1201392203 Q * jescheng Remote host closed the connection 1201392223 J * jescheng ~jescheng@proxy-sjc-1.cisco.com 1201392343 Q * mcp Server closed connection 1201392359 J * mcp ~hightower@wolk-project.de 1201392405 Q * hparker Remote host closed the connection 1201392686 Q * samuel Quit: samuel 1201392837 J * giovanni_ ~giovanni@89.189.53.40 1201393253 Q * giovanni Ping timeout: 480 seconds 1201393342 Q * giovanni_ Remote host closed the connection 1201393423 Q * Blissex Read error: Connection reset by peer 1201394868 Q * BobR_oO Server closed connection 1201394872 J * BobR_oO odie@IRC.13thfloor.at 1201396955 Q * balbir Remote host closed the connection 1201397253 Q * ex Server closed connection 1201397262 J * ex ex@valis.net.pl 1201397786 J * Infinito argos@201-3-20-108.gnace701.dsl.brasiltelecom.net.br 1201398759 Q * onox Quit: leaving 1201399384 J * tenmoi ~chatzilla@117.5.81.6 1201399443 M * tenmoi anyone know how to uninstall vserver kernel, please 1201399564 M * tenmoi I have made a mess of my host and want a fresh install of vsever 1201399628 M * doh i would say its unlikely that the kernel is messed up 1201399655 M * doh but if you want to remove vserver patchset from kernel, you'd have to download a new clean unpatched kernel 1201399849 M * tenmoi the problem i have is i cannot apply the patch, and i cannot create a guest. so I just want to remove everything and make a brand new start 1201399881 M * doh what distro are you using? 1201399893 M * tenmoi doh: fedora 8 64 1201399902 M * doh compiling your own kernel? 1201399915 M * tenmoi what kernel do you mean 1201399925 M * tenmoi now I have 3 on my system 1201399971 M * doh hm, well i'd get some fresh kernel sources, and then patch them 1201399985 M * doh or get an already patched kernel i guess 1201399985 M * tenmoi And yes, I compiled the vserver kernel. 1201400034 M * tenmoi i just cannot patch the kernel. that's why i want to remove it. ANd i just can't figure how 1201400058 M * Bertl tenmoi: when you are on fedora 8, why not use one of the precompiled kernels? 1201400087 M * tenmoi I did not know there is one 1201400122 M * tenmoi i did a yum install util-vserver and the kernel was not installed 1201400190 M * Bertl not very surprising, eh? 1201400216 M * Bertl util-vserver has the 'util' part .. which hints that this is userspace stuff 1201400253 M * tenmoi ah. Bertl. you are here again. how can i remove vserver kernel, thanx 1201400377 M * Bertl the same you remove a non-Linux-VServer kernel 1201400427 M * tenmoi Bertl: it is not listed in add/remove programs 1201400457 M * Bertl which just means you didn't install it as package 1201400516 M * tenmoi I just compiled it and did a make modules_install install. what did i do wrong here? 1201400541 M * Bertl nothing, but that means that you have to remove it manually too 1201400599 M * tenmoi Can you tell me how many folders to remove. I don't want it to interfere with my next install 1201400626 M * Bertl it won't interfere, kernels are not very _active_ in userspace 1201400656 M * Bertl i.e. the only way you might see some effect of this kernel is when you actually boot it, which, in turn, would be what you want :) 1201400766 M * tenmoi you know i am kind of particular about a corrupt install. ONce i get it, i just want everything to restart anew. 1201400786 M * Bertl well, then get your favorite DVD/CD and reinstall 1201400837 M * tenmoi OK. so how do i install it as a package the next time then? 1201400879 M * Bertl IIRC, there are rpm packages for Linux-VServer enabled kernels (for fedora and centos), daniel_hozac probably knows the details 1201400945 M * tenmoi you know i kind of messed things up following instructions on this site "http://facti.net/drupal/" 1201401025 M * Bertl looks fine to me .. at least at the first glance 1201401056 M * Bertl well, adjust the kernel and patch versions to the newest and you should be done 1201401093 M * tenmoi Bertl: where exactly can i download the rpm package? 