120.tbcn.telia.com
1169197096 M * derjoerg daniel_hozac: thank you this made it. I fetched the 0.30.212 source package for ubuntu feisty and now the vservers came up automatically after reboot
1169197099 J * duckx ~Duck@tox.dyndns.org
1169197394 Q * Aiken_ Quit: Leaving
1169197788 Q * shedi Quit: Leaving
1169198003 J * Fire_Egl ~FireEgl@adsl-17-158-129.bhm.bellsouth.net
1169198380 Q * FireEgl Ping timeout: 480 seconds
1169198830 J * dlezcano ~dlezcano@AToulouse-252-1-85-33.w86-201.abo.wanadoo.fr
1169199090 J * dna ~naucki@p54BCDA0D.dip.t-dialin.net
1169199925 Q * kir Ping timeout: 480 seconds
1169201469 J * dna_ ~naucki@p54BCE925.dip.t-dialin.net
1169201615 Q * dna Ping timeout: 480 seconds
1169202251 J * dna ~naucki@p54BCE925.dip.t-dialin.net
1169202600 Q * dna_ Ping timeout: 480 seconds
1169204362 J * lilalinux ~plasma@80.69.41.2
1169206134 J * mael_sanger ~gn1@guest501.wtgc.org
1169206161 M * derjohn derjoerg, cool nick, greetz: derjohn
1169206264 M * derjoerg derjohn: by the way, thanks for the ubuntu-images they work like a charme under ubuntu dapper
1169206285 M * mael_sanger Hi, I try to understand how the vserver userspace tools work
1169206298 M * mael_sanger any pointer welcome
1169206315 M * derjohn derjoerg, oohhhhhhhhhhhhhhhhhh! this is a rc29 vserver kernel .... I think s.o. should upgrade ist, I didnt find time yet
1169206355 M * daniel_hozac mael_sanger: what is it that you don't understand?
1169206375 M * mael_sanger how the different layers of operations stacks up
1169206377 Q * cdrx Read error: Connection reset by peer
1169206403 M * derjoerg derjohn: well, I'm not that linux-guru to make such things, I'm happy that I get it to work this way
1169206410 M * mael_sanger when you want to start a vserver for instance
1169206466 M * mael_sanger I first expected to find a binary doing a few syscalls but it doesn't seem to work that way
1169206470 M * derjohn derjoerg, well, I think I'll do that. I can drop you a mail, when I uploaded the image. Now that I know that there is interest, I am also willing to create a repo, like i did for debian etch ... so you can apt-get the kernel
1169206516 M * mael_sanger I suspect there's a lot of compatibility layers to support different vserver feature sets and different distros, but I was lost trying to track how the real thing was started
1169206534 M * daniel_hozac mael_sanger: vserver --debug ... start?
1169206538 M * mael_sanger (it seem to involve a makefile at some point)
1169206569 M * derjoerg derjohn: this would be really, really create
1169206577 M * daniel_hozac derjohn: so we have an Ubuntu kernel maintainer at last? :)
1169206592 M * daniel_hozac derjohn: but your kernels are vanilla, right?
1169206612 M * derjohn daniel_hozac, no, ask mark s. and ben c. did not agree to include it into edgy. they go for xen.
1169206634 M * daniel_hozac xen and vserver are not mutually exclusive, look at Debian and my repo... ;)
1169206652 M * derjohn daniel_hozac, no, I patch the distro ones ...  so all these restricted-firmware-stuff and raid/md should still work
1169206665 M * daniel_hozac derjohn: ah, okay.
1169206666 M * mael_sanger daniel_hozac:  ok thanks at least I have all the shell commands spitted out now
1169206678 M * derjohn daniel_hozac, I know, but as there is no interest from the ubuntu side ....
1169206686 M * daniel_hozac mael_sanger: most of the time, each command will correspond to one syscall.
1169206704 M * mael_sanger ok
1169206720 M * daniel_hozac recently there had to be some magic added (for the mainline virtualization) so some things will execute multiple syscalls.
1169206725 J * m`m`h ~simba@82.209.245.203
1169206734 M * derjohn maybe ubuntu users should cry for vserver support ion the ubuntu forums/irc a little more to create some pressure. ..( derjoerg  ? )
1169206747 M * daniel_hozac derjohn: seems like a good idea.
1169206750 M * mael_sanger now I have another question: what was the design idea behind the configuration scheme?
1169206759 M * derjoerg i'll try, but I'm really new to all of this
1169206762 M * daniel_hozac but such an effort would require someone to take charge.
1169206766 M * mael_sanger (the multiple files in a set of directories)
1169206778 M * derjoerg derjohn: do you get my mail-address?
1169206791 M * derjohn derjoerg,  yes ....
1169206797 M * daniel_hozac mael_sanger: easy to use.
1169206803 M * daniel_hozac both from scripts and manually.
1169206811 M * daniel_hozac (and from C)
1169206858 M * daniel_hozac no complex parsers required, just read the file, nul the linefeed, and you're done.
1169206862 M * mael_sanger ok, I was assuming that having a single file to configure a vserver would be enough, provided there was an api enabling file-manipulation from a program PoV
1169206932 M * mael_sanger but I see your point
1169206959 M * daniel_hozac it's a lot easier to use as well.
1169206979 M * mael_sanger hum it's probably right once you've used to it
1169206985 M * daniel_hozac echo x > file is just a lot easier than editing a file, trying to find the right section, and adding it.
