1178237190 J * arachnis1 arachnist@088156189068.who.vectranet.pl
1178237284 Q * arachnist Read error: Connection reset by peer
1178237295 N * arachnis1 arachnist
1178241867 M * tamitall Anyone around using open-iscsi with vserver?
1178242324 M * Bertl tamitall: any issues with that?
1178242399 M * tamitall I'm just beginning my journey :)
1178242401 M * tamitall I sure hope not!
1178242462 M * tamitall I'll keep you guys in the loop when I get it running
1178242472 M * Bertl okay, great!
1178242483 M * Bertl off to bed now ... have a good one everyone!
1178242488 N * Bertl Bertl_zZ
1178242491 M * tamitall nite
1178243722 Q * bzed Remote host closed the connection
1178246136 Q * ensc Ping timeout: 480 seconds
1178247141 Q * Guy- Ping timeout: 480 seconds
1178247863 J * tudenbart ~willi@xdsl-213-196-225-251.netcologne.de
1178248300 Q * dothebart Ping timeout: 480 seconds
1178251847 Q * ||Cobra|| Ping timeout: 480 seconds
1178258186 N * DoberMann_ DoberMann
1178259528 J * ensc ~irc-ensc@p54B4D4DD.dip.t-dialin.net
1178260763 J * dna ~naucki@204-245-dsl.kielnet.net
1178260916 N * DoberMann DoberMann[PullA]
1178261997 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl
1178262286 M * phedny May  4 09:00:31 meloen kernel: vxW: xid=115 did lookup hidden f7b95e60[#0,4026531876] �/proc/bus�.
1178262301 M * phedny I think this message is vserver-related?
1178262304 M * daniel_hozac yep.
1178262318 M * daniel_hozac means the guest with xid 115 tried to access /proc/bus, but was denied.
1178262328 M * phedny how could I give it access?
1178262435 J * meandtheshel1 ~markus@85-124-38-255.dynamic.xdsl-line.inode.at
1178262587 M * daniel_hozac why would you want to?
1178262677 M * phedny I'm trying to make a guest have access to my bluetooth dongle
1178263297 J * chand ~chand@212.99.51.254
1178263776 J * dna_ ~naucki@108-198-dsl.kielnet.net
1178263798 J * Guy- Q4xCsphTZ9@chardonnay.math.bme.hu
1178263852 M * daniel_hozac phedny: using libusb? or what?
1178263865 M * daniel_hozac i.e. why can't you simply copy the device node(s)?
1178263999 M * phedny I already copied device nodes, but it doesn't work yet
1178264150 M * daniel_hozac why not?
1178264161 M * phedny (13) Permission denied
1178264174 M * phedny but I'll work a little more on it
1178264178 Q * dna Ping timeout: 480 seconds
1178264189 M * phedny I have now installed some bluetooth tools in the host
1178264207 M * phedny they are able to perform some kind of initialisation and now in the guest I can perform scanning and such
1178264563 M * daniel_hozac okay.
1178265122 J * Fuchsia ~Tony@60.17.17.234
1178265170 Q * derjohn Remote host closed the connection
1178265176 N * DoberMann[PullA] DoberMann
1178265447 J * derjohn ~derjohn@80.69.41.3
1178265469 P * Fuchsia Leaving
1178265661 Q * chand Quit: chand
1178266109 J * chand ~chand@212.99.51.254
1178266267 J * bzed ~bzed@dslb-084-059-101-072.pools.arcor-ip.net
1178267002 J * bragon ~bragon@sam.geeknode.org
1178267184 Q * bzed Remote host closed the connection
1178267503 J * bzed ~bzed@dslb-084-059-101-072.pools.arcor-ip.net
1178268947 Q * cdrx Remote host closed the connection
1178269063 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net
1178269420 J * lilalinux ~plasma@80.69.41.3
1178269776 J * oklein oklein@in-ruhr4.ruhr.de
1178269882 M * oklein hello, i have a problem with vserver under debian etch: the network address I configured is not bound to the vserver but to the root-server, any hints?
1178269995 M * DavidS oklein: all ips are always bound to the host context
1178270025 M * oklein yes, but when i do ssh localhost within the vserver i get connected to the root-server
1178270073 M * daniel_hozac because you didn't limit the host's sshd to the host's IP addresses.
1178270092 M * daniel_hozac add ListenAddress <host IP address> to /etc/ssh/sshd_config on the host.
1178270117 M * oklein but that i would need to do with all services? 
1178270148 M * oklein and localhost / 127.0.0.1 should really be within the vserver
1178270210 M * daniel_hozac yes, but if the host has bound to all the IP addresses, that's what you'll be connected to.
1178270222 M * daniel_hozac and yes, you'd have to do it to all services.
1178270230 M * daniel_hozac that's one of the many reasons you're not supposed to run too many services on the host.
1178270389 M * oklein ah, thank you, i missunderstood the concept of the vserver networking, i was used to use umls, there this problem does not exist
1178270760 Q * oklein Remote host closed the connection
1178270775 M * derjohn daniel_hozac,  PERCPU_ENOUGH_ROOM stuff was changed in VS 2.2.0 RC19 (i see a change in the vserver patch). Could that cause the trouble I am experiencing with XFS ? Do you use XFS (or load at least the module) =?
1178270800 M * derjohn daniel_hozac, on i386, no prob  on x86_64
1178270920 M * daniel_hozac derjohn: hmm, i don't see that in 2.2.0?
1178270975 M * derjohn p-msg ....
1178270992 M * derjohn do you run a i386 kernel that loads xfs successfully ?
1178270995 M * daniel_hozac right. it's not changed in 2.2.0 anymore.
1178271019 M * derjohn (I dont have any left that do not have the v6 patch)
1178271048 M * daniel_hozac yep, works fine here.
1178271058 M * derjohn without v6 patch? or with ?
1178271059 M * daniel_hozac granted i don't have the IPv6 module loaded.
1178271063 M * daniel_hozac without.
1178271125 M * derjohn hm, well, I'll  compile a kernel without v6 to find out. but could I safely rise the PERCPU_ENOUGH_ROOM , as it was in former times?
