1169856019 M * Hollow aah.. awesome.. start/stop/reboot work fine now 1169857059 J * dna_ ~naucki@124-233-dsl.kielnet.net 1169857933 Q * duckx Quit: Client exiting 1169858319 P * thunder1 1169864488 Q * dna_ Quit: Verlassend 1169865703 Q * meandtheshell Quit: Leaving. 1169869101 J * bon` bon@stichting-brein.eu 1169869131 Q * m`m`h cation.oftc.net kinetic.oftc.net 1169869131 Q * PowerKe cation.oftc.net kinetic.oftc.net 1169869131 Q * bon cation.oftc.net kinetic.oftc.net 1169869131 Q * [PUPPETS]Gonzo cation.oftc.net kinetic.oftc.net 1169869131 Q * cehteh cation.oftc.net kinetic.oftc.net 1169869131 Q * fs cation.oftc.net kinetic.oftc.net 1169869131 Q * vasko cation.oftc.net kinetic.oftc.net 1169869131 Q * virtuoso cation.oftc.net kinetic.oftc.net 1169869132 J * virtuoso ~s0t0na@shisha.spb.ru 1169869154 J * [PUPPETS]Gonzo gonzo@langweiligneutral.deswahnsinns.de 1169869159 J * PowerKe ~tom@d54C13E4B.access.telenet.be 1169869295 J * fs fs@213.178.77.98 1169869774 J * vasko ~vasko@unreal.rainside.sk 1169869774 A * vasko is gone. Gone since Wed Sep 20 15:44:00 2006 1169869799 J * m`m`h ~simba@deb30.mgts.by 1169869813 J * cehteh ~ct@pipapo.org 1169870910 Q * micah Ping timeout: 480 seconds 1169870952 J * stefani ~stefani@c-24-19-46-211.hsd1.wa.comcast.net 1169871192 Q * stefani 1169871497 J * micah ~micah@micah.riseup.net 1169875498 J * Daniel15 ~dansoftau@server.daniel15.com 1169876014 Q * nou Ping timeout: 480 seconds 1169876965 Q * micah Ping timeout: 480 seconds 1169877205 J * micah ~micah@micah.riseup.net 1169877766 Q * micah Server closed connection 1169877768 J * micah ~micah@micah.riseup.net 1169878353 Q * micah Ping timeout: 480 seconds 1169879036 Q * Medivh Server closed connection 1169879100 J * Medivh ck@paradise.by.the.dashboardlight.de 1169879243 Q * waldi Server closed connection 1169879245 J * waldi ~waldi@bblank.thinkmo.de 1169881667 Q * cdrx Quit: Leaving 1169882270 J * _dmax ~semaj@81.193.56.104 1169882611 Q * dmax Ping timeout: 480 seconds 1169882616 N * _dmax dmax 1169883154 Q * s0undt3ch Ping timeout: 480 seconds 1169883162 J * s0undt3ch ~s0undt3ch@80.69.34.154 1169883605 Q * mael_ Ping timeout: 480 seconds 1169884889 Q * FireEgl Server closed connection 1169884909 J * FireEgl Proteus@adsl-4-58-61.bhm.bellsouth.net 1169888217 Q * id23 Server closed connection 1169888228 J * id23 ~id@p50813BEE.dip0.t-ipconnect.de 1169888258 J * Aiken_ ~james@ppp96-230.lns1.bne1.internode.on.net 1169888274 J * dlezcano ~dlezcano@AToulouse-252-1-74-213.w81-49.abo.wanadoo.fr 1169888589 Q * Aiken Ping timeout: 480 seconds 1169889437 J * bonbons ~bonbons@83.222.37.103 1169890417 J * thunder1 ~thu@tor-irc.dnsbl.oftc.net 1169891836 J * duckx ~Duck@tox.dyndns.org 1169893054 J * dna ~naucki@132-209-dsl.kielnet.net 1169894096 J * mael_sanger ~gn1@guest501.wtgc.org 1169894966 Q * Aiken_ Quit: Leaving 1169895500 J * Aiken ~james@ppp96-230.lns1.bne1.internode.on.net 1169895806 Q * mael_sanger Ping timeout: 480 seconds 1169896467 Q * Daniel15 Quit: ( www.nnscript.de :: NoNameScript 4.02 :: www.XLhost.de ) 1169896732 Q * Aiken Quit: Leaving 1169897763 Q * mire Quit: Leaving 1169897996 J * meandtheshell ~markus@85-124-37-59.dynamic.xdsl-line.inode.at 1169899467 Q * ensc Killed (NickServ (GHOST command used by ensc_)) 1169899477 J * ensc ~irc-ensc@p54B4F886.dip.t-dialin.net 1169902144 Q * DreamerC Server closed connection 1169902157 J * DreamerC ~dreamerc@125-225-96-11.dynamic.hinet.net 1169902514 J * mael_sanger ~gn1@guest501.wtgc.org 1169903901 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/uv/experimental/util-vserver-0.30.213-pre5.tar.bz2 1169903948 M * daniel_hozac now assigns an xid (starting at 40000) during vserver ... build, even if --context wasn't provided. 1169904018 M * daniel_hozac it also creates nodev rather than telling the user to do so, but it still warns about the lack of interface. 1169904291 M * Hollow awesome :) 1169904805 M * matti daniel_hozac: You are a star! 1169904806 M * matti :) 1169904808 M * matti Morning. 1169904853 J * DavidS ~david@85.125.165.34 1169905068 Q * michal` Ping timeout: 480 seconds 1169905241 Q * harry Server closed connection 1169905242 J * harry ~harry@d54C2508C.access.telenet.be 1169905269 J * nou Chaton@causse.larzac.fr.eu.org 1169905585 J * michal` ~michal@www.rsbac.org 1169907097 J * swein user594195@85.249.235.9 1169907287 Q * swein Quit: 2b | !2b = 0xff 1169907492 M * daniel_hozac any mandriva users around? is it at all possible to get urpmi to look at another configuration file? 1169907506 M * daniel_hozac on the command line. 1169908495 M * matti Instead of /etc/urpmi/urpmi.cfg? 1169908510 M * matti Unlikely. 1169908515 M * matti I never succeed. 1169908527 M * matti But, I never userd MDK longer than 10 min ;) 1169908575 M * daniel_hozac i've been trying to use --env, but it seems to relocate all of the urpmi files, plus i keep getting weird errors i don't understand how to fix. 1169908600 M * daniel_hozac for instance, what's an rpmdb.cz file and where would i get the appropriate one? 1169908636 M * matti daniel_hozac: urpmi is a very good example of very badly designed piece of software. 