1169206988 M * mael_sanger at the moment I find it confusing
1169207002 M * mael_sanger well you still have to find the right directory
1169207009 M * mael_sanger and there's no comments
1169207015 M * daniel_hozac that's what the flower page is for..
1169207028 M * daniel_hozac files that are not part of the configuration are ignored.
1169207036 M * mael_sanger yes at least there's documentation ;)
1169207038 M * daniel_hozac so nothing is stopping you from adding description files everywhere.
1169207085 M * mael_sanger the other thing is I find it more easy to have a global view of a configuration from a single file or a limited number of files
1169207093 M * mael_sanger but it's probably out of habit
1169207142 M * mael_sanger any way you've just answered my questions, thanks for that
1169207151 M * Loki|muh I switched to debian for my host systems
1169207254 M * derjohn daniel_hozac, the problem to patch the dapper kernel was, that I had to patch the "unionfs" part, by inserting nulls into the functions calls, to make it vserver aware. I did that without really knowing, what I did .... IIRC it compiled, but had no barrier support ?
1169207273 M * daniel_hozac not barrier, no BME support.
1169207292 M * daniel_hozac mael_sanger: that's easy to generate with e.g. find and tail.
1169207317 M * mael_sanger yes and split afterward
1169207421 M * mael_sanger is there such script already available somewhere?
1169207432 M * daniel_hozac for converting between configs?
1169207447 M * mael_sanger yes
1169207469 M * daniel_hozac IIRC there are some on the oldwiki.
1169207497 M * daniel_hozac but the old configuration format doesn't support anything even close to all of the available options.
1169207518 M * daniel_hozac and AFAIK nobody has done a sysctl like configuration file.
1169207552 M * mael_sanger "sysctl-like"?
1169207577 M * daniel_hozac you know /etc/sysctl.conf?
1169207583 M * mael_sanger you mean by changing the configuration parameters of a running vserver
1169207587 M * mael_sanger yes
1169207588 M * mael_sanger ok
1169207609 M * daniel_hozac it's basically the same configuration format (/proc/sys), but with a single configuration file.
1169207676 M * daniel_hozac one of the things on my TODO list is writing a configuration library for the utils, with exchangable backends.
1169207743 M * mael_sanger the sysctl.conf-like approach would suit me
1169207799 M * daniel_hozac so i'd assume once the configuration library is done, i should expect a patch for that? :)
1169207805 M * mael_sanger hehe
1169207829 M * mael_sanger It will depend how much constraints you add on the backends development
1169207834 M * mael_sanger but yes why not
1169207851 Q * m`m`h Ping timeout: 480 seconds
1169207852 M * daniel_hozac (it should be noted that the configuration library has been on my TODO for... probably a year now)
1169207868 M * mael_sanger so you're the one writing the new daemon-thingie?
1169207876 M * daniel_hozac no, that's Hollow
1169207881 M * daniel_hozac i'm maintaining util-vserver.
1169207902 M * Hollow pong
1169207906 M * Hollow :)
1169207944 M * mael_sanger hum ok
1169207961 M * mael_sanger so what are the intended relations between the two?
1169207971 M * Hollow one replaces the other
1169207988 M * mael_sanger completely?
1169207992 M * Hollow yep
1169208005 M * Hollow you cannot install both at the same time
1169208009 M * daniel_hozac certain aspects are bound to conflict even if they did install side-by-side.
1169208015 M * mael_sanger I thought that maybe the configuration backend would be used by the new daemon
1169208016 M * daniel_hozac i.e. the vshelper.
1169208034 M * Hollow vcd uses an sqlite backend for storage
1169208096 M * mael_sanger on each node?
1169208113 M * mael_sanger on each host I mean
1169208132 M * daniel_hozac probably the database backends are somewhat interchangable there too.
1169208138 M * daniel_hozac in the end, i mean.
1169208182 M * mael_sanger ok
1169208189 M * Hollow daniel_hozac: i already thought about the possibility to use vxdb for util-vserver too
1169208209 M * daniel_hozac makes sense.
1169208214 M * mael_sanger I thought from the design drawing that only the states of the vm where stored in the sqlite backedn
1169208220 M * Hollow we could support a file backend too, to keep it like /etc/vservers
1169208236 M * Hollow no, the state is not in the database
1169208249 M * Hollow there is only configuration in vxdb
1169208251 M * daniel_hozac what's the table structure like?
1169208266 M * daniel_hozac just a simple variable, value thing?
1169208273 M * daniel_hozac (and type, i guess)
1169208276 M * Hollow http://svn.linux-vserver.org/projects/vcd/browser/trunk/scripts/vxdb.sql
1169208300 M * daniel_hozac ah, okay.
1169208320 M * Hollow but that still needs to be extended
1169208330 Q * ensc Ping timeout: 480 seconds
1169208348 M * Hollow e.g. there are no dependencies, scriplets and start-on-boot options yet
1169208391 M * daniel_hozac i see.
1169208407 M * daniel_hozac i guess i should take a more serious look at implementing the configuration library for 0.30.214.