1201401114 M * Bertl no idea, I'm not a fedora person 1201401150 M * tenmoi and daniel_hozac. how can i contact him/her 1201401172 M * Bertl should be around, probably sleeping right now or so 1201401268 M * tenmoi thanx. get back soon if a problem should pop up. In fact i have only worked with linux for 1 year. before everything was M$ 1201401315 M * Bertl understanding an operating system takes some time ... do not hurry it ... 1201401335 M * Bertl btw, did you actually boot your newly installed kernel? 1201401370 Q * Infinito Read error: Connection reset by peer 1201401401 M * tenmoi the default is the one from fedora. so I hit enter to bring up the grub list and choose vserver kernel 1201401437 J * Infinito argos@201-3-20-108.gnace701.dsl.brasiltelecom.net.br 1201401440 M * Bertl okay, and that booted fine for you, yes? 1201401449 M * tenmoi yes 1201401505 M * Bertl and you did run the testme.sh on this newly booted kernel? 1201401535 M * Bertl http://paste.linux-vserver.org/11692 <-- this one? 1201401554 M * tenmoi until i need to install the guest. and I got the problem you were reading about last night. (do not know where you are. But it was midnight for me when i was chatting with you) 1201401584 M * tenmoi oh yes, 1201401606 M * Bertl okay, do you still have the source tree for that kernel? 1201401615 M * tenmoi yes 1201401635 M * Bertl do the following inside the source tree, and upload the result: 1201401645 M * Bertl grep VSERVER .config 1201401665 M * Bertl (if there is any result, that is :) 1201401681 M * tenmoi nothing happened. 1201401720 M * Bertl so it seems you didn't actually patch the kernel, and thus, you do not have a kernel with Linux-VServer support, but just a normal kernel 1201401749 M * Bertl http://facti.net/drupal/node/92 <- you might have missed the last point (5) 1201401778 M * tenmoi let me have another look at it 1201401822 M * Bertl hmm, maybe you didn't miss it, but it seems a little wrong 1201401838 M * Bertl it should be patch -p1 <../patch-2.6.22.10-vs2.2.0.5.diff 1201401861 M * Bertl (assuming that the patch is in /usr/src/kernels) 1201401897 M * Bertl (adjust the name to the actual patch, for 2.6.22.16/vs2.2.06 1201401956 M * tenmoi so I need to two .. (dot dot) before the patch file? 1201401974 M * Bertl well, no, you need to specify the path for the patch 1201401989 M * Bertl which, if the patch is located in the directory above the kernel source 1201401996 M * Bertl can be referred to as '..' 1201402020 M * Bertl so, if you put the patch in /tmp, you would use 1201402035 M * Bertl patch -p1 after the 'make oldconfig' (you can take the defaults), you do 1201402514 M * Bertl the default is the 'N' and you can take the default by simply pressing enter :) 1201402593 M * tenmoi Bertl: Avoid idle CPUs by skipping Time (VSERVER_IDLETIME) [Y/n/?] (NEW). what's wrong with idle CPU 1201402615 M * tenmoi Why make it run when it has nothing to do? 1201402724 M * doh x This option allows the scheduler to artificially x 1201402724 M * doh x advance time (per cpu) when otherwise the idle x 1201402724 M * doh x task would be scheduled, thus keeping the cpu x 1201402724 M * doh x busy and sharing the available resources among x 1201402724 M * doh x certain contexts. x 1201402764 M * tenmoi so it's ok to the default 1201402773 M * doh yeah, all the defaults are ok 1201402795 M * tenmoi tx 1201402844 Q * misc-- Read error: Connection reset by peer 1201402853 M * tenmoi now to this point. which one is the best? "Persistent Inode Tagging 1201402855 M * tenmoi 1. Disabled (TAGGING_NONE) (NEW) 1201402857 M * tenmoi 2. UID16/GID32 (TAGGING_UID16) (NEW) 