1178271129 M * derjohn (to 65K)
1178271145 M * daniel_hozac it still is 64 Ki.
1178271150 M * derjohn *g*
1178271174 M * daniel_hozac ah no, mainline is 32 Ki. right
1178271178 M * daniel_hozac i guess you could.
1178271220 M * derjohn yes, maybe those are my next two tries. If the change to 64ki is successful, that might be something interesting for bonbons.
1178271240 M * derjohn i'll report what I found out. must work now ... bye :) 
1178271266 M * daniel_hozac cya
1178271272 M * daniel_hozac let us know how it goes.
1178271278 M * derjohn yes, THX and bye
1178278863 Q * Aiken Quit: Leaving
1178281374 J * ema ~ema@rtfm.galliera.it
1178281594 Q * phedny Ping timeout: 480 seconds
1178282255 N * Bertl_zZ Bertl
1178282261 M * Bertl morning folks!
1178282704 J * cruser ~chatzilla@72.242.194.162
1178282786 M * Bertl welcome cruser!
1178282822 M * cruser Bertl: Thanks.
1178283860 M * renihs hey Bertl 
1178284503 Q * ruskie Read error: Connection reset by peer
1178284671 J * ruskie ruskie@ruskie.user.oftc.net
1178284959 J * phedny ~mark@ip56538143.direct-adsl.nl
1178285534 J * ml ~penguin@83-65-34-34.arsenal.xdsl-line.inode.at
1178285540 M * ml huhu
1178285588 M * Bertl welcome ml!
1178285633 M * renihs thats a collegue from me
1178285639 M * renihs evil mammal he is
1178285700 M * Bertl herbivore, carnivore or omnivore?
1178285767 M * waldi omnivore ...
1178285791 M * renihs ya i think so too
1178285817 A * waldi .o0( francis? )
1178285834 M * renihs he eats everything like a a hoover
1178286067 M * Bertl then it is definitely omnivore :)
1178286088 M * Bertl I feel like a nap attack is coming up ... bbl
1178286097 N * Bertl Bertl_zZ
1178286244 M * renihs have fun :p
1178286335 M * ml wondering what 2.6.20-vs2.2.0-gentoo #1 SMP wants to tell me with vxW: xid=3344 did lookup hidden f7b7677c[#0,4026531876] <BB>/proc/bus<AB>....
1178286368 M * waldi err
1178286401 M * daniel_hozac what it says. the guest with xid 3344 tried to access /proc/bus, but was denied.
1178286418 M * ml oh that easy..thx
1178286791 M * cruser daniel_hozac: did you want to do some kernel testing?
1178286853 M * daniel_hozac cruser: hey, sorry, haven't gotten around to testing it myself. will do so right now...
1178288238 M * daniel_hozac cruser: hmm, here just doing cp /boot/config-* .config; vi .config (change EMBEDDED); make oldconfig creates the proper configuration.
1178288261 M * daniel_hozac with the different split and all.
1178288296 M * cruser okay I will try it
1178288477 J * gerrit ~gerrit@c-67-160-146-170.hsd1.or.comcast.net
1178288717 M * cruser daniel_hozac: "make oldconfig" has taken choice 3 (highmem64g) and asking for a choice on memory split. I take 2g/2g ?