1169908658 M * daniel_hozac yeah, that's the impression i'm getting too... 1169908724 M * matti Indeed. 1169908752 M * matti And they deployed this for wide usage. 1169908792 M * matti That's why, when you try to do something custom in MDK, you'll more likely failed or broke your MDK. 1169908796 M * matti In most cases both. 1169908821 M * matti Even yum is not so evil. 1169908822 M * matti ;] 1169908847 M * daniel_hozac hehe 1169909050 M * matti I think, that the simplest way around over urpmi.cfg is just make a link to some other place. 1169909107 M * daniel_hozac the link would have to be changed for every vurpmi/vserver build -m urpmi command though. 1169909121 M * daniel_hozac and if they were to crash, the link might not point to the correct file for the host anymore. 1169909175 M * matti In this case, yes. 1169909176 M * matti ;/ 1169909180 M * daniel_hozac and, well, that's just really fugly. 1169909246 M * matti Well. 1169909255 M * matti Why in the first place you want to use MDK? 1169909284 M * matti You just become well-aware that MDK is just... stubborn ;p 1169909285 M * daniel_hozac i don't ;) 1169909289 M * matti Oh. 1169909290 M * matti :O) 1169909306 M * daniel_hozac but a build -m urpmi is on my TODO-list. 1169909316 M * matti I see. 1169909341 M * matti daniel_hozac: I hope, you will not end-up with making patches for urpmi itself. 1169909342 M * matti ;] 1169909371 M * matti daniel_hozac: Which will be on the other hand most kind of you ;P 1169909392 M * daniel_hozac hehe. 1169909411 M * daniel_hozac i don't really understand urpmi well enough to make patches for it, but that does seem to be the only way... 1169909508 M * DavidS daniel_hozac: create a minimal chroot with urpmi in the target and modify that for self-bootstrap? 1169909561 M * daniel_hozac with all the other rpm-based build methods supporting externalized package management, required internal for urpmi seems wrong. 1169909628 M * daniel_hozac and i guess starting off with the host's packages won't always work. 1169909640 M * daniel_hozac e.g. building a mandriva 10 guest on a 2007.0 host. 1169909712 M * DavidS daniel_hozac: i was only thinking about the urpmi binary, libs and a appropriate config, but then i never used urpmi (or mdk) so i shouldn't be taken too seriously ;) 1169909733 M * matti Heheh. 1169909738 J * TangSeng ~TangSeng@219.233.29.130 1169909743 M * matti That's the spirit :) 1169909748 M * matti DavidS++ 1169909749 A * DavidS is a debian fanboy .. and spoiled too ;) 1169909749 M * matti :> 1169909765 M * daniel_hozac well, urpmi is a perl script, so that'd require copying perl... 1169909820 M * daniel_hozac this is my first encounter with mandriva, and i have to say that i'm not impressed :) 1169909877 M * matti DavidS: I assume, that of course you have the famous Debian Swirl logo t-shirt? :) 1169909881 M * matti :> 1169909914 M * DavidS matti: the .at version and the debienna.at polo shirt ;) 1169909925 M * matti Let me see ;] 1169910080 P * TangSeng 1169910084 M * matti DavidS: OK, I give up, I don't know the language ;p 1169910105 M * matti DavidS: Can you show me the .at version? :) 1169910145 M * DavidS matti: sorry, i have no pictures at hand. the .at is just a red swirl with a white shadow and 'debian.at' 1169910165 M * matti I see :) 1169910184 M * matti Well, there's a joke about Gentoo and t-shirts. 1169910197 M * matti And I suppose to compile my t-shirt before use ;p 1169910204 M * matti ... or something like that :) 1169910212 M * matti I don't remember exactly ;] 1169910213 M * DavidS the polo shirt has the debienna logo on the chest and a swirl on the collar ... 1169910244 M * DavidS matti: there are still polos left, if you want one you can visit us in vienna ;) 1169910259 M * matti Hehe. 1169910265 M * matti Why not? :) 1169910278 M * matti I need to take Bertl for some coffee. 1169910290 M * matti So, maybe in late march or april :) 1169910296 M * matti DavidS: Thanks for invitation :) 1169910360 M * DavidS matti: in that timeframe i could even provide crash space ... may wife is abroad at the time 1169910365 M * DavidS s/may/my/ 1169910399 M * matti :-) 1169910576 J * pflanze ~chris@84-73-56-44.dclient.hispeed.ch 1169912004 Q * FireEgl Quit: ... 1169912140 M * Radiance is there a known issue with using a subnet for the vservers on a host which is using a different subnet ? despite adding the route to the gateway for the subnet and ip's assigned the vservers using the subnet consisting of 3 ip's cannot make outgoing connections 1169912161 M * Radiance the NOC of the DC said if the whole class c network is working then it must be on the server 1169912226 M * Radiance background info; it was working fine until yesterday 1169912248 M * Radiance nothing was changed on our side, that's why after testing i was sure it had to do with the dc 1169912253 M * Radiance any suggestion is welcome 1169912383 J * notasnark ~sam@mailgate.glendale.org.uk 1169912695 M * daniel_hozac Radiance: we'd need more details on your setup. 1169912709 M * daniel_hozac and what exactly isn't working, what is working, etc. 1169912761 M * pflanze Hello. Should I use patch-2.6.19.2-vs2.2.0-rc8.diff or patch-2.6.19.2-vs2.2.0-rc8.7.diff ? 