1201402859 M * tenmoi 3. UID32/GID16 (TAGGING_GID16) (NEW) 1201402860 M * tenmoi > 4. UID24/GID24 (TAGGING_ID24) (NEW) 1201402862 M * tenmoi 5. UID32/GID32 (TAGGING_INTERN) (NEW)" 1201402906 M * doh the default seems to be the 4th option 1201402915 M * tenmoi ok 1201403204 M * tenmoi anyone know where fedora caches the download files if "yum update" is used 1201403855 Q * Julius Ping timeout: 480 seconds 1201403967 P * tenmoi 1201404373 Q * sezuan_ Ping timeout: 480 seconds 1201405125 Q * Medivh Ping timeout: 480 seconds 1201405198 P * amaxik 1201406390 Q * michiel` Server closed connection 1201406394 J * michiel` ~michiel@145.33.144.200 1201406517 M * Bertl okay, off to bed now .. have a good one everyone! 1201406521 N * Bertl BErtl_zZ 1201406525 N * BErtl_zZ Bertl_zZ 1201409470 Q * Infinito Quit: Quitte 1201412156 M * nwf Hey all. I've a potentially silly question. I want to allow a vserver to access /dev/net/tun, but only certain devices (e.g. tap1, tap2, but not tap3) therein, and not be allowed to create more. Is this possible? 1201412268 M * daniel_hozac not yet. would you be willing to test it? 1201412279 M * daniel_hozac (it's been on my TODO for some time) 1201412310 M * nwf daniel_hozac: If you've a patch handy and don't mind explaining how I wire a patch into the debian vserver kernel build goo... :) 1201412331 M * nwf (And you think it's likely to work on a SPARC host... ^^) 1201412334 M * daniel_hozac i have no idea how to do the latter. 1201412558 M * nwf Well, I can try to do that. Have a link to a patch? 1201412624 M * daniel_hozac need to create it first, give me a couple of minutes... ;) 1201412663 M * daniel_hozac how are you creating/setting up the interfaces? on the host? 1201413245 M * nwf Yeah, I am using (a patched) tunctl. 1201413563 M * daniel_hozac patched for what? 1201413575 M * nwf http://marc.info/?l=user-mode-linux-user&m=120118924012224&w=2 1201413602 Q * jescheng Remote host closed the connection 1201413605 M * nwf Since the tun device is unable to switch modes at runtime. 1201413613 J * jescheng ~jescheng@proxy-sjc-1.cisco.com 1201413660 M * daniel_hozac wow, that's silly. tunctl not able to create tun interfaces... 1201413668 M * nwf Yeah, I was amused. 1201413746 M * nwf Also the tun driver failed to clear IFF_NO_PI or IFF_ONE_QUEUE, but that's a kernel bug (patch submitted upstream, but is going to cause me some headaches until it gets in to official builds). 1201413814 M * nwf So it's great... tinc opened the device in IFF_TUN mode, but tunctl created it in IFF_TAP | IFF_NO_PI, so it stayed in that mode. The binding of tun%d to IFF_TUN / tap%d to IFF_TAP devices is... not actually enforced. 1201414052 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/k/delta-tun-feat01.diff 1201414058 M * daniel_hozac you'll need a patch to set the nid too. 1201414069 M * nwf nid? 1201414100 M * daniel_hozac network context id. 1201414310 M * nwf How are these managed? (Sorry for being clueless, I just don't recall running across them in the docs...) 1201414376 M * daniel_hozac it's typically the same as the xid, used for all things related to networking. 1201414854 M * nwf The FAQ has some things about creating processes or dynamically adding nids, but the flower page doesn't say anything about them... are they set automatically or do I have to set them or ... ? 1201414933 M * daniel_hozac as i said, it's by default the same as the xid. 1201414973 M * daniel_hozac it can be set independently by having a /etc/vservers//ncontext, in addition to /etc/vservers//context, but that's hardly ever used. 1201414973 M * nwf Sorry, I am tired... "typically the same as" came across as "most users set it up so that" 1201415462 T * * http://linux-vserver.org/ | latest stable 2.2.0.6, 2.0.3-rc3, devel 2.3.0.32, stable+grsec 2.2.0.6 | util-vserver-0.30.214 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we'll forget about the minute ;) 1201415462 T * harry - 1201417292 M * nwf Sorry for the delay... should I also patch ncaps-net.c to understand NXC_TUN_CREATE / _ATTACH? 