1178288766 M * daniel_hozac yeah.
1178288931 M * cruser daniel_hozac: looks like it is going to ask a lot of questions. Do I take the defaults?
1178288968 M * daniel_hozac yeah.
1178288998 M * daniel_hozac though mine just asked ~5 questions or so (which is a lot lower than i was expecting).
1178289149 Q * dna_ Quit: Verlassend
1178289693 J * fatgoose ~samuel@206-248-175-36.dsl.teksavvy.com
1178292364 J * yarihm ~yarihm@vpn-global-dhcp1-33.ethz.ch
1178292478 Q * gerrit Ping timeout: 480 seconds
1178292711 J * stefani ~stefani@flute.radonc.washington.edu
1178293047 J * dna ~naucki@108-198-dsl.kielnet.net
1178293610 J * flype ~felipe@eduroambur1-205.eduroam.uv.es
1178293648 M * flype hi all, i have a problem whith one of my vservers
1178293670 M * flype anyone has configurate a guest vserver with openvpn
1178293672 M * flype ????
1178293695 M * flype i follow the tutorial into the web site but it doesn't work
1178293823 M * flype openvpn start ok and i'm able to connect sucesfull
1178293849 M * flype but it can't route my packets throw the tun0 device
1178294244 M * flype anyone can hear me?
1178294331 M * ml yes
1178294345 M * ml but no exp with openvpn
1178294535 M * ml flype: maybe this helps you out: http://oldwiki.linux-vserver.org/some_hints_from_john
1178294563 M * ml flype: (look for openvpn)
1178294646 Q * chand Quit: chand
1178294649 J * dothebart ~willi@xdsl-81-173-169-46.netcologne.de
1178294662 M * flype thanks, i follow that manual but it doesn't work
1178294687 M * flype i just found that: http://oldwiki.linux-vserver.org/OpenVPN
1178294715 M * ml flype: yaeh..i though you were talking  'bout that..
1178294716 M * flype i'ill try with IPROOT directive
1178294906 M * flype ml: in your link said that: "I was not able to run it with a tun devive, due to a buglet in util-vserver and kernel when it comes to settings a an ip address a point to point link: If you add "ip addr add <ip> peer <mypeer> dev tun0" there is no way to map the tun0 interface into a guest, even not with a 'nodev' option. (bug confirned to be reproducible by daniel_hoczac)"
1178295095 M * flype but i don't know if it the bugs perssits into the last version
1178295102 Q * tudenbart Ping timeout: 480 seconds
1178295355 M * ml hmm i'm out for weekend now.. but try searching the mailing list archives..
1178295358 M * ml bye
1178295361 Q * ml Quit: leaving
1178295647 Q * yarihm Quit: Leaving
1178296058 M * daniel_hozac flype: it's fixed since a long time ago.
1178296192 M * flype daniel_hazac: and do you know, how configure a tun device under vserver
1178296198 M * flype ???
1178296216 M * daniel_hozac flype: did you setup the route on the host?
1178296287 M * flype uhmm i think that yes: 10.10.10.2      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
1178296287 M * flype 10.10.10.0      10.10.10.2      255.255.255.252 UG    0      0        0 tun0
1178296294 M * flype 10.10.10.0      10.10.10.2      255.255.255.0   UG    0      0        0 tun0
1178296324 M * flype that routes work in my old server without vserver config
1178296418 M * flype to permit the guest vserver use the tun0 device i change some flags
1178296448 M * flype y change ~hide_netif
1178296448 M * flype  into flags files
1178296471 M * flype and CAP_NET_ADMIN
1178296471 M * flype CAP_NET_RAW
1178296471 M * flype CAP_SYS_MODULE
1178296471 M * flype CAP_MKNOD into bcapabilities
1178296508 Q * fosco Remote host closed the connection
1178296533 M * flype should i enable thease flags or make something special with the routes?
1178296555 J * fosco fosco@konoha.devnullteam.org
1178298128 N * Bertl_zZ Bertl
1178298190 M * Bertl flype: to use tun/tap you do not need to give any of those caps
1178298206 M * Bertl flype: unless you really want the guest to mess with your networking
1178298293 Q * pmsr Quit: Leaving
1178298472 J * the_hydra ~mulyadi@125.164.98.113
1178298499 M * Bertl welcome the_hydra!
1178298510 M * Hollow heya Bertl, do you have some minutes this evening for switching the dns?
1178298749 M * the_hydra Bertl: hi herbert..how's the thing goin'?
1178298853 M * Bertl the_hydra: quite fine, tx!
1178298858 M * Bertl Hollow: yep, sure ...
1178298860 M * the_hydra Bertl: glad to hear :)
1178299735 J * FireEgl FireEgl@2001:5c0:84dc:0:84fe:e089:cadc:ae91
1178299842 Q * flype Quit: flype
1178300844 J * shedi ~siggi@ftth-237-144.hive.is
1178302365 Q * ema Quit: leaving
1178302529 J * Hurga nobody@p508a9da3.dip0.t-ipconnect.de
1178302897 Q * the_hydra Ping timeout: 480 seconds
1178303392 M * Bertl welcome Hurga! wb shedi!
1178303404 M * Hurga Hi Bertl :)
1178304353 J * flype ~felipe@81.202.21.61.dyn.user.ono.com
1178305296 M * Bertl wb flype!
1178305321 M * flype hi Bertl!
1178305710 J * gerrit ~gerrit@bi01p1.co.us.ibm.com
1178305728 M * Bertl wb gerrit!
1178305731 J * ema ~ema@rtfm.galliera.it
1178305952 M * flype daniel_hozac:  could you help me to configure properly openvpn or anyone? thanks :-D
1178305990 M * Bertl flype: you simply make the tun/tap device persistant on the host
1178306010 M * Bertl flype: assign the local ip to the tun device and use that (with nodev) for the guest
1178306161 M * flype uhmm i made the device persistant with # ./MAKEDEV tun
1178306173 M * flype and linked with tunctl -t tun0
1178306192 M * Bertl ahem, no, MAKEDEV will not make a persistant tun device :)
1178306193 M * flype and then openvpn run into the west
1178306200 M * flype guest
1178306209 M * Bertl MAKEDEV will create a device node :)
1178306225 M * flype aham
1178306237 M * Bertl but the tunctl will do that, if it is the proper one
1178306265 M * flype uhmm oks
1178306268 M * Bertl just check that the device (tun0) is mentioned with 'ip link ls' on the host before you try to start the guest/openvpn
1178306281 M * Bertl and that it has the proper local tunnel ip
1178306310 M * flype later asign ip to the tun0 with: ifconfig tun0 10.10.10.1 pointopoint 10.10.10.2 netmask 255.255.255.255 up