1169912772 M * daniel_hozac .7 1169912782 M * pflanze ok 1169912812 M * pflanze maybe the one who has permission to do so change the topic :) 1169912836 M * daniel_hozac everyone has permission to change the topic. 1169912841 M * pflanze ah 1169912854 T * pflanze http://linux-vserver.org/ | latest stable 2.0.2.1, 2.0.3-rc1, 2.2.0-rc8.7, devel 2.1.1.7.1, 2.3.0.7, stable+grsec 2.0.2.1, 2.2.0-rc8, devel+grsec 2.1.1 | util-vserver-0.30.212 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we'll forget about the minute ;) 1169912864 M * pflanze topic hacking. 1169912866 M * daniel_hozac but -rc8.7 isn't really a release per se, it was the current state of affairs which Bertl uploaded ;) 1169912896 M * pflanze are there release announcements anywhere? 1169912901 M * daniel_hozac for? 1169912903 M * pflanze (not on the normal vserver list as I see) 1169912911 M * pflanze well, anyway. 1169912923 M * daniel_hozac there hasn't been a real release since 2.1.1. 1169912949 M * pflanze I wasn't sure whether the rc8.7 would just be an "experiment" or is meant to fix something. 1169912965 M * daniel_hozac it fixes a number of issues in rc8. 1169913193 M * DavidS Radiance: arp is ok? 1169913374 P * thunder1 1169914317 M * Radiance sorry, i'm back, been pulling my hair out with the NOC too lazy to check 1169914437 M * Radiance DavidS, daniel_hozac, we got to main ip's in a class c network in their own subnet. Then we got another subnet with 3 ip's also class c network but different gateway. Trying to add a route for the latter gives the infamous error: SIOCADDRT: Network is unreachable 1169914476 M * Radiance which means that the it's not directly connected to the network (the router address) so packets cannot be forwarded 1169914477 M * daniel_hozac are any of your guests up when you try to add the route? 1169914487 M * Radiance yes and i tried with all guests down 1169914496 M * daniel_hozac also, with multiple gateways, i assume you're using policy routing? 1169914533 M * Radiance to be honest, it all was working until yesterday fine, and we didn't even add a second gateway for the 2nd subnet and it still worked for months fine 1169914560 M * daniel_hozac maybe the gateway was the same for both networks? 1169914566 M * daniel_hozac and now they split it? 1169914587 M * Radiance yes and i believe "they" somehow changed something in the routing causing this issue 1169914617 M * Radiance but adding the route gives that error which should have been enough without turning the server into a cisco box hehe 1169914695 M * daniel_hozac you can't have two default routes without using policy routing. 1169914702 J * tanteauguri ~martin@86.59.95.126 1169914726 M * Radiance then last night i got one of their support to setup a test box running ubuntu livecd, we assigned it a main ip (which works) and assigned it one ip of the other subnet, added the route which failed a couple of times but then all of sudden it could be added ... so i used ping -I eth0:0 ip_of_non_working_subnet some_other_ip and this failed also on the test box 1169914764 M * daniel_hozac see http://archives.linux-vserver.org/200311/0470.html 1169914786 M * Radiance oh and the best part of all, incoming connections work ! 1169914791 M * Radiance only outgoing connections don't work ! 1169914795 M * tanteauguri Hi all - can anyone tell me the content of the file cmd.prepare to start a host in a special runlevel? 1169914805 M * Radiance daniel_hozac, thanks i will check that link also 1169914848 M * Radiance daniel_hozac, so how is it possible that incoming connections work but when trying to telnet/lynx/ping etc ... from them fails ? 1169914850 M * daniel_hozac tanteauguri: are you sure you're not looking for apps/init/runlevel.start? 1169914901 M * pflanze What's the alternative to saying Y to VSERVER_REMAP_SADDR ? (Should I find something on the wiki?) 1169914915 M * tanteauguri Maybe. From the documentation: The command which is used to setup the init-system (e.g. to set the runlevel in the utmp-file). Each option must be on a separate line 1169914924 M * daniel_hozac Radiance: without knowing more about the routing setup, i can't really tell. 1169914987 M * daniel_hozac pflanze: if you say no, connections to 127.0.0.1 inside a guest will have a source address of 127.0.0.1, while the destination is rewritten to the guest's first IP address. if you say Y, the source address is also rewritten. 1169915008 M * tanteauguri daniel_hozac: If runlevel.start does it, its fine with me... 1169915036 M * Radiance daniel_hozac, do you have a minute to spare ? if so i can make you an account and you can check for yourself on the host, if not then it's np i'll try the policy routing tactic 1169915056 M * pflanze (daniel_hozac: yes, but why is this off by default? What's the alternative? I guess with netng that would be moot but for now I need to differentiate localhost, so how could it be No? Is there something else?) 1169915074 M * daniel_hozac Radiance: i was more referring to the gateways' routing configuration. 