1201417335 M * daniel_hozac not necessary, you can use the bit numbers. 1201417383 M * nwf OK. 1201417444 Q * mire Read error: Operation timed out 1201417543 M * nwf As far as I understand your patch, I need to give the vserver NXC_TUN_ATTACH but it will be unable to see tun devices that don't match its nid? 1201417553 M * daniel_hozac yes. 1201417572 M * daniel_hozac or, well, NXC_TUN_ATTACH is not required. 1201417623 M * nwf What's the TUNSETIFF pathway in that case? 1201417634 M * daniel_hozac hmm? 1201417652 M * nwf I was expecting that tun_get_by_name would succeed and I'd need NXC_TUN_ATTACH so as not to get EPERM? 1201417704 M * nwf (Since I don't want the vserver to have CAP_NET_ADMIN either) 1201417712 M * daniel_hozac that's only if you've set an owner. 1201417734 M * nwf Ah, OK, so just make it persistent and don't mark an owner. 1201417737 M * nwf Thanks. :) 1201417741 M * daniel_hozac and set the nid. 1201418777 M * nwf Right. 1201420498 Q * ensc Ping timeout: 480 seconds 1201420816 J * JonB ~NoSuchUse@kg0-128.kollegiegaarden.dk 1201421285 J * DLange ~dlange@p57A3204D.dip0.t-ipconnect.de 1201421333 Q * Loki|muh Server closed connection 1201421334 J * Loki|muh loki@satanix.de 1201422051 J * yaboo ~jsirucka@60-240-251-154.tpgi.com.au 1201422075 M * yaboo hello how do I increase the /tmp partition 1201422094 M * daniel_hozac edit /etc/vservers//fstab 1201422109 M * yaboo on the host machine? 1201422119 M * daniel_hozac yes... 1201422145 M * yaboo thanks 1201422213 Q * PowerKe Server closed connection 1201422224 J * PowerKe ~tom@d54C13E4B.access.telenet.be 1201422690 J * derjohn_mobil ~aj@p5B23D0B3.dip.t-dialin.net 1201423595 J * ktwilight ~ktwilight@131.212-66-87.adsl-static.isp.belgacom.be 1201423688 J * ensc ~irc-ensc@77.235.182.26 1201424003 Q * ktwilight_ Ping timeout: 480 seconds 1201424182 J * ktwilight_ ~ktwilight@111.221-66-87.adsl-static.isp.belgacom.be 1201424183 Q * ktwilight Read error: Connection reset by peer 1201424493 Q * JonB Ping timeout: 480 seconds 1201425403 Q * kiorky_ Ping timeout: 480 seconds 1201425751 J * ftx_ ~ftx@dslb-084-060-231-255.pools.arcor-ip.net 1201426422 J * kiorky ~kiorky@cryptelium.net 1201426608 Q * Hunger Server closed connection 1201426674 J * Hunger Hunger.hu@213.163.11.138 1201427679 J * dna ~dna@184-234-dsl.kielnet.net 1201428174 J * JonB ~NoSuchUse@kg0-128.kollegiegaarden.dk 1201429245 Q * derjohn_mobil Ping timeout: 480 seconds 1201430760 Q * nebuchadnezzar Remote host closed the connection 1201430821 J * nebuchadnezzar ~nebu@zion.asgardr.info 1201430827 M * nebuchadnezzar hi 1201431285 M * daniel_hozac hello 1201431381 M * daniel_hozac how's it going? 1201433156 M * nebuchadnezzar great 1201433172 M * nebuchadnezzar my new 2.6.22-vs2.3.0.32 work well on my sparc64 1201433183 M * nebuchadnezzar s/work/works/ 1201433468 M * daniel_hozac great! 1201434104 Q * JonB Ping timeout: 480 seconds 1201434547 Q * Aiken Remote host closed the connection 1201434860 J * mattzerah ~matt@121.50.222.102 1201435221 J * Aiken ~james@ppp59-167-109-167.lns3.bne1.internode.on.net 1201435732 J * JonB ~NoSuchUse@kg1-68.kollegiegaarden.dk 1201435788 N * mattzerah mattzerah`afk 1201435820 Q * Aiken Remote host closed the connection 1201435836 Q * kiorky Quit: leaving 1201436199 J * UukGoblin ~jaa@sr-fw1.router.uk.clara.net 1201436202 M * UukGoblin Hi 1201436234 M * UukGoblin is there a list of pros and cons of what interface should I use for my vservers? loopback vs dummy, I mean? 1201436273 M * UukGoblin the debian howtos show dummy, but tcpdump doesn't seem to work on dummy. Is it OK to use lo? 1201436287 M * JonB what is it you want to do? 1201436319 M * UukGoblin I want vservers which are initially only accessible to the main context, so I assign them a local ip range like 10.1.0.0/16 1201436327 M * JonB okay 1201436336 M * JonB why do you need tcpdump? 