1178306313 M * flype right?
1178306364 M * Bertl e.g. but that should happen in the guest startup scripts or on the host
1178306419 M * flype yep but it doesn't happend
1178306427 M * Bertl hmm?
1178306457 M * flype go by steps
1178306459 M * flype oks?
1178306495 M * flype y created the persistant tun
1178306502 M * flype and ip link ls show me ok
1178306508 M * Bertl okay
1178306515 M * flype 4: tun0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 500
1178306516 M * flype     link/ether b6:d8:a5:19:fa:61 brd ff:ff:ff:ff:ff:ff
1178306525 M * Bertl looks good
1178306568 M * flype who assign the local ip to the tun device and use that (with nodev) for the guest? 
1178306603 M * Bertl you/the host/the guest startup script 
1178306646 M * flype could be a problem with the config of openvpn?
1178306662 M * Bertl sure, you have to tell openvpn to use that specific tun device
1178306682 M * Bertl and that the device is persistant
1178306693 M * Bertl (otherwise it will probably try to create a new one)
1178306713 M * bXi hehe linux just rocks
1178306726 M * bXi i have a version of mplayer compiled for windows
1178306734 M * bXi and it works perfectly when i run that in wine
1178306740 M * bXi while running beryl
1178306942 M * flype Bertl: it's running
1178306960 M * Bertl good
1178306961 M * flype i can connect to the vpn
1178306967 M * Bertl congrats!
1178306969 M * flype but i can't made a ping
1178306977 M * flype that's its my problem
1178306980 M * Bertl from where to where?
1178306989 M * flype from nowhere to nowhere
1178307010 M * Bertl okay, show me the output of 'ip addr ls' for both tun ends
1178307013 M * flype shuould i add any especial route
1178307017 M * Bertl (paste.linux-vserver.org)
1178307030 M * Bertl also the output of 'ip route ls'
1178307035 M * Bertl (relevant parts)
1178307078 M * flype on the host or the guest?
1178307085 M * flype or the client
1178307087 M * Bertl on the host
1178307090 M * Bertl and on the client
1178307129 M * flype give a moment please
1178307304 Q * Hollow Read error: Connection reset by peer
1178307399 Q * phreak`` Read error: Connection reset by peer
1178307469 M * flype wo paste.linux-vserver gave me a conection mysql error
1178307497 M * Bertl flype: take another pastebin then please
1178307528 M * flype http://pastie.caboo.se/58969
1178307533 M * flype uhmm the interface
1178307550 J * Hollow ~hollow@styx.xnull.de
1178307564 M * flype tun0 doesn't it up
1178307571 M * Bertl yep, thats the problem
1178307575 M * Hollow this box drives me crazy
1178307584 M * Bertl Hollow: which one?
1178307602 M * Hollow the one where (among others) l-v.org is hosted
1178307615 M * Bertl ah, yes, btw, apstebin is not working right now :)
1178307665 M * Hollow should work again already ..
1178307681 M * flype because that i try to wake up ifconfig tun0 10.10.10.1 pointopoint 10.10.10.2 netmask 255.255.255.255 up 
1178307691 M * flype with ifconfig
1178307706 M * Bertl flype: yes, but you should do that before you start the openvpn software
1178307718 M * Bertl i.e. in the guest startup scripts for example
1178307727 M * Bertl but you can do that right now on the host too
1178307739 M * flype oks lets try
1178307849 M * flype but i should add the routes by hand?
1178307874 M * flype if openvpn doesn't can't start propearly
1178307904 M * Bertl do you need specific routes except for the interface route which is added by default?
1178307920 M * Bertl if so, you probably want to add them _before_ the vpn startup on the host too
1178308121 M * flype uhmm before i have configured a new interface into the /etc/vserver/config
1178308157 M * flype but remove it later because it is for a tap config
1178308157 M * Hollow Bertl: first rsync is going now ... guess you can already change the IP to 78.47.240.170, i will stop the guest in 1-2 hours, rsync again, and it should run fine on the new machine then ...
1178308211 M * flype with a tun interface should i config it?
1178308307 M * Bertl flype: once again: the host is doing all the network config/setup
1178308331 M * Bertl flype: i.e. you configure everything you need on the host, the only thing you do inside the guest is the 'connect' to the tun interface
1178308348 M * Bertl flype: you can do the actual configuration in many ways
1178308367 M * Bertl flype: via ifconfig, ip, guest startup scripts, manually or automatically
1178308393 M * flype yes i understand
1178308414 M * flype i'll try again
1178308419 M * flype thanks
1178308422 M * Bertl np
1178309162 Q * ema Quit: leaving
1178309362 Q * gerrit Ping timeout: 480 seconds
1178309808 M * Hollow Bertl: did you see my message? :)
1178310129 J * gerrit ~gerrit@bi01p1.co.us.ibm.com
1178310303 J * JWCCS ~JW@cvs.claborn.net
1178310337 M * JWCCS I have a routeing problem: I have a server with and external IP on one NIC and an internal (LAN) IP on another NIC.
1178310360 M * JWCCS I want to set the vserver guest up on the internal network, because I don't have any more IPs available for the external one,
1178310384 M * JWCCS but when I do that, I can't get access to the internet, because the route/gateway is not set right.
1178310402 M * JWCCS There is a router on the internal network that the guest can use,
1178310421 M * JWCCS but it is not what the host uses (the host uses the external gateway)
1178310426 M * JWCCS how do I get around this?
1178310443 M * JWCCS to be exact, how do I give the guest a different gateway than the host?
1178310568 M * Bertl Hollow: yep, will change it shortly
1178310614 M * Bertl JWCCS: you use S/DNAT on the host to make the outgoing conenctions use the host's (or guest's) public ip
1178310654 M * JWCCS Ok . . . and what is S/DNAT?
1178310714 M * Bertl source and destination NAT (network address translation)
1178310753 M * JWCCS what, with IP tables?
1178310787 M * Bertl yep, with something like this:
1178310801 M * JWCCS Ok, like is listed in the wiki
1178310808 M * JWCCS iptables -t nat -I POSTROUTING -s $VSERVER_NETZ  ! -d $VSERVER_NETZ -j SNAT --to $EXT_IP
1178310810 M * Bertl yep, right :)
1178310823 M * JWCCS Ok, that's seems odd to me but I"ll try it.
1178310853 M * Bertl why does that seem odd?
1178310860 M * JWCCS I guess the thing is that I /do/ have an privet-address gateway avilable,
1178310862 Q * cdrx Quit: Leaving
1178310878 M * Bertl JWCCS: you can use that too if you prefer
1178310883 M * JWCCS and the way the question is written in the wiki I was thinking there might be a way to just use that gateway