1169915108 M * daniel_hozac pflanze: it's off by default because it's a change from how it used to be. 1169915129 M * daniel_hozac pflanze: people with firewall rules expecting -s 127.0.0.1 -d would need to rewrite them. 1169915133 M * daniel_hozac (such as myself :)) 1169915137 M * Radiance ah yes, well that's the datacenter part which we can't control ourselves ofcourse. Their NOC only said the rest is working so yours should too 1169915150 M * Radiance i will go ahead with the policy routing see if that makes a diff 1169915202 M * daniel_hozac tanteauguri: cmd.prepare _only_ sets the runlevel in the utmp-file, it doesn't make any difference to the argument passed to the rc/init script. 1169915234 M * Radiance daniel_hozac, for some reason i suspect that subnet or those few ip's are blocked somewhere, in the meantime i asked for a new range to test, just to rest at peace heh 1169915274 M * pflanze daniel_hozac: ah, I see. How do you write firewalling rules now instead? 1169915300 M * daniel_hozac pflanze: for matching loopback traffic inside the guest, you'd need -s -d . 1169915359 M * daniel_hozac (which will also match connections to the guest's IP address, not just connections to 127.0.0.1) 1169915363 M * tanteauguri daniel_hozac: Thanks, the runlevel.start did it for me. 1169915383 M * daniel_hozac you're welcome! 1169915509 M * Radiance so if i understand what is said on that page, i should add a route for each assigned ip to designated gateway ? 1169915515 M * Radiance (option b) 1169915656 M * daniel_hozac look at the snippet at the top. 1169915682 M * daniel_hozac that shows you how to configure another table and tell an entire network to use that one. 1169915691 M * daniel_hozac (instead of the default) 1169915718 M * Radiance ok i will test that, thanks mate 1169916167 M * pflanze I don't understand: currently, under 2.6.17.8-vs2.0.2-rc28, source addresses already *are* taken from the first interface of the vserver. 1169916184 M * pflanze there are no 127.* source addresses involved as far as I can see. 1169916240 M * pflanze I think binding a source address to "127.0.0.1" automatically sends traffic with from address 10.0.2.1, for example (if this is the first vserver network interface). 1169916262 M * pflanze I do *not* have any firewalling rule using 127.* currently, they are all working with 10.* etc. 1169916274 M * pflanze (I'm using 10.* for vserver localhosts) 1169916308 M * pflanze So I should actually say "Y" here, and not the "N"-default, right? 1169916320 M * daniel_hozac it's only relevant for connections _to_ 127.0.0.1 inside the guest. 1169916345 M * pflanze Well, you said that the *to* addresses are rewritten with either setting? 1169916353 M * daniel_hozac yes. 1169916363 M * pflanze ah, you mean, 1169916383 M * pflanze 127.* addresses as sources did only happen when connecting *to* localhost? 1169916392 M * daniel_hozac if (dst == 127.0.0.1) { dst = ipv4[0]; if (CONFIG_VSERVER_REMAP_SADDR) { src = ipv4[0]; } } 1169916446 M * pflanze the if (src == 127.0.0.1) is missing in your code 1169916461 M * daniel_hozac there is no such check. 1169916468 M * pflanze ah 1169916475 M * pflanze hm 1169916487 M * pflanze sure? if an app binds to 127.0.0.1 as source? 1169916518 M * daniel_hozac that's checked in bind, not in the address selection. 1169916588 M * pflanze then I'd say src being 127.0.0.1 can only happen for traffic from processes in the host context 1169916599 M * daniel_hozac no. 1169916613 M * daniel_hozac connections to 127.0.0.1 will choose source address 127.0.0.1. 1169916624 M * pflanze ah, some kernel magic? 1169916633 Q * Greek0 Server closed connection 1169916651 M * daniel_hozac it's routing. 1169916651 J * Greek0 ~greek0@85.255.145.201 1169916667 M * daniel_hozac choose the address closest to the destination. 1169916849 J * Hurga nobody@p508A9752.dip0.t-ipconnect.de 1169916919 M * Radiance well the policy routing as written on that page isn't working, it either exists or ip says invalid argument when trying to do an ip rule add from subnet table 100 1169916968 M * Radiance and respectively for the second subnet table 101 1169917022 M * Radiance it also complains default exists already, despite that according to the instructions we try to set another default for a specifc subnet 1169917037 M * daniel_hozac so, paste the output of ip a; ip rule; ip route to paste.linux-vserver.org, along with the commands you're using. 1169917046 M * Radiance ok 1169917282 M * Radiance i'm writing all details there 1169917294 M * Radiance to give a good view 1169918023 J * bonsaikitten ~Chilli-fl@dslb-084-063-111-009.pools.arcor-ip.net 1169918284 M * Radiance daniel_hozac, here is the info: http://paste.linux-vserver.org/949 1169918365 Q * id23 Ping timeout: 480 seconds 1169918405 M * bonsaikitten hello people 1169918412 M * daniel_hozac what does ip route show table 100 output? 