1201436356 M * UukGoblin well if some of my NATing rules break I like to have tcpdump as a debug tool, for example 1201436510 M * daniel_hozac it doesn't matter if you use lo or dummy, you still need to tcpdump your ethernet interface for traffic not destined for the host. 1201436554 M * UukGoblin well, some of the vservers need to access each other 1201436568 M * UukGoblin and that traffic doesn't go through the ethernet interface 1201436575 M * daniel_hozac which will be going over lo, also regardless of which interface you've assigned. 1201436613 M * UukGoblin point taken 1201436646 M * daniel_hozac interfaces don't matter, it's all IP-based. 1201436647 M * JonB UukGoblin: if you have 2 ethernet devices one could stay plugged in with a cable, and the other could be used as a vserver guest ethernet device 1201436664 M * daniel_hozac (both Linux and Linux-VServer) 1201436671 M * UukGoblin okay, another scenario: I DNAT from eth to the vserver... I use tcpdump on eth to see if there's traffic, I see packets, I'd like to tcpdump lo or dummy to see if the packet gets there at all, I see nothing 1201436678 M * UukGoblin well, nothing with dummy and something on lo 1201436705 M * daniel_hozac that's not gonna fly, ever. 1201436710 M * UukGoblin which, as you've pointed out, I may see because the actually on lo ;-] 1201436730 M * daniel_hozac it comes in whatever interface it comes in, it never goes out. 1201436740 M * UukGoblin anyway now I'm wondering whether my vservers should be on lo or dummy, lo *seems* to have this extra functionality of tcpdump working 1201436753 M * daniel_hozac no, nothing will change... 1201436762 M * UukGoblin so the primary question what's the difference between lo and dummy, if any 1201437178 M * JonB UukGoblin: why is it you want to DNAT packets to your vserver guests in the first place? why not just let them use the real ethernet device and then firewall them off? 1201437201 M * daniel_hozac one public IP address... 1201437205 J * Medivh ck@dolphin.serverbox.de 1201437306 M * JonB daniel_hozac: as long as the services does not use the same ports, it should still work to share it, right? 1201437319 M * daniel_hozac it does, but DNAT is preferred. 1201437325 M * UukGoblin JonB, well mostly for security reasons... besides, switching off a vserver which uses eth has this nasty feature/bug of shutting down the whole eth so main server becomes inaccessible 1201437328 M * daniel_hozac that way, one compromised guest cannot interfere with the rest. 1201437344 M * UukGoblin yup, that's my point 1201437349 M * JonB daniel_hozac: okay, i see 1201437350 M * UukGoblin too 1201437368 Q * yaboo Ping timeout: 480 seconds 1201437374 M * daniel_hozac UukGoblin: addresses will only be removed if you tell the utils to... 1201437380 M * UukGoblin I know 1201437418 M * UukGoblin it's just risky... I don't like surprises and I don't always control what the utils are told to do ;-) 1201437449 M * daniel_hozac only people who know what they're doing should have root... 1201437485 M * UukGoblin heheh 1201437494 M * daniel_hozac (especially on the host) 1201437501 M * UukGoblin well you wouldn't learn anything that way, would you? ;-) 1201437533 M * UukGoblin unless you had a teacher who knows what he's doing and is willing to spend a lot of time with you 1201437556 M * daniel_hozac that's what development servers are for. 1201437623 M * UukGoblin well that sort of is a development server... it will be simply troublesome to book datacentre access in case I have to reboot