1178310900 M * Bertl in which case you would use multiple routing tables to select the 'default' route based on ips
1178310900 M * JWCCS I can use the too, instead of using IP tables?
1178310917 M * JWCCS Or are you saying I have to use IP tables either way, but can point to either gateway.
1178310923 M * JWCCS ok
1178310939 M * JWCCS I guess that's the part I can't figure out: I've been playing with it all day.
1178310953 M * Bertl it is quite simple, and not even Linux-VServer related
1178310971 M * JWCCS I'm quite sure, it just doens't seem simple to me 
1178310978 M * Bertl your setup, as far as I understand it, is that you have two different default gateways
1178310995 M * JWCCS not quite.
1178310999 M * Bertl i.e. one gateway which should apply to the guest, and another one for the host
1178311022 M * JWCCS I have eth0: external with it's own route/gateway (the host is Debian etch)
1178311034 M * JWCCS and I have eth1: 192.168 address, no gateway set
1178311041 M * JWCCS that's how it's setup on the server.
1178311053 M * JWCCS I want to give another 192.168 address to the guiest
1178311060 M * JWCCS But then it can't route
1178311061 M * Bertl okay
1178311070 M * JWCCS I tried adding our 192. gateway to the server,
1178311074 M * Bertl well, where is it supposed to route?
1178311090 M * JWCCS but then ssh conenctions into the server don't work through the external eth0 interface
1178311096 M * JWCCS I suppose because of a routing problem.
1178311108 M * Bertl just for a moment, forget about the fact that you are using Linux-VServer enabled kernels
1178311114 M * JWCCS the LAN systems (real or virtual) can use 192.168.0.23 for a gateway.
1178311116 M * JWCCS ok
1178311126 M * Bertl now, on the host, try the following:
1178311129 M * JWCCS I'm listening.
1178311138 M * Bertl ping -I <public-ip> www.google.com
1178311153 M * Bertl not surprisingly, it will work, right?
1178311177 M * JWCCS yes, it works
1178311186 M * Bertl okay, now let's do this:
1178311198 M * Bertl ping -I <host-private-ip> www.google.com
1178311206 M * JWCCS I gotcha: no that does not work.
1178311210 M * Bertl why?
1178311233 M * JWCCS because it can't talk to www.google.com/72.14.253.104 through eth1
1178311238 M * JWCCS because eth1 has no gateway set
1178311252 M * Bertl not exactly, but close
1178311254 M * JWCCS though other systems on the LAN could, when they have their gateway set.
1178311268 M * JWCCS Ok, please correct me :-)
1178311269 M * Bertl the echo requests will leave the system, you can check that with tcpdump, btw
1178311277 Q * dna Quit: Verlassend
1178311281 M * JWCCS I"ll note that.
1178311282 M * Bertl but they will originate from a private ip
1178311295 M * Bertl and every sane router (to the outside) will cancel them
1178311307 M * Bertl because there is no chance that they will ever return :)
1178311327 M * JWCCS any router that is not doing NAT, anyway - right?
1178311331 M * Bertl now, if you start a ping from inside a guest, which _only_ has a private ip assigned
1178311346 M * JWCCS but I guess aside from that they are being broadcast, so no router knows to forward them.,
1178311350 M * Bertl then the ping (and all other traffic) will be forced to use that private ip
1178311370 M * JWCCS make sense.
1178311375 M * JWCCS * makes
1178311375 M * Bertl so a ping/conenct/whatever from inside the guest will _always_ use the private ip
1178311380 M * JWCCS yes . . .
1178311393 M * Bertl okay, so if you want to 'allow' the guest to reach the internet
1178311419 M * Bertl the simplest and straight forward solution is to translate that address (private) to the public one for outgoing packets
1178311436 M * JWCCS true . . .
1178311440 M * Bertl (and translate it back for replies)
1178311457 M * JWCCS true 
1178311458 M * Bertl that is what the abovementioned nat rule will do, when configured properly
1178311463 M * JWCCS I see.
1178311482 M * Bertl now, given that your private network has a gateway to the internet too
1178311495 M * JWCCS yes?
1178311503 M * Bertl then you could send the packets there, where they will be nat-ed in a similar way :)
1178311534 M * Bertl in this setup, you basically have two different gateways
1178311547 M * Bertl the one via the private network (for the guest ip)
1178311558 M * Bertl and the one via your public router/gateway
1178311586 M * JWCCS private-to-external NAT/gateway, yse.
1178311610 M * JWCCS and external also, yes.
1178311623 M * Bertl yep, while it is unusual, that a host with a public ip would route via the private network, it is possible to do so
1178311634 M * Bertl (again this is not Linux-VServer specific at all)
1178311641 M * JWCCS So sorry :-(
1178311644 M * Bertl by onfiguring two different routing tables
1178311648 M * JWCCS I appreciate your help though.
1178311661 M * Bertl and decide which one to use, based on the source ip
1178311688 M * JWCCS it's not Linux-VServer specific, but I can't think of any other situation that would cause me to need this unusual routing setup.
1178311708 M * Bertl ah, there a quite a number of cases where you need that
1178311733 M * Bertl just think two public ips via different upstream providers
1178311742 M * Bertl (for example for redundancy)
1178311744 M * JWCCS I guess I don't have a clue how to setup routing aside from adding the gateway to /etc/network/interfaces
1178311771 M * Bertl so first, let's check if that is really what you want :)
1178311825 M * JWCCS Well I have seen one variation: adding a command like this:  up route add -host9some external ip) gw (some other gateway)