1169918416 M * bonsaikitten I've hit an old problem again :-( 1169918423 M * daniel_hozac hello bonsaikitte 1169918424 M * daniel_hozac +n 1169918426 M * bonsaikitten chbind: kernel does not provide network virtualization 1169918426 M * Radiance lemme check 1169918441 M * bonsaikitten ^^ after upgrade of (gentoo) util-vserver 1169918452 M * Radiance daniel_hozac, doesn't give any output 1169918463 M * daniel_hozac bonsaikitten: really old kernel or one portraying to be, combined with util-vserver lacking legacy APIs. 1169918471 M * daniel_hozac Radiance: are you sure you have support for policy routing in the kernel? 1169918486 M * bonsaikitten daniel_hozac, 2.6.17, used to run with 0.30.212, 0.30.212-r1 fails 1169918507 M * Radiance daniel_hozac, yes but i will check now 1169918540 M * daniel_hozac grep IP_MULTIPLE_TABLES .config 1169918550 M * daniel_hozac bonsaikitten: CONFIG_VSERVER_LEGACY_VERSION? 1169918638 M * bonsaikitten CONFIG_VSERVER_LEGACY_VERSION=y 1169918651 M * Radiance i assume this is the option Advanced Router in the kernel ? 1169918700 M * daniel_hozac Radiance: it's dependant on that. 1169918735 M * daniel_hozac Radiance: first enable advanced router, then you get policy routing. 1169918742 M * Radiance well it's disabled, and now i enabled it and ip routing is selected 1169918742 M * daniel_hozac bonsaikitten: yeah, so that's why. 1169918755 M * daniel_hozac s/you get/enable/ 1169918762 M * Radiance i will recompile now the kernel unless you suggest to add another option ofcourse.. 1169918768 M * daniel_hozac bonsaikitten: did you emerge util-vserver with the legacy USE flag? 1169918784 M * daniel_hozac Radiance: so IP_MULTIPLE_TABLES is on now? 1169918791 M * daniel_hozac Radiance: i.e. IP: policy routing 1169918792 M * bonsaikitten daniel_hozac, doesn't exist anymore, used to work until about half an hour ago 1169918823 M * Radiance yes IP: policy routing is now enabled 1169918858 M * Radiance i'll start now the compile, i hope this will work cause and save my last hair on my back 1169918866 M * daniel_hozac bonsaikitten: so... there you go. 1169918896 J * id23 ~id@p50813292.dip0.t-ipconnect.de 1169918950 M * Radiance i'm annoyed that it used to work until yesterday, i guess they changed something in their network 1169919030 M * pflanze Ok, I've found out which case you are talking about: the server listens on either 127.0.0.1 or ip[0]; the client connects to 127.0.0.1 and does not specify it's source address. 1169919047 M * pflanze It's exactly those two cases, no more. 1169919063 M * pflanze in which the source ip 127.0.0.1 is visible to the server. 1169919110 M * daniel_hozac as i said. 1169919140 M * pflanze And those cases (or "this case", if you're considering the server listen address 127.0.0.1 and ip[0] as one case) are changed if VSERVER_REMAP_SADDR==y. 1169919164 M * pflanze ok, I just had to go through it and formulate in my words to be sure we're talking the same thing. 1169919174 M * pflanze (and much experimenting) 1169919239 M * pflanze The case never happens when one vserver is talking to another one in my case, since the first ip of each vserver is localhost and one cannot connect to that one from another vserver. 1169919268 M * pflanze And I don't use firewalling "from localhost to localhost inside the same vserver", so no issue for me. 1169919306 A * pflanze is going to see whether that holds true 1169919317 M * Radiance daniel_hozac, they assigned us more ip's on the first subnet so in case policy routing doesn't work for being able to make outgoing connections from the vservers then we can switch to the new range. 1169919333 M * daniel_hozac ok. 1169919675 Q * DavidS Ping timeout: 480 seconds 1169919755 M * Radiance daniel_hozac, the first subnet succeeded (rules, table 100) but doing the same for the second subnet, using the second command gives: RTNETLINK answers: Network is unreachable 1169919775 M * daniel_hozac and at that time, you have at least one IP address on that network? 1169919775 M * Radiance or should i assign temporarily an ip to eth0:0 from the second subnet before executing that command ? 1169919798 M * Radiance ok lemme assign it before executing that 1169919811 J * DavidS ~david@85.125.165.34 1169919826 M * Radiance ok that worked 1169919830 M * Radiance lemme continue with the rest 1169919935 M * Radiance i will start 1 vserver using one of the ip's from the second subnet 1169919971 M * daniel_hozac might be easier to test without guests, just use ping -I google.com 1169919980 M * daniel_hozac or nc if ping is blocked. 1169920158 M * Radiance that command (ping -I ..) worked from the host, but when i started the vserver and tried to for example telnet to a few sites on port 80 it didn't work (despite using one of the ip's from the second subnet) 1169920197 M * Radiance (from within the vserver) 1169920299 M * daniel_hozac could you run tcpdump -vvnei eth0 port X on the host? 1169920323 M * Radiance yes, lemme do that 1169920361 M * Radiance (also on the same note, incoming connections don't work anymore to the vserver ip) 1169920471 M * Radiance ok got info from tcpdump, shall i paste it on the page ? 1169920494 M * daniel_hozac sure, you did try to telnet again, right? 1169920573 M * Radiance yes 1169920574 M * Radiance http://paste.linux-vserver.org/950 1169920612 M * daniel_hozac i guess you see why? 1169920620 M * Radiance the private range ? 