it ;-) 1201437649 M * UukGoblin besides, the second reason for using DNAT that you've pointed out is also appropriate 1201437652 M * daniel_hozac that's what serial console/IPMI/AMT/etc. are for. 1201437673 M * UukGoblin would be great to have one, but I don't ;-] 1201437734 M * UukGoblin we're wandering off the main point though, I was wondering if there is any difference between using lo and dummy :-> 1201437744 M * daniel_hozac as i said, no. 1201437748 M * daniel_hozac interfaces don't matter at all. 1201437761 M * UukGoblin ok, cool, thanks :-) 1201437915 J * Piet_ ~piet@tor.noreply.org 1201437966 Q * Piet Remote host closed the connection 1201437979 J * Punkie ~punkie@home.pekelny.net 1201438234 J * ema ~ema@rtfm.galliera.it 1201438284 Q * JonB Quit: This computer has gone to sleep 1201438515 Q * Punkie Remote host closed the connection 1201438820 Q * nox Ping timeout: 480 seconds 1201439226 J * nox ~nox@static.88-198-17-175.clients.your-server.de 1201439252 J * doener ~doener@i577AE27B.versanet.de 1201439373 J * Punkie ~punkie@home.pekelny.net 1201439560 J * ViRUS ~mp@p57A6D07E.dip.t-dialin.net 1201439602 J * JonB ~NoSuchUse@kg1-68.kollegiegaarden.dk 1201439760 J * Infinito argos@200-140-66-167.gnace701.dsl.brasiltelecom.net.br 1201439779 N * phedny Guest763 1201439784 J * phedny ~mark@064-022-128-083.dynamic.caiway.nl 1201439869 Q * Guest763 Ping timeout: 480 seconds 1201442081 Q * Infinito Quit: Quitte 1201442229 Q * JonB Quit: This computer has gone to sleep 1201442903 J * ftx__ ~ftx@dslb-084-060-214-218.pools.arcor-ip.net 1201443088 Q * ftx_ Ping timeout: 480 seconds 1201443968 J * doener_ ~doener@i577AE762.versanet.de 1201443977 J * JonB ~NoSuchUse@kg1-68.kollegiegaarden.dk 1201444379 Q * doener Ping timeout: 480 seconds 1201445505 Q * JonB Quit: This computer has gone to sleep 1201445654 J * JonB ~NoSuchUse@kg1-68.kollegiegaarden.dk 1201446550 Q * Punkie Remote host closed the connection 1201446586 J * Punkie ~punkie@home.pekelny.net 1201446923 J * mire ~mire@89-171-222-85.adsl.verat.net 1201447094 J * MGS ~mgs@s5593e94d.adsl.wanadoo.nl 1201447485 M * MGS Anyone in here has some knowledge about (Debian Etch default packages) vserver install and routing for vserver guests? Have several vservers here that need different default gateways and I've been stuck for days trying to figure out how to accomplish this :s So any pointers are very welcome! Been trying to configure things with ip route ... on the host for days but it simply doesn't seem to work. 1201447518 J * daniele ~daniele@81-174-24-161.dynamic.ngi.it 1201447528 P * daniele 1201447584 M * daniel_hozac how so? 1201447616 M * daniel_hozac it's regular source routing. 1201447675 M * daniel_hozac http://lartc.org/howto/lartc.rpdb.html#LARTC.RPDB.SIMPLE 1201447708 M * MGS well, the following is the situation: 1201447708 M * MGS HOST: 3 nics eth0 (10.254.0.0/24), eth1 (10.11.0.0/24), eth2 (10.10.0.0/24) 1201447814 M * MGS vservers with interfaces in some of these networks. I.E.: 1201447814 M * MGS file: eth0:20:0 (10.254.0.20), eth1:20:1 (10.11.0.20). Default gateway should be on 10.11.0.254 1201447843 M * MGS Daniel, just read that page and came to the following: 1201447861 M * MGS sudo ip rule add from 10.11.0.20 table file01_data""" 1201447861 M * MGS sudo ip route add default via 10.11.0.254 dev eth1:20:1 table file01_data""" 1201447861 M * MGS sudo ip route flush cache""" 1201447871 M * MGS (ignore the """ svp) 1201447908 M * MGS but there is no change I can notice so far 1201447937 J * yaboo ~jsirucka@220-245-131-131.static.tpgi.com.au 1201448035 M * daniel_hozac and 10.11.0.20 is the source address used for whatever traffic you're monitoring? 