1178311847 M * Bertl that's not sufficient ...
1178311854 M * JWCCS but I don't know how to modify that for all public IPs as opposed to a single external IP.
1178311872 M * JWCCS Back to your question: "first, let's check if that is really what you want"
1178311879 M * JWCCS how do I check that?
1178311906 M * JWCCS I promise I'll document this in the wiki so you won't have to answer it again :-D
1178311913 M * Bertl well, would using the host's public ip for outgoing connections be a bad solution?
1178311930 M * Bertl JWCCS: don't worry, I already answered it several times :)
1178311944 M * JWCCS :-)
1178311960 M * JWCCS And you didn't make a wiki entry to save yourself time? Or did I just not find it?
1178311969 M * JWCCS The only reason it would be bad, is, that I would have to run iptables
1178311973 M * JWCCS and I am not currently doing that
1178311990 M * JWCCS and if I was told that there was an easy route setup, I would so that instead :-)
1178312014 M * Bertl hmm, well, you would have to run multiple routing tables (which is slightly more complicated :) and you are not doing that right now :)
1178312039 M * cruser daniel_hozac: The compiled kernel did not work. It reboots the box.
1178312063 M * Bertl cruser: that is the mainline one, yes?
1178312079 M * flype Bertl: can i abuse of your pacience again? :-)
1178312090 M * Bertl flype: sure, go ahead ...
1178312107 M * flype i think that  i found the source of my openvpn problem
1178312114 M * flype http://pastie.caboo.se/58985
1178312135 M * flype y put tcpdump into the two dev tun
1178312172 M * flype and the packets that go throw the new tun into my new server
1178312180 M * Bertl Hollow: all 85.10.237.61 -> 78.47.240.170 yes?
1178312188 M * flype apear malformed
1178312198 M * flype appear malformed
1178312218 M * cruser Bertl: yes
1178312225 M * Bertl flype: malformed in what way?
1178312230 M * flype and i see that the configuration of the two tun interfaces its different
1178312275 M * Bertl flype: it should be reversed
1178312283 M * Bertl (but otherwise identical)
1178312293 M * Bertl cruser: that's good news :)
1178312310 M * cruser Bertl: Why?
1178312313 M * flype http://pastie.caboo.se/58995
1178312321 M * flype take a look
1178312350 M * Bertl cruser: because it means that it is a mainline issue, and thus, once reported, will be addressed by mainline kernel developers
1178312377 M * flype yep into another running vpn config i saw the who equals but with swaped ips
1178312403 M * Bertl flype: maybe you are creating the wrong type of interface (tun vs tap)?
1178312424 M * JWCCS Bertl: Should I use a Routing Table like described here: http://utcc.utoronto.ca/~cks/space/blog/linux/DualIdentityRouting
1178312430 M * Bertl flype: I always had the best success with the UML tunctl tools
1178312450 M * cruser Bertl: I guess someone else will do what I did to verify?
1178312479 M * Bertl cruser: well, if the issue is reported upstream, probably yes
1178312483 M * flype i created it with:  tunctl -t tun0 
1178312493 M * flype doesnt it the correct way?
1178312510 M * cruser Bertl: okay...going home
1178312518 P * cruser 
1178312526 M * Hollow Bertl: yes
1178312535 M * Bertl flype: my tools require tunctl -e -t tun0 
1178312554 M * Bertl flype: that is for layer 2 devices, you want layer 3
1178312582 M * Bertl flype: what I'm trying to say is, maybe your tools create a layer 2 device by default
1178312618 M * flype uhmm i don't its the first time that i made it
1178312625 M * flype its a debian etch
1178312631 M * Bertl tun0 Link encap:Ethernet  <-- that's wrong
1178312634 M * flype i'll take a look into the man
1178312641 M * flype yep i know
1178312895 M * Bertl Hollow: okay, updated
1178312924 M * Hollow thanks
1178313058 J * yarihm ~yarihm@84-75-103-239.dclient.hispeed.ch
1178313066 M * Bertl wb yarihm!
1178313072 M * yarihm hi everyone
1178313114 N * DoberMann DoberMann[PullA]
1178313117 M * Bertl JWCCS: yep, that would work too, but as I said, slightly more complicated than the one line iptables entry :)
1178313311 M * JWCCS :-)
1178313349 M * JWCCS Except that I have to install firehol to use the one line entry, or else figure out some other way to use IPtables.
1178313351 M * JWCCS :-) 
1178313394 M * Bertl well, you do the iptables line above, then use iptables-save to store that in /etc/sysconfig/iptables :)
1178313419 M * Bertl why do folks always think they need a firewall solution to use iptables :)
1178313445 M * JWCCS Because we are the ignorant, unwashed masses :-)
1178313452 M * JWCCS No nobdy tells us otherwise! :-)
1178313477 M * Bertl well, you know the cannel's topic?
1178313481 M * Bertl *channel
1178313508 M * JWCCS hadn't read it (shame on me) - but it's a good one :-)
1178313589 M * JWCCS Bertl: Thank you for helping and not getting impatient with me. I've been using linux for years - I'm good at some aspects, clueless at others.
1178313610 M * JWCCS It's a shame how hard it is to get help sometimes. Other times, nice people like you come along to help :-)
1178313642 Q * gerrit Ping timeout: 480 seconds
1178313735 M * Bertl JWCCS: you're welcome!
1178313748 J * newz2000 ~matt@12-210-150-228.client.mchsi.com
1178313766 M * Bertl welcome newz2000!
1178313790 M * newz2000 hi Bertl!
1178313886 M * newz2000 So far my vserver config looks pretty good, but I've got one oddity, probably something I've done wrong...