1169920624 M * daniel_hozac yeah. 1169920631 M * daniel_hozac that's not routed to you, is it? 1169920654 M * Radiance well no, but why wouldn't it work anymore ? until 24 hours ago this was never a problem 1169920685 M * Radiance (that server been up for about 8 months running in terms of network just fine) 1169920741 M * daniel_hozac did you lose your NAT rules? 1169920776 M * Radiance iptables is disabled since this issue started occuring and i never used NAT rules, just some basic firewalling 1169920796 M * Radiance this is a new situation i've been trying to understand since yesterday hehe 1169920860 M * daniel_hozac well, the first IP address is automatically used as the default source addrses. 1169920919 M * Radiance true, but i never stopped thinking before yesterday that this was something waiting to explode on me hehe 1169920937 M * Radiance so i'm amazed why it all of a sudden doesn't work anymore 1169920953 M * Radiance anyway, what would you advise to do best in this situation mate ? 1169920990 M * Radiance other servers running also vservers have also the first ip in the 192.168.x.x range and they work and still work just fine when trying to make outgoing connections (!) 1169920992 M * daniel_hozac make the external address the first one, or use NAT. 1169921084 M * Radiance yeah i guess that's the best way to follow 1169921114 M * Radiance but hold on, i will test this on a different server, telnet to port 80 from within the vserver having the first ip a private one and run tcpdump as you asked hehe 1169921219 M * Radiance ok this shows that the vserver uses an internet ip DESPITE that the first ip is inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0 1169921231 M * Radiance how is this possible ? 1169921241 M * Radiance (tested this on a different server) 1169921320 M * Radiance tcpdump shows it uses an internet ip as the source address while i expected it'll grab the first ip of the vserver which is the private one hehe 1169921347 M * daniel_hozac kernel? ip r? 1169921388 M * Radiance ip r shows the first line with an internet ip 1169921392 M * Radiance the second line is the private ip 1169921398 M * Radiance this could explain it ? 1169921534 M * Radiance on the problem server it shows 3 ranges, first is the 1st subnet which is not used by the vserver in question, the second line shows the private ip range and third line shows the second subnet where 1 ip is used by the vserver, so i guess the first is skipped, second is used when making an outgoing connection but this wouldn't work 1169921581 M * Radiance i think i understand the issue now 1169921598 Q * nox Ping timeout: 480 seconds 1169921599 M * Radiance just still wondering why it used to work until 24 hours ago and now it doesn't 1169921667 M * Radiance i will swap the ip's to test if it solves the issue, if it does then i don't need NAT rules 1169921808 M * Radiance i don't remember why but i vaguely remember i assigned the private ip as the first for each vserver 1169921821 M * Radiance could it be because of "localhost" functionality ? 1169921901 M * daniel_hozac 127.0.0.1 is rewritten to the first address of the guest. 1169921935 M * Radiance so if i put an internet ip as the first address of the guest...what problems could occur on a LAMP box ? 1169921995 M * Radiance will i role from one hell into another ? :) 1169922020 J * nox ~nox@static.88-198-17-175.clients.your-server.de 1169922103 M * daniel_hozac i don't see why you'd even need the second IP address unless you absolutely need to have some services listening on an address that is not accessible to the outside world. 1169922484 M * Radiance yeah, but i believe it was needed for some aspects 1169922508 M * Radiance but wait a sec, i swapped interfaces 0 and 1 with each other so the internet ip is 0 and the private ip is 1 1169922511 M * Radiance it didn't work 1169922780 M * daniel_hozac and you did restart the guest, right? 1169922930 M * Radiance yes i downed the guest, swapped them, started the guest 1169922991 M * Radiance i think the routing instructions we added affected this 1169923005 M * Radiance i just rebooted the box to make sure we're clean and now it looks good 1169923008 M * Radiance lemme try outgoing connections 1169923142 M * Radiance ok it's looking good, it works now 1169923202 M * Radiance i'm checking why postfix isn't listening on port 25 :) 1169923266 M * Radiance ok nvm, non related 1169923296 M * Radiance i'm glad this worked 1169923345 M * Radiance thanks alot for the patience and support mate, appreciate it alot ! 1169923351 Q * bonsaikitten Ping timeout: 480 seconds 1169923584 M * daniel_hozac np 1169923635 J * stefani ~stefani@flute.radonc.washington.edu 1169923749 Q * stefani 1169923821 Q * DavidS Quit: Leaving. 1169923967 J * chris_ ~chris@84-73-56-131.dclient.hispeed.ch 1169924210 Q * pflanze Read error: Connection reset by peer 1169925081 N * Bertl_zZ Bertl 1169925085 M * Bertl morning folks! 1169925180 M * Hollow morning Bertl 1169925443 M * Radiance hiya bud :) 1169925522 M * Bertl how's going? 1169925617 M * Hollow Bertl: in case you didn't notice, start/stop works fine now, and i didn't came across the proc/unhash issue again yet .. 