1169208436 M * Hollow we could even do a libvxdb eventually
1169208436 M * daniel_hozac (0.30.213 is already a rather long list, and i'd like to get it out before my internship starts in the middle of february)
1169208541 M * Hollow another (rather complex) task would be to use libvserver for util-vserver too
1169208556 M * daniel_hozac well, util-vserver's libvserver is IMHO superior.
1169208556 M * mael_sanger Hollow do you have a design for the template cache?
1169208579 M * daniel_hozac just for the backwards compatibility.
1169208581 M * Hollow the template cache consists of tarballs containing the root filesystem
1169208614 M * mael_sanger I've worked on a similar design for xen a long time ago and I'm actually trying to find a one-fits-all solution for the virtualisation technologies
1169208619 M * Hollow daniel_hozac: well, maybe we can drop all the legacy fuzz for 0.40 or so ;)
1169208625 M * daniel_hozac mael_sanger: like libvirt?
1169208633 M * mael_sanger no for the VM image
1169208651 M * daniel_hozac Hollow: i guess we'll reach 1.0.0 before 0.40 :)
1169208654 M * mael_sanger filesystem tarball + metadata + optional kernel images
1169208660 M * Hollow daniel_hozac: awesome :D
1169208662 M * daniel_hozac (as 0.x releases are legacy only)
1169208675 M * Hollow mael_sanger: there is no kernel in the templates
1169208677 M * mael_sanger so the vm can be instanciated on different types of virtualisation technologies
1169208702 M * Hollow mael_sanger: look at the testdummy at http://svn.linux-vserver.org/projects/vcd/browser/trunk/test
1169208711 M * mael_sanger Hollow yes I know it doesn't make sense for vserver but it may be mandatory for other technos
1169208728 M * Hollow well, vcd is designed for vserver
1169208734 M * mael_sanger having an extendable format for that may be interesting
1169208761 M * mael_sanger sure but if you can have a template image usable on other virt technos it may be nice, no?
1169208786 M * Hollow yeah.. you can put anything you want into the tarball... vcd doesn't care.. it just unpacks it :)
1169208792 M * daniel_hozac but they have different requirements.
1169208802 M * daniel_hozac UML/Xen will e.g. require network configuration.
1169208807 M * mael_sanger sure
1169208818 M * daniel_hozac while that's just noise in vserver.
1169208832 M * mael_sanger but not necessarily in the template thing
1169208839 M * mael_sanger (for xen/uml)
1169208850 M * daniel_hozac but the network scripts need to be there.
1169208862 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net
1169208864 M * mael_sanger I don't see why
1169208902 M * mael_sanger if the prerequisite to use the template is that you have a fully working dom0 with the needed network scripts
1169208932 M * mael_sanger then yes, some of the network-specific configuration things in the metadata may be of no use for you
1169208953 M * mael_sanger or you're talking of the client-side network scripts?
1169208954 M * daniel_hozac not metadata.
1169208965 M * mael_sanger such as /etc/init.d/networking
1169208972 M * daniel_hozac the initscripts inside the guests need different sorts of tweaks.
1169208978 J * meandtheshell ~markus@85-124-39-221.dynamic.xdsl-line.inode.at
1169208995 J * m`m`h ~simba@deb30.mgts.by
1169209029 M * mael_sanger yeah there's probably ugly details all around
1169209180 M * mael_sanger so you recon the "virtualisation technology specific" details shouldn't be in the template cache
1169209197 M * daniel_hozac i think they inevitably need to be.
1169209258 M * mael_sanger that means that even though you can install a package on different virtualisation technologies (you just need to add stuff to the default package), it will be complicated to migrate the image to another virtualisation technology
1169209265 M * daniel_hozac of course, you could use post-extraction scripts to customize them, but that seems a bit counter-templaty.
1169209320 M * Hollow well, in gentoo starting with baselayout-1.13 you should be able to use the same image at least on the host, in vserver, openvz and xen
1169209333 M * mael_sanger well you probably end up with that as there's a lot of site-specific tweaks needed anyway
1169209350 M * mael_sanger Hollow interesting
1169209369 M * daniel_hozac mael_sanger: but that's exactly what templates are meant to cover.
1169209370 M * mael_sanger how do they solve this problem?
1169209386 M * daniel_hozac the template is meant to be a guest you build, configure, and tar up to use as a base for later guests.