1178313901 M * newz2000 one of my servers can ping other hosts on the network but can't ping its own eth1 address
1178313908 M * newz2000 ever seen anything like that before?
1178313939 M * Bertl the guest has two ips assigned?
1178313939 M * JWCCS Bertl: If you google for "Linux VServer Tutorial" - I wrote the cedar creek software article. I'll add this info to it :-) and the wiki
1178313975 M * newz2000 Bertl: actually, it's the host having this problem, I haven't created a guest on this machine yet, since it'll be on the eth1 network
1178313983 M * Hollow Bertl: the new guest is running fine now, in parallel with the old one, operating on the same database.. i will install an own mysqld for helios tomorrow, and migrate the data, and we will also get regular backups, i just ordered the backups space :)
1178313986 M * Bertl JWCCS: nice
1178314023 M * Bertl newz2000: so you have an ip (already assigned) on the host
1178314035 M * Bertl newz2000: and you cannot ping it (from the host?)
1178314055 M * newz2000 yeah, eth0 and eth1. I can ping hosts on both networks, but I can't ping my own eth1 address
1178314077 M * Bertl JWCCS: if you want to make me happy, please replace the newvserver script (which is a debian oddity) with the direct vserver <name> build call
1178314114 M * newz2000 oh really? I've been using newvserver
1178314136 M * Hollow util-vserver-0.30.213 even has native etch support :)
1178314167 M * Hollow vserver ... build -m debootstrap ... -- -d etch
1178314186 M * JWCCS Bertl: OK, I'll have to research that and test it - I haven't heard of that before, or tried it.
1178314189 M * Bertl newz2000: well, it is debian specific, and all it does can easily be done with util-vserver, and the commands then will work on all host distros
1178314226 M * Bertl i.e. we do not need to have: on debian do blabla, and on all other host distros do blubblub
1178314238 M * newz2000 Makes sense. Last time I built vservers, I used that red and blue curses tool.
1178314275 M * JWCCS Bertl: do you have a blog or home page?
1178314300 M * Bertl home page yes, I do not do blogs, I leave that to my cats :)
1178314312 M * Bertl homepage is 13thfloor.at ...
1178314376 M * Bertl (which reminds me that I have to update the pages there sooner or later :)
1178314380 M * Hollow apropos blogs ... http://mainspleen.com/show/klo.pdf ;)
1178314381 M * JWCCS :-)
1178314430 M * JWCCS does" vserver <name> build" take all the options like newvserver does? (sorry, being lazy and asking beofre looking . . .)
1178314470 M * JWCCS Wow: ugliness!    http://linux-vserver.org/
1178314479 M * Bertl JWCCS: no idea, but vserver --help and vserver - build --help should tell you
1178314515 M * JWCCS Severe home page brokeness. Can I meddle with your php? (just kidding)
1178314541 M * Bertl JWCCS: hmm?
1178314545 M * Hollow works here... (on both ips)
1178314560 M * Bertl JWCCS: that's mediawiki, what problem do you have with that?
1178314572 J * Aiken ~james@ppp222-137.lns2.bne1.internode.on.net
1178314577 M * Bertl morning Aiken!
1178314587 M * JWCCS How strange . . when I access it directly, I get the wiki like normal.
1178314606 M * JWCCS WHen I access it through my web proxy, I get tons of mysql and PHP errors:
1178314608 M * Aiken morning Bertl
1178314613 M * JWCCS Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /var/www/wiki.linux-vserver.org/htdocs/includes/Database.php on line 620
1178314620 M * Bertl JWCCS: probably because we are moving the guest :)
1178314643 M * JWCCS Doesn't matter which page I use, either.
1178314648 M * Hollow still works here on both ips :)
1178314649 M * JWCCS use/try to access
1178314651 M * Bertl JWCCS: i.e. your proxy will keep the old data for roughly 3 hours
1178314694 M * JWCCS I only just now tried the proxy - havne't accessed it with it before.
1178314710 M * Bertl well, maybe your proxy is broken :)
1178314712 M * JWCCS Well, if it's still broken tomorrow I'll let you know.
1178314744 M * JWCCS maybe, but no other sites are broken through it.
1178314767 M * flype Bertl:  jop, openvpn work inside the guest without any problem but the tun decive into the host it is down!!