1169925661 J * woogie ~chatzilla@dsl-242-46-18.telkomadsl.co.za 1169925747 M * Bertl Hollow: excellent! 1169925751 M * Bertl welcome woogie! 1169925823 Q * woogie 1169926297 M * nebuchadnezzar Hello 1169926311 M * nebuchadnezzar Bertl: I have a problem with vs2.3.0.7 on 2.6.19.2 1169926313 M * nebuchadnezzar http://paste.linux-vserver.org/952 1169926586 M * Bertl hmm .. do you have a test case for that? 1169926597 M * nebuchadnezzar SO_PEERTAG is 0x0020 in include/asm-sparc64/socket.h, the same value than SO_BROADCAST 1169926610 M * Bertl ahhh? 1169926619 M * nebuchadnezzar yes 1169926619 M * Bertl that is a bug indeed! 1169926628 M * Bertl arch is? 1169926633 M * nebuchadnezzar sparc64 1169926651 M * Bertl let's see what it _should_ have 1169926663 M * nebuchadnezzar the same for asm-sparc 1169926696 M * Bertl probably 1169926765 M * nebuchadnezzar a grep show me that the value is 32 for asm-i386, which is the same as SO_SNDBUFFORCE 1169926875 Q * m`m`h Ping timeout: 480 seconds 1169926911 M * Bertl hum, I don't see that for network sockets 1169926967 M * Bertl ah, now I see them, set sockopt 1169927005 M * Bertl okay, will fix that up and verify that the number is unique, tx for the feedback 1169927207 J * yarihm ~yarihm@84-74-16-225.dclient.hispeed.ch 1169927615 J * m`m`h ~simba@deb30.mgts.by 1169928631 M * Bertl nebuchadnezzar: okay, I guess we will take 35 for non hex and 0x0200 for hex SO_PEERCRED 1169928643 M * Bertl what's your opinion? 1169928661 M * daniel_hozac what? 1169928681 M * Bertl SO_PEERTAG :) 1169928704 M * Bertl well, the 32 I assumed as unused is actually used 1169928742 M * daniel_hozac yeah, but what's the difference between "non hex" and hex? 1169928782 M * daniel_hozac ah, different arches? 1169928787 M * Bertl yep 1169928801 M * daniel_hozac okay. i hadn't looked at the peer tagging patches too closely before. 1169928812 M * Bertl np, nebuchadnezzar did :) 1169929190 J * echo6 ~echo6_uk@212.18.240.120 1169929199 P * echo6 1169929370 J * micah ~micah@micah.riseup.net 1169929491 M * Bertl hmm, except for parisc, I'd suggest to use 2200 1169929510 M * Bertl or alternatively 0x401f 1169929529 M * derjohn hi, is there something like "--exlcude-bind-mounts" for rsync or such? neither -x nor -H do an exclusion and with many bindmounts my backups "explode" ... 1169929565 M * nebuchadnezzar you can exclude path 1169929584 M * Bertl probably the only one, as bind mounts do not provide separate superblocks 1169929617 M * derjohn sure, but I have lots of it... and sometimes they change. so I got for mount | grep bind | awk blah > exclude.lst ? 1169929650 M * nebuchadnezzar can be an idea :-) 1169929652 M * Bertl mount? that usually lies :) 1169929690 M * derjohn Bertl, even on the host ? 1169929742 M * daniel_hozac mount always lies. 1169929747 M * daniel_hozac use cat /proc/mounts. 1169929748 M * derjohn Bertl, is there a better way to check if a dir is a BM ? so I would do a find over the fs .... 1169929758 M * derjohn ah /me slaps himself 1169929759 M * derjohn k 1169929820 M * derjohn silly question, but should proc/mounts hono(u)r BMs ? 1169929829 M * daniel_hozac hmm? 1169929837 M * daniel_hozac what do you mean by honor? 1169929869 M * derjohn mount |grep home 1169929878 M * derjohn /home on /mnt type none (rw,bind) 1169929888 M * derjohn cat /proc/mounts |grep home -> empty 1169929897 M * derjohn daniel_hozac, that what I mean by "honour" 1169929900 M * daniel_hozac try grep mnt 1169929905 M * daniel_hozac as that's the mount point. 1169929907 M * derjohn /dev/sda1 /mnt xfs rw 0 0 1169929913 M * daniel_hozac /proc/mounts won't list it is a bind mount. 1169929938 M * daniel_hozac that's what /home is on, right? 1169929978 M * derjohn eh? but I want to build a list of all bind mounts ... to exclude them from backup .. how do you exclude bms from being rsynced twice ? 1169929993 M * derjohn yes, i "overmounted" /mnt ... 1169930018 M * Bertl derjohn: well, you probably have to write your own mount then 1169930073 M * derjohn Bertl, you mean something that liste the mountpoints? 1169930124 M * Bertl if you are really bold, try the following: 1169930137 M * derjohn BOLD? /me ? No ;) 1169930138 M * Bertl mkdir /test; mount --move /mnt /test 1169930166 M * Bertl then check what mount 'thinks' that happened :) 1169930170 Q * mnemoc Ping timeout: 480 seconds 1169930199 M * derjohn hm, nice quiz! I'll think and try then .. let's see if i am right 1169930231 M * derjohn Bertl, you my I move my already BM-mount /mnt , not a virgin one ? 1169930415 M * derjohn Bertl, it shows two mountpoints as BM, on of it is empty. Not a nice behaviour of mount, too. 1169930477 M * derjohn Bertl, is it a mount problem or a general one to find out in a particular directory entry is a BM ? 1169930490 M * derjohn I mean, isnt there a kernel call for doing so? 1169930564 M * daniel_hozac AFAIK there is no API to get a list of mounts. 