1169209406 M * daniel_hozac so having the post-extraction scriptlets do that seems dumb.
1169209414 M * mael_sanger daniel_hozac: ok I thought it was more a "virtual appliance" kind of approach
1169209456 M * mael_sanger such as I have  "webserver"  and "application server" templates 
1169209456 M * daniel_hozac i have no idea what a "virtual appliance" is, but in my mind, that corresponds quite well to what i just said.
1169209463 M * Hollow mael_sanger: well, we check for the existance of VxID in /proc/self/status e.g. to disable certain baselayout things dynamically
1169209477 M * daniel_hozac Hollow: VxID is conditional on a flag, no?
1169209486 M * mael_sanger and I want to instanciate a webserver as name webfoo2 from the template
1169209496 M * Hollow daniel_hozac: yeah, it wil not wor with VXF_INOF_HIDE
1169209503 M * Hollow uh. bad typing today
1169209535 M * daniel_hozac mael_sanger: exactly. but only you know what "webserver" means, so you'll be the one creating the template.
1169209572 M * daniel_hozac thus having it migratable across virtualization technologies doesn't seem all that interesting to me. it's just one of the many changes you have to do to the base install to get a template.
1169209615 M * Hollow yeah, even if it is possible to a certain degree i think it's very low prio to make interchangeable templates
1169209649 M * mael_sanger so the common base between virtualisation technology would be a "physical server" that you then tweak to work on a specific virtualisation technology
1169209671 M * mael_sanger (by removing things off the image for instance for vserver)
1169209705 M * Hollow actually, the gentoo post build scripts do some kind of tweaks to the image... but mostly device node safety and fstab fixage
1169209725 M * daniel_hozac device node safety is done for all templates, no?
1169209730 M * Hollow yep ..
1169210080 Q * softi42 Ping timeout: 480 seconds
1169210695 J * softi42 ~softi@p549D49F4.dip.t-dialin.net
1169211031 Q * m`m`h Ping timeout: 480 seconds
1169211623 J * thunder18 ~thu@tor-irc.dnsbl.oftc.net
1169211725 Q * thunder1 Ping timeout: 480 seconds
1169211740 N * thunder18 thunder1
1169212010 Q * derjoerg Quit: Miranda IM! Smaller, Faster, Easier. http://miranda-im.org
1169212326 J * gab ~gab@158.36.45.236
1169212396 J * oo ~oo@teepee.ormset.no
1169212985 J * dreamind ~dreamind@p54A7A24C.dip0.t-ipconnect.de
1169213011 M * dreamind Hi folks
1169213945 J * orzel ~orzel@freehackers.org
1169213977 M * orzel Hello. i'm using such a rule to redirect http requests to my apache webserver : iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.11.0.128:443
1169214000 M * orzel but this only works (because of DNAT) for incoming request from outside, not from within my local network.
1169214018 M * orzel and, of course, lot of people on the local net needs access to the several web apps installed.
1169214024 M * orzel do you know how to solve this pb ? :)
1169214183 J * m`m`h ~simba@deb30.mgts.by
1169214376 M * SiD3WiNDR chbind: vc_set_ipv4root(): Invalid argument
1169214378 M * SiD3WiNDR what am I missing?
1169214747 M * SiD3WiNDR chbind: vc_net_create(): Invalid argument
1169214751 M * SiD3WiNDR when upgraded to .212
1169214751 M * SiD3WiNDR :(
1169214887 M * SiD3WiNDR k
1169214893 N * tamitall_ tamitall
1169214896 M * SiD3WiNDR because I was still using dynamic contexts on a few vs's
1169214901 M * SiD3WiNDR =)
1169214906 M * SiD3WiNDR pebcak as usual ;)
1169215140 Q * phreak`` Quit: leaving
1169215172 M * nox orzel: how about local dns for 10.11.0.128?
1169215201 J * phreak`` ~phreak``@deimos.barfoo.org
1169215240 M * nox *for all clients which wanna reach it by name from intern
1169215297 M * orzel mmh, i dont like the idea of two different dns. It complicates things a lot.
1169215347 M * nox well just put it in the hosts then
1169215362 M * nox or different views if you use bind9
1169215405 M * orzel i use bind9
1169215416 M * orzel but on some other computer, outside this network
1169215449 M * orzel i could just redirect the port on the local net interface 
1169215455 M * orzel not sure how to do it, though
1169215486 M * nox if it is only for this one and its ip doesn?t change then just put it in hosts
1169215515 M * orzel this is for all computers on the local network. They dont use the gateway '/etc/hosts'
1169215622 M * nox probably intern extra intern nic on the host?
1169215687 M * nox because your rule is just for eth0
1169216112 M * orzel i'm afraid I dont understand  :(
1169216136 M * orzel intern /external users use the same ip, which is the ip as seen from external. It works as far as there's no vserver.