1201448064 M * MGS should be yes 1201448083 M * daniel_hozac have you verified that? 1201448091 M * MGS I have some logging on the gateway that shows the correct adresses 1201448117 M * MGS when I set the default gateway on the host's interfaces, the expected IP is shown 1201448194 M * MGS ie: set gateway (in /etc/network/interfaces on host) on eth1 to 10.11.0.254 1201448194 M * MGS enter vserver and try to connect to external network. Gateway logging shows src being 10.11.0.20 1201448200 J * Infinito argos@200-140-66-167.gnace701.dsl.brasiltelecom.net.br 1201448223 M * MGS same goes if I change the default gateway on the host 1201448242 M * MGS but I want vserver specific gateways 1201448332 M * daniel_hozac what about when it doesn't work? what's the source IP in that case? 1201448381 M * MGS nothing. Since it's unaware of any gateways 1201448398 M * MGS from vserver: 1201448398 M * MGS ip route show 1201448398 M * MGS 10.10.0.0/24 dev if2 proto kernel scope link src 10.10.0.40 1201448398 M * MGS 10.254.0.0/24 dev eth0 proto kernel scope link src 10.254.0.70 1201448398 M * MGS 10.11.0.0/24 dev eth1 proto kernel scope link src 10.11.0.20 1201448417 M * MGS just gives me the network unreachable thingy 1201448426 M * MGS which makes sense 1201448489 M * daniel_hozac so it's obviously not picking the source address you expect it to. 1201448526 M * MGS hmmm, as far as I can tell, the whole gateway isn't assigned to the vserver 1201448535 M * daniel_hozac there's no such thing. 1201448548 M * daniel_hozac networking happens on the host, guests are merely limited to a subset of the IP addresses. 1201448601 M * MGS Yeah, got that far, am configuring the routes on the host. 1201448670 M * MGS basically: 1201448670 M * MGS sudo ip rule add from 10.11.0.20 table file01_data 1201448670 M * MGS sudo ip route add default via 10.11.0.254 dev eth1 table file01_data 1201448670 M * MGS sudo ip route flush cache 1201448689 M * daniel_hozac you're missing the route for 10.11.0.0/24. 1201448732 M * MGS so I also need to define a default gateway per network first? 1201448742 M * daniel_hozac huh? 1201448795 M * MGS as in src=10.11.0.x/24 gateway=10.11.0.254? 1201448867 M * MGS on the host now: 1201448867 M * MGS $ sudo ip route ls 1201448867 M * MGS 10.10.0.0/24 dev eth2 proto kernel scope link src 10.10.0.40 1201448867 M * MGS 10.254.0.0/24 dev eth0 proto kernel scope link src 10.254.0.70 1201448867 M * MGS 10.11.0.0/24 dev eth1 proto kernel scope link src 10.11.0.20 1201448873 M * MGS $ sudo ip rule show 1201448873 M * MGS 0: from all lookup 255 1201448873 M * MGS 32764: from 10.11.0.20 lookup file01_data 1201448873 M * MGS 32765: from 10.11.0.20 lookup file01_data 1201448873 M * MGS 32766: from all lookup main 1201448875 M * MGS 32767: from all lookup default 1201448898 M * MGS (please ignore that double entry for file01_data) 1201448899 M * daniel_hozac please use paste.linux-vserver.org for anything longer than 3 lines. 1201448905 M * MGS ok, sorry bout that! 1201448918 Q * ema Quit: leaving 1201448922 M * daniel_hozac and you're missing the actually interesting part, ip route show table file01_data 1201448944 M * MGS $ sudo ip route show table file01_data 1201448944 M * MGS default via 10.11.0.254 dev eth1 1201448976 M * daniel_hozac which obviously won't work, as 10.11.0.254 is unreachable. 1201448985 M * UukGoblin huh, using debian's newvserver script, when I stop a vserver (using a dummy interface), all IPs assigned to dummy get erased 1201448992 M * MGS aha, so that should be my hosts address? 1201449002 M * UukGoblin does it mean debian people packaged it wrongly? 1201449019 M * UukGoblin I thought it was just me when I had that problem on another machine 1201449022 M * daniel_hozac no, that means you need to add a route for 10.11.0.0/24, as i said. 1201449046 M * daniel_hozac UukGoblin: have you enabled secondaries promotion in the kernel? 