1178314771 M * Hollow maybe other sites don't migrate rgight now
1178314776 M * flype i'm turning crazy with that
1178314797 M * Bertl flype: is it a tun device now? if so, try taking it up with ifconfig
1178314804 M * flype and of course doesn't route anything
1178314874 M * flype uhmm if take it up it's appear like a ethernet device 
1178314901 M * flype and fail the packects that go through it
1178314961 M * flype :-/
1178314987 M * Bertl then it is unlikely to be a tun device
1178315009 M * newz2000 ah, a reboot fixed my ethernet problem
1178315023 A * newz2000 should have tried that earlier
1178315025 M * Bertl flype: it probably is a tap device, could you strace the tunctl invocation for me?
1178315026 M * flype it have a mac addres!
1178315037 M * Bertl newz2000: using windows?
1178315048 M * newz2000 no, ubuntu
1178315057 M * flype tunctl -t tun0
1178315059 M * newz2000 but that's what it sounds like doesn't it. :-)
1178315067 M * flype modprobe tun
1178315068 M * flype tunctl -t tun0
1178315075 M * Bertl newz2000: ah, and trouble shooting there is done by rebooting too :)
1178315085 M * flype and when reboot y need to create again, its desepear
1178315097 M * Bertl flype: stop the guest, remove the tun device 
1178315126 M * Bertl flype: then do: strace -fF -o tunctl.trace tunctl -t tun0
1178315155 M * Bertl flype: then upload the output (tunctl.trace) somewhere
1178315286 M * flype http://pastie.caboo.se/59006
1178315625 M * flype Bertl: Have you seen something strange?
1178315643 M * Bertl no, but what I want to see isn't shown in the dump
1178315664 M * Bertl basically the arg used for this ioctl is interesting
1178315665 M * Bertl 6458 ioctl(3, TUNSETIFF, 0xbfc14640) = 
1178315785 J * gerrit ~gerrit@bi01p1.co.us.ibm.com
1178315787 M * Bertl flype: you can try with the -vx option to strace, but I doubt it will print the details for this argument
1178315804 M * flype oks
1178315815 M * Bertl we can try with gdb :)
1178315837 M * Bertl (or even better, you get the source to your tunctl, and upload that somewhere)
1178315857 Q * gerrit Remote host closed the connection
1178315917 M * flype option -vx http://pastie.caboo.se/59013
1178315966 M * Bertl as excpected, doesn't show the ioctl details
1178316020 Q * Johnnie Ping timeout: 480 seconds
1178316036 M * flype i'm downlanding the sources
1178316102 M * Bertl flype: here is a version that works for me : http://vserver.13thfloor.at/Stuff/tunctl.tar.bz2
1178316209 M * flype oks
1178316226 M * flype i'll compile it and try with it
1178316622 M * flype uhmmm i tried with ir
1178316624 M * flype it
1178316632 M * flype and with tun0 doesn't work
1178316643 M * flype but by default it created to me a tun1
1178316651 M * flype and appear that work
1178316657 M * Bertl maybe the tun0 is already there
1178316660 M * flype lets do some test
1178316672 M * flype :-D
1178316673 M * Bertl (or somehow blocked by the openvpn software)
1178316687 M * flype i don't think so
1178316699 M * flype the ping doesn't work
1178316715 M * flype but i think that iptables it's blocking
1178316724 M * Bertl well, let's make sure that the vpn software now uses the new interface :)
1178316759 M * flype yep, the trafic with tcpdump appear to be normal
1178316790 M * flype in both sides appear the same packages
1178316806 M * Bertl that's a good sign ... what is your distro?
1178316815 M * flype debian
1178316819 M * mnemoc hi, where is util-vserver's repo? 
1178316825 M * flype debian ethc
1178316828 M * flype etch
1178316844 M * Bertl flype: ah, so the tunctl there is broken/incomplete, good to know
1178316881 M * flype i made a diff fo your tunctl with the source from debian
1178316901 M * flype and there are some slow diferences
1178316949 M * flype little diferences
1178317566 M * flype Bertl: could be, some caps or limitation into the guest machine that doesn't permit use tun1 ip?
1178317587 M * flype because into the host every thing are ok
1178317624 M * Bertl flype: no, when you assign the ip to the guest (which I assume you did) then the guest can use it
1178317642 M * flype but into the guest use the private ip of the guest
1178317668 M * Bertl whatever ip you have assigned to the tun device :)
1178317687 M * flype uhmm into o/etc/vserver/name/interface/1
1178317689 M * flype ??
1178317730 Q * JWCCS Quit: thanks, bye.
1178317736 M * Bertl for example
1178317924 M * flype Bertl: Buaaa you are my heroe!
1178317926 P * stefani I'm Parting (the water)
1178317927 M * flype thanks a lot
1178317938 M * flype it's works! and rocks
1178317953 M * Bertl flype: congrats! and you're welcome!
1178317975 M * Bertl flype: please make a short howto page on the wiki, or extend the one from derjohn to contain accurate info
1178318036 M * flype yep, because the info only speaks about tap devices no tun
1178318073 M * Bertl and please mention that the debian 'tunctl' is not able to create tun devices, and feel free to link to my version
1178318086 M * mnemoc Bertl: hi, do you know who is the execution chain (http://svn.linux-vserver.org/projects/util-vserver/browser/trunk/scripts/vserver.start) is sending the init to background? i want to allocate a pts to use as dev/console
1178318102 M * mnemoc s/is/in/
1178318115 M * Bertl mnemoc: you ahve to check with daniel_hozac ...
1178318148 M * mnemoc Bertl: ok, i'll bother him :)
1178318382 J * ml ~penguin@85-124-233-149.work.xdsl-line.inode.at
1178318403 Q * sladen Ping timeout: 480 seconds
1178318444 J * sladen paul@starsky.19inch.net
1178318576 J * Johnnie ~jdlewis@c-67-163-247-109.hsd1.pa.comcast.net
1178318691 M * daniel_hozac mnemoc: hmm?
1178318796 M * ml quit
1178318799 Q * ml Quit: leaving
1178318910 J * ml ~penguin@85-124-233-149.work.xdsl-line.inode.at
1178318961 M * mnemoc daniel_hozac: hi :)
1178318998 M * daniel_hozac hello
1178319098 M * mnemoc daniel_hozac: does it init of the guest have a parent process i can tweak to allocate a pts to be used during init execution as dev/console ?
1178319117 M * daniel_hozac define parent.
1178319136 M * mnemoc processs which waitpid()
1178319150 M * daniel_hozac then no.
1178319156 M * mnemoc :(
1178319209 M * daniel_hozac of course, you could just add --vlogin to the vcontext arguments and have that allocate a pty for you.
1178319287 Q * meandtheshel1 Quit: Leaving.
1178319292 M * mnemoc uh
1178319400 M * mnemoc thanks for the hint :)
1178319476 M * daniel_hozac np
1178319577 Q * sladen Ping timeout: 480 seconds
1178319724 J * sladen paul@starsky.19inch.net
1178319725 M * Bertl okay, off to bed now ... have a good one everyone!
1178319734 N * Bertl Bertl_zZ
1178320020 M * flype byes and thanks to all
1178320033 M * flype i'm going to bed
1178320154 P * flype 
1178320183 J * DoberMann_ ~james@AToulouse-156-1-53-111.w90-16.abo.wanadoo.fr
1178320289 Q * DoberMann[PullA] Ping timeout: 480 seconds
1178320574 Q * yarihm Quit: Leaving
1178321155 Q * ml Quit: leaving
1178321198 J * toidinamai_ ~frank@i59F76DFF.versanet.de
1178321562 Q * toidinamai__ Ping timeout: 480 seconds
1178322440 Q * Hurga Remote host closed the connection