1169216154 M * orzel the rule i gave is only acting on the NAT queue. which is not used by computer on the local network
1169216168 M * orzel hence they are not redirected to the vserver. And can't reach it
1169216189 M * orzel i would like to redirect port 80/443 from this IP to the vserver.
1169216208 M * orzel eth0 is the place where the external ip is, of course.
1169216468 M * nox don?t know your setup, does your dns give your intern clients a public ip back?
1169216499 M * nox is your vserver also the gateway?
1169216720 Q * duckx Quit: Client exiting
1169216771 J * duckx ~Duck@tox.dyndns.org
1169217456 Q * kugg Ping timeout: 480 seconds
1169217528 M * cehteh orzel: bind6 has the 'views' concept i use it to run one dns server in a vserver, serving inside and outside
1169217562 M * cehteh mhm should scroll/read more backlog
1169217595 M * cehteh i also enforce clients to use my dns by nat redirecting
1169217799 J * kugg ~kugg@90-227-91-196-no120.tbcn.telia.com
1169218374 M * orzel my dns is ok
1169218379 M * orzel (afaics)
1169218408 M * orzel nox:  i got one dns, which answers the same thing for internal/external requests
1169218418 M * orzel among other things, the IP for the web server is the same.
1169218433 M * orzel but when you access this IP from the internal network, you dont go throught the NAT thinguy.
1169218449 M * orzel the iptables rule for redirecting the port 80/443 to the vserver are in the NAT
1169218452 M * orzel hence it doesn't work
1169218635 M * daniel_hozac why would it go through NAT?
1169218641 M * daniel_hozac s/would/wouldn't/
1169218671 M * daniel_hozac and a more in-depth description of your actual setup would really help...
1169218674 Q * michal` Ping timeout: 480 seconds
1169218875 J * shedi ~siggi@ftth-237-144.hive.is
1169218920 M * nox daniel_hozac: is there any new featurelist for 2.3?
1169218947 M * daniel_hozac 2.3 is meant to improve the networking.
1169218961 M * nox orzel: what is the ip dns delivers?
1169218992 M * daniel_hozac e.g. IPv6 support, more complex match rules (like entire networks), removing the limit on addresses, etc.
1169219006 M * daniel_hozac oh, and of course, per-guest loopback.
1169219014 M * nox oic thx
1169219036 M * daniel_hozac as time moves forward i expect other non-network related features be added though.
1169219037 M * nox and 2.2 includes all 2.1 features?
1169219061 M * daniel_hozac pretty much, only the device mapping (of recent 2.1 kernels) and the quota hashes are missing from 2.2.
1169219098 M * daniel_hozac (the first because it's a really recent feature, and the latter because it's basically untested even though it's been sitting there for ages)
1169219144 A * nox is happy to know that now (;
1169219258 J * michal` ~michal@www.rsbac.org
1169219315 M * orzel nox : i've got eth0, with an external ip, and eth1 with internal ip (local network). The box does gw/nat for the local network. So this is eth0 which is nated. The iptable rule i gave redirects port 80 from eth0 to the vserver. Hence when some request comes from external request (http) comes, it goes throuth the nat stuff, and the port is redirected. When the request comes from the local network, it enters through eth1, and then (ip fowarding) is redirected
1169219315 M * orzel to eth0, but without going through the nat. And it fails to reach the vserver.
1169219359 M * orzel in both case, the DNS delivers the external ip (the one on eth0) for the web 
1169219370 M * daniel_hozac if the local network is trying to reach guests on the gateway, there is no forwarding.
1169219376 M * daniel_hozac but that's beside the point.
1169219396 M * daniel_hozac simply adding a NAT rule to rewrite the requests from the local network too should do it.
1169219401 M * orzel there is, because the ip on eth0 is not visible from outside. so the server forwards them from eth1 to eth0
1169219434 M * orzel daniel_hozac: that's what i think. But i really can't undersand this iptables stuff. And i fails trying to find this rule.
1169219462 M * orzel i can't use the same rule. As there's no nat on eth1
1169219465 M * orzel or.. can i ?
1169219486 M * nox  iptables -t nat -A PREROUTING -i eth1 -d $pulicip -p tcp --dport 443 -j DNAT  --to-destination 10.11.0.128:443 ?
1169219567 M * orzel mm, it fails. 
1169219599 M * orzel or, wait.
1169219601 M * nox error?
1169219614 M * orzel it fails from the server itself. i can't test right now from a computer on the local network.
1169219635 M * orzel error from links : "connection refused"
1169219711 M * nox just 2 be sure you gave the right pulicip instead $publicip?
1169219780 M * orzel yes :)
1169219793 M * orzel and i changed 443 to 80 (as i first test on 80)
1169219806 Q * duckx Quit: Client exiting
1169219840 J * duckx ~Duck@tox.dyndns.org
1169219868 M * nox try with icmp rule 
1169219926 M * nox if the client is in the same switched network it could give errors 
1169219956 M * orzel i dont know how to do "with icmp rule". (though i know what icmp is :)
1169220050 M * nox  iptables -t nat -A PREROUTING -i eth1 -d $pulicip -p icmp -j DNAT  --to-destination 10.11.0.128
1169220076 M * nox then ping the pulic ip
1169220085 M * nox than
1169220097 M * nox 1.
1169220121 M * orzel just.. tell me if i'm wrong. But i thought that packets coming from eth1 would not go in the 'nat' queue, hence this iptable rule can't be used. isn't it so ?