1169930581 M * Bertl except for proc 1169930602 M * daniel_hozac right, and that doesn't show things like move/bind/etc. 1169930619 M * daniel_hozac (or does it show move? i don't think i've ever used it) 1169930645 M * Bertl no, there is no real concept for that in the kernel 1169930659 J * mnemoc ~amery@kilo105.server4you.de 1169930666 M * Bertl the 'move' for example alters the location of a previous mount 1169930681 M * Bertl so the 'result' is a changed 'mount' not a new one 1169930682 M * derjohn The Q pointed more towards the check if a particular Directory is a BM ... not a list one. But I think is there was such, you would have told. 1169930702 M * derjohn Bertl, --move stuff is even a bug in mount. IMVHO. 1169930729 M * Bertl well, yes and no, mount itself is very broken, both user and kernel space 1169930731 M * derjohn It should update the mtab when moving. not? .... 1169930735 M * daniel_hozac ah, move moves mounts? i understood it as a bind mount where the original directory was hidden. 1169930767 M * derjohn OMG .... /me get confused .... bzzz z zzz ...907( 1169930814 M * Hollow punt mount(2) ;) 1169930816 M * derjohn It very interesting that such a basic and necessary tool as mount is flawed. 1169930831 M * derjohn bash: punt: command not found 1169930834 M * derjohn :-) 1169930838 M * Hollow heh 1169931721 Q * eyck_ Quit: leaving 1169931724 J * eyck eyck@kuszelas.com 1169931749 M * eyck where can I find 2.0.3-rc1 + rsbac patch? 1169931796 M * Bertl probably in harry's dir ... 1169931819 M * Bertl btw, you might want to ask hollow for an account too, to put the 2.4 stuff in, no? 1169931943 M * Hollow account for? 1169932128 M * Bertl 2.4 vserver releases ... 1169932440 J * DreamerC_ ~dreamerc@125-225-100-164.dynamic.hinet.net 1169932736 Q * DreamerC_ 1169932807 J * DreamerC_ ~dreamerc@125-225-100-164.dynamic.hinet.net 1169932845 Q * DreamerC Ping timeout: 480 seconds 1169932965 M * Bertl nebuchadnezzar: http://vserver.13thfloor.at/Experimental/patch-2.6.19.2-vs2.3.0.8.diff this includes the updated SO_PEERTAG and all fixes we did for 2.2.0 1169932987 T * Bertl http://linux-vserver.org/ | latest stable 2.0.2.1, 2.0.3-rc1, 2.2.0-rc8.7, devel 2.1.1.7.1, 2.3.0.8, stable+grsec 2.0.2.1, 2.2.0-rc8, devel+grsec 2.1.1 | util-vserver-0.30.212 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we'll forget about the minute ;) 1169933331 M * daniel_hozac Bertl: just FYI, i put off build -m urpmi till 0.30.214, because it seems _really_ hard to use :) 1169933358 M * Bertl okay, what about the apt bootstrapping for mandriva? 1169933376 M * daniel_hozac hmm? using apt-rpm, or? 1169933377 M * Bertl IIRC, blino said something that they have apt repositories too? 1169933389 M * Bertl yes, I assume apt-rpm 1169933393 M * daniel_hozac i guess that would be a viable alternative. 1169933403 M * daniel_hozac especially as it's already supported. 1169933405 M * Bertl would be nice to have a description there 1169933474 N * chris_ pflanze 1169933520 M * daniel_hozac i'll poke around and see if i can find any apt directories. 1169933563 M * Bertl okay, guess i won't hurt to ask blino .. he should know 1169933698 M * eyck Hollow: hi 1169933909 M * Hollow hey eyck 1169933949 M * Hollow eyck: to get an account i need your pubkey 1169934002 M * daniel_hozac (ssh) 1169934028 M * Bertl (rsa/dsa :) 1169934059 M * eyck ok. 1169934356 Q * dna Ping timeout: 480 seconds 1169934442 M * Bertl okay, off for now ... back later ... 1169934447 N * Bertl Bertl_oO 1169934926 J * Aiken ~james@ppp221-239.lns2.bne1.internode.on.net 1169935000 Q * yarihm Ping timeout: 480 seconds 1169935203 J * yarihm ~yarihm@84-74-16-225.dclient.hispeed.ch 1169935206 Q * DreamerC_ Quit: leaving 1169935223 J * DreamerC ~dreamerc@125-225-100-164.dynamic.hinet.net 1169935724 Q * bonbons Quit: Leaving 1169936348 Q * m`m`h Ping timeout: 480 seconds 1169936684 M * FaUl is there any documentation how to configure per-vserver quota? 1169936702 M * FaUl unfortunately this part of the wiki isn't filled out so far 1169936760 M * daniel_hozac http://oldwiki.linux-vserver.org/Standard+non-shared+quota 1169936810 J * lilalinux ~plasma@dslb-084-058-221-070.pools.arcor-ip.net 1169937653 J * der0b ~s0d_0ff@c-66-31-142-244.hsd1.ma.comcast.net 1169937756 M * der0b Hey folks, using vserver on etch (provided by debian repos). I'm just wondering if it's possible to mount CIFS shares from withing a guest. from what I've found, nfs is possible and cifs isn't. is that correct? 1169938491 M * Hollow eyck: you should be able to login now, ssh eyck@helios.dev.croup.de 1169938530 M * Hollow everything you put in ~/public_html/ is available at people.l-v.org and ftp.l-v.org 1169938531 M * daniel_hozac der0b: probably, i don't think anyone has done changes for CIFS, nor tested it. 1169938549 M * daniel_hozac Hollow: ftpusers too? i guess he needs access to /var/ftp/pub/vs1.2. 1169938557 M * Hollow ah, ok .. 1169938574 J * m`m`h ~simba@deb30.mgts.by 1169938575 M * daniel_hozac or well, maybe not needs, but that would probably be best. 1169938578 M * Hollow ok.. he is in the ftpusers group now 1169938643 M * eyck Hollow: ok, thanks. 1169938737 M * eyck okay, off for now ... back later ... 1169940201 Q * meandtheshell Quit: Leaving. 1169941388 Q * duckx Quit: Client exiting