1169220133 M * nox my english gets worse every year
1169220141 M * orzel mine too :(
1169220211 M * orzel the ping works. (but it already did.. ?)
1169220213 M * nox the queue is prerouting and is used before IN/OUT/FORWARD
1169220224 M * orzel even with -t nat ?
1169220269 M * nox nat just means "change header" then do the routing fitting to the new header
1169220292 M * nox afaik
1169220334 M * orzel ah...
1169220338 M * orzel might be, indeed.
1169220452 M * nox and don?t forget there is no forward inside a vserver (as daniel meantioned already)
1169220501 A * nox didn?t want to do an unimportant hilight
1169220509 M * orzel mm. I dont really understand this neither. 
1169220528 M * orzel i find routing with vserver hard, and iptables too. So box mixed are.. frightening..
1169220534 M * nox for the vserver all interfaces inside are local
1169220544 M * nox imagine them as an alias
1169220572 M * orzel if i do 'links http://mywebsite:83' from the vserver host. with mywebsite resolving to publicip.
1169220580 M * orzel it will connect on eth0,right?
1169220595 M * orzel which is supposed to be already forwarding to vserver. But it fails (connection refused)
1169220600 M * orzel it works from outside. 
1169220608 M * orzel and i can't test from local network. 
1169220779 M * nox it comes in on eth1
1169220847 M * nox orzel: from where you test with links?
1169220883 M * nox ssh conect to the localnet we are talking about?
1169221150 Q * oo Quit: brb.
1169221205 Q * Fire_Egl Quit: ...
1169221278 Q * duckx Remote host closed the connection
1169221433 J * duckx ~Duck@tox.dyndns.org
1169221504 M * orzel nox : no, ssh on the gateway itself
1169221534 M * orzel i'm not physically next to it. And the other computers on the local net are windows ones, i have no access to them :(
1169221549 M * nox orzel: there you can?t test the eth1 rules offcause
1169221595 M * orzel that's what i was afraid.
1169221601 M * daniel_hozac local traffic (i.e. traffic to an IP address on the same host) will always use lo.
1169221614 M * orzel dont laugh, but there's also a phone problem, and i can't reach the team on site :-)
1169221635 M * orzel always use lo ? ok, i was wondering. (see a previous question i wrote)
1169221671 M * daniel_hozac the simplest way to get it working would be to just drop the interface from your rule and base it solely on the IP address and port.
1169221755 M * nox don?t forget to drop old rule also 
1169221757 M * orzel dang, that could work ??
1169221763 M * orzel i wont forget
1169221774 M * daniel_hozac depending on your kernel configuration, that might make the host to guest traffic work as well.
1169221787 M * orzel i'm just trying to put the hand on the !@#$  mobile number of someone in the team
1169221791 M * nox only first match is done by iptables
1169222193 M * orzel yeah!
1169222202 M * orzel it seems to work. i managed to test from inside the local network.
1169222215 M * orzel indeed, the rule with no "-i" works for both (external/internal)
1169222225 M * orzel but not from the host itself. But i can do with that
1169222247 Q * gab Remote host closed the connection
1169222289 M * orzel nox:  daniel_hozac: Thanks a lot for your help. I know my explanations were far from good, but we've managed.
1169222293 M * orzel thanx!
1169222316 M * daniel_hozac you're welcome!
1169222377 M * nox orzel: nice!
1169222420 M * orzel next time i got 3/4 days free, i'll try (again!) to understand those iptables thinguy.
1169222426 M * orzel i swear :)
1169222437 M * nox support here is always great but normally i am the one who asks ^^
1169222447 M * orzel :)
1169222645 M * nox orzel: if you got how packets are processed by iptables the 1 millon extrafeatures can com later 
1169222671 M * orzel yes...
1169222757 M * nox http://www.jollycom.ca/iptables-tutorial/images/tables_traverse.jpg <-- the very simple one
1169222960 J * kir ~kir@swsoft-mipt-nat.sw.ru
1169223043 M * orzel nox : mmh. how CLEAR this is :)
1169223428 M * nox well sorry had seen better ones i didn?t find now ^^
1169224235 Q * shedi Ping timeout: 480 seconds
1169224496 N * Bertl_zZ Bertl_oO
1169224517 M * Bertl_oO translocating .. back in a bit
1169225071 J * shedi ~siggi@ftth-237-144.hive.is
1169226219 Q * michal` Ping timeout: 480 seconds
1169226280 Q * shedi Ping timeout: 480 seconds
1169226498 J * michal` ~michal@www.rsbac.org
1169226537 Q * lilalinux Quit: Leaving
1169226741 Q * Johnnie Ping timeout: 480 seconds
1169226810 Q * kir Read error: No route to host
1169226825 J * shedi ~siggi@ftth-237-144.hive.is
1169227366 J * kir ~kir@swsoft-mipt-nat.sw.ru
1169227422 J * ensc ~irc-ensc@p54B4E843.dip.t-dialin.net
1169227545 Q * m`m`h Ping timeout: 480 seconds
1169228447 J * bronson_ ~bronson@adsl-75-36-145-166.dsl.pltn13.sbcglobal.net
1169228605 P * adrien-modulis 
1169229132 Q * phreak`` Quit: leaving
1169229702 Q * dna Quit: Verlassend
1169229791 Q * Hollow Remote host closed the connection
1169229812 J * Hollow ~hollow@styx.xnull.de
1169229964 J * phreak`` ~phreak``@deimos.barfoo.org
1169230428 J * m`m`h ~simba@deb30.mgts.by
1169231310 J * FireEgl ~FireEgl@adsl-17-158-129.bhm.bellsouth.net
1169232690 J * Aiken ~james@tooax6-143.dialup.optusnet.com.au
1169232899 J * jacky ~jacky@c173221.adsl.hansenet.de
1169232906 M * jacky hallo
1169232956 M * jacky i installed sarge guest under suse host, why cannt i find any network interfaces under debain?
1169233042 M * jacky kernel Linux 2.6.19.2-grsec2.1.10-vs2.2.0-rc7-smp
1169233094 M * jacky with: vserver vweb1 build -m debootstrap --hostname vweb1.localdomain --interface v00:192.168.0.254/24 --context 50 -- -d sarge
1169233217 M * jacky debian installed without error, testme.sh all succceeded, vserver started without errors
1169233549 M * harry do you have routing for that address?
1169233617 M * harry what does the command: ip a
1169233619 M * harry give you?
1169233651 M * matti Hi harry.
1169233674 M * jacky hi harry
1169233677 M * harry jacky: i updated the patch to rc8 this morning, if you're interested... what's fixed/changed: ask bertl :)
1169233704 M * jacky k
1169233719 M * harry not that that will be the problem, but...
1169233740 M * harry does ip address give you the ip address in the host?
1169233752 M * jacky no
1169233759 M * harry what doesn ip a give you?
1169233777 M * jacky ip a givs only the adresses for lo and my real eth
1169233782 M * harry ?
1169233787 M * matti Uhm.
1169233789 N * Bertl_oO Bertl
1169233790 M * harry inside the virtual machine?
1169233797 M * jacky u mean under host or guest?
1169233797 M * harry the expert!!!!!!!!...... has arrived!
1169233800 M * Bertl back now ...
1169233800 A * matti is invisible man. Heh.
1169233803 M * jacky so, nothing then
1169233805 M * harry guest
1169233815 M * harry hmm.. odd
1169233817 M * jacky wait
1169233827 M * jacky command not found
1169233834 M * harry apt-get install iproute2 ;)
1169233847 M * harry or whatever package has ip command :
1169233848 M * jacky under host?
1169233848 M * harry :)
1169233859 M * harry on the host, you nEED it, on the guest... hell... there too :)
1169233867 M * jacky ^^
1169233871 A * harry has to run... i'm late allready, sry
1169233873 M * jacky i'm newbie
1169233877 M * harry bertl is your god in need ;)
1169233880 M * jacky kk
1169233883 M * jacky thanks
1169233885 M * harry and i do mean god ;)
1169233889 M * harry he's the main kernel hacker :)
1169233893 M * jacky GOD
1169233897 M * jacky cool
1169233911 M * harry i just ... well... use his patches, grsec/pax patches, and mix them
1169233920 M * jacky hehe
1169233921 M * Bertl jacky: what's the problem?
1169233955 M * jacky hi, i dont get any information under guest about ethnert interfaces
1169233972 M * Bertl with ifconfig, I presume?
1169233980 M * jacky returns nothing
1169233992 M * Bertl that is not that unusual
1169234004 M * Bertl ifconfig is _very_ old (not to call it ancient)
1169234011 M * jacky hehe
1169234015 Q * m`m`h Ping timeout: 480 seconds
1169234015 M * Bertl it doesn't see everything on a linux system
1169234028 M * jacky nothing at all
1169234031 M * Bertl but I'm somewhat confused about your v00:
1169234041 M * Bertl do you really have an interface called v00?
1169234045 M * jacky wait
1169234061 M * harry should probably be eth0
1169234064 M * jacky 1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
1169234064 M * harry ==> really gone!
1169234068 M * jacky     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
1169234072 M * jacky     inet 127.0.0.1/8 scope host lo
1169234076 M * jacky     inet6 ::1/128 scope host
1169234077 M * Bertl paste.linux-vserver.org :)
1169234080 M * jacky        valid_lft forever preferred_lft forever
1169234084 M * jacky 2: ra0: <BROADCAST,MULTICAST,NOTRAILERS,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
1169234088 M * jacky     link/ether 00:13:d3:68:65:09 brd ff:ff:ff:ff:ff:ff
1169234092 M * jacky     inet 192.168.0.195/24 brd 192.168.0.255 scope global ra0
1169234096 M * jacky     inet6 fe80::213:d3ff:fe68:6509/64 scope link
1169234097 M * jacky        valid_lft forever preferred_lft forever
1169234097 M * jacky he
1169234097 M * jacky sry w8
1169234113 M * jacky  vserver vweb1 build -m debootstrap --hostname vweb1.localdomain --interface v00:192.168.0.254/24 --context 50 -- -d sarge
1169234121 M * jacky i'v installed with this line
1169234141 M * Bertl yes, I saw that
1169234160 M * Bertl basically that means: "add the ip 192.168.0.254 to the interface v00
1169234178 M * Bertl so, I wonder, if you really have an interface called v00 on the host
1169234181 M * jacky afk
1169234212 M * matti Eh.
1169234240 M * jacky re
1169234245 M * jacky y 
1169234307 M * Bertl so, you have an interface called v00 on the host?
1169234322 M * jacky no
1169234356 M * jacky on the host i have only the real interfaces
1169234366 M * jacky when i call with ip a
1169234371 M * jacky or ifconfig
1169234383 M * Bertl so, what you actually wanted then is eth0 there (or ra0 or whatever)
1169234395 M * jacky i have ra0
1169234404 M * Bertl but that is no problem, you can easily change that in the config
1169234406 M * jacky thats the real interface
1169234423 M * Bertl you have /etc/vservers/vweb1/interfaces
1169234432 M * jacky let me see
1169234435 M * Bertl whicch is a directory for all the network config stuff
1169234446 M * Bertl make sure to stop the guest before you change stuff there
1169234466 M * Bertl there should be a single subdir called '0' with ip, prefix and dev
1169234484 M * Bertl you want to change the 'dev' part to ra0
1169234489 M * jacky y, there is 0 and dev
1169234563 M * jacky under dev there is ip name prefix
1169234599 M * jacky in ip 192.168.0.254, in name v00, in prefix 24
1169234627 M * jacky u mean just rename dev in ra0?
1169234706 M * jacky hi, got it!
1169234727 M * jacky changed dev part to ra0 and now i have ra0:v00
1169234745 J * m`m`h ~simba@deb30.mgts.by
1169234768 M * jacky so the problem was, i have not connect the v00 to the ra0, right?
1169234773 M * Bertl okay, that means you have 'name' set to v00 too
1169234790 M * jacky y
1169234797 M * Bertl you can basically get rid of the v00, and then it will just show up as ra0
1169234805 M * Bertl (inside the guest with the guest ip)
1169234819 J * Johnnie ~jdlewis@66.199.231.180
1169234844 M * jacky i think, i should use --netdev ra0  --interface v00:192............. in the guest installation right?
1169234865 M * Bertl note: in Linux-VServer there is no virtual network device line in QEMU or UML
1169234879 M * Bertl the magic word is 'isolation'
1169234886 M * jacky k
1169234897 M * Bertl so the various IPs are isolated and shown to the appropriate guests
1169234906 M * jacky k
1169234918 M * Bertl thus, if you only have a single ip per interface, it is sufficient to avoid the 'name' part at all
1169234935 M * Bertl it will automagically show up as _the_ interface ip in the guest
1169234951 M * Bertl on the host, you can see the full setting with 'ip a l'
1169234990 M * Bertl the --netdev .. --interface ... part is identical to specifying the <dev>:<ip>/<prefix>
1169234991 M * jacky get it
1169234996 M * jacky k
1169235011 M * Bertl just that <dev> HAS TO BE RA0 IN YOUR CASE
1169235019 M * jacky kk
1169235020 M * Bertl *damn capslock*
1169235025 M * jacky ^1^
1169235092 M * jacky i think, i should copy all the text u'v written and learn it later
1169235104 M * jacky girlfriend calls
1169235121 M * Bertl okay, cya .. have fun!
1169235128 M * jacky thx, cya
1169236007 J * ntrs_ ~ntrs@68-188-55-120.dhcp.stls.mo.charter.com
1169236411 Q * ntrs Ping timeout: 480 seconds
1169237816 Q * dmax Ping timeout: 480 seconds
1169238195 J * dmax ~semaj@bl4-57-133.dsl.telepac.pt
1169238389 Q * dmax Remote host closed the connection
1169238508 J * dmax ~semaj@bl4-57-133.dsl.telepac.pt
1169238508 Q * dreamind Read error: Connection reset by peer
1169241108 J * bonbons ~bonbons@83.222.37.103
1169241126 M * Bertl wb bonbons!
1169241137 M * bonbons Hey Bertl!
1169244201 M * Bertl okay, off to bed ... kind of tired today ...
1169244209 M * Bertl have a good one everyone ... cya!
1169244214 N * Bertl Bertl_zZ
1169244542 M * matti Sleep well Bertl.
1169244744 Q * michal` Ping timeout: 480 seconds
1169245082 J * michal` ~michal@www.rsbac.org
1169248863 J * dna ~naucki@p54BCD687.dip.t-dialin.net
1169249773 Q * bonbons Quit: Leaving