1201449062 M * UukGoblin daniel_hozac, I don't know, I'm using debian's vserver kernel 1201449082 M * UukGoblin (yeah, blaming everything on others;-) 1201449091 M * daniel_hozac cat /proc/sys/net/ipv4/conf/all/promote_secondaries 1201449103 M * UukGoblin 0 1201449110 M * daniel_hozac == disabled.. 1201449175 M * UukGoblin yup, that seems to have helped. 1201449188 M * UukGoblin thanks 1201449208 M * UukGoblin should I send a bugreport to debian to make it happen by default, or is it something not always desirable? 1201449291 M * daniel_hozac it's not always desirable, that's why it's a sysctl... 1201449374 M * UukGoblin ok, purely my fault then :-) 1201449679 M * MGS Daniel: Thanks, needed some time to sink in but I guess it's logic :) Going tinker around a bit, thanks for the help! 1201450009 M * UukGoblin ok, one (hopefully last) thing I don't understand... from inside guest, when I try connecting to 127.0.0.1, why do I connect to that guest itself, rather than the main context? If I run nc -l -s 127.0.0.1 in the main context, the guest won't connect to it (but will connect to a netcat listening inside the guest). Looks like something is rewriting 127.0.0.1 to 10.2.0.10 (the guest's IP on dummy0). I tried putting ~HIDE_LBACK to nflags, no change. 1201450028 M * UukGoblin I'm probably not running 2.3.x anyway so that wouldn't work 1201450058 M * daniel_hozac yep. 1201450109 P * MGS 1201450141 M * UukGoblin is it something happening by default in 2.2? how can I connect from the guest to the main context then? Do I have to use eth's IP? 1201450170 M * daniel_hozac it's been happening by default since at least 1.2... 1201450173 M * UukGoblin or assign some IP on dummy for the main context? 1201450226 M * daniel_hozac whatever the host is listening on. 1201450259 M * UukGoblin apart from 127.0.0.1, of course? :-) 1201450282 M * daniel_hozac 127.0.0.1 is rewritten to the guest's first IP address, so if the host is listening on that... 1201450293 Q * JonB Quit: This computer has gone to sleep 1201450321 M * UukGoblin ah yes the host would have to listen on the guest's IP for 127.0.0.1 to work, I get it :-) 1201450349 M * UukGoblin so it's possible to override this default with ~HIDE_LBACK from 2.3.x on 1201450388 M * daniel_hozac more like ~lback_remap. 1201450451 M * UukGoblin cool 1201450638 Q * AStorm Ping timeout: 480 seconds 1201450665 J * AStorm ~astralsto@chello089077127128.chello.pl 1201450908 Q * Infinito Quit: Quitte 1201451569 J * kiorky ~kiorky@cryptelium.net 1201451725 J * JonB ~NoSuchUse@kg1-68.kollegiegaarden.dk 1201451870 Q * JonB 1201452172 J * pmenier ~pmenier@83.115.4.153 1201452388 Q * yaboo Ping timeout: 480 seconds 1201452495 Q * kiorky Ping timeout: 480 seconds 1201452860 P * UukGoblin thanks for now :-) 1201453153 Q * ensc Ping timeout: 480 seconds 1201453338 J * ensc ~irc-ensc@77.235.182.26 1201453708 J * kiorky ~kiorky@cryptelium.net 1201453972 J * JonB ~NoSuchUse@kg1-68.kollegiegaarden.dk 1201454103 J * chidigital ~chigital@p5B0C4601.dip.t-dialin.net 1201454280 Q * JonB Quit: This computer has gone to sleep 1201454992 J * lilalinux ~plasma@80.69.41.3 1201455288 Q * chidigital Ping timeout: 480 seconds 1201456451 J * JonB ~NoSuchUse@kg1-68.kollegiegaarden.dk 1201456517 Q * lilalinux Remote host closed the connection 1201456735 Q * ViRUS Quit: Leaving 1201456803 Q * jescheng Remote host closed the connection 1201456817 J * jescheng ~jescheng@proxy-sjc-1.cisco.com 1201457979 N * virtuoso_ virtuoso 1201458085 J * emag_ ~Itoc5OI6@gurski.org 1201458100 J * nwf_ ~nwf@76.161.226.43 1201458102 Q * jescheng synthon.oftc.net oxygen.oftc.net 1201458102 Q * brc synthon.oftc.net oxygen.oftc.net 1201458102 Q * nwf synthon.oftc.net oxygen.oftc.net 1201458102 Q * mountie synthon.oftc.net oxygen.oftc.net 1201458102 Q * emag synthon.oftc.net oxygen.oftc.net 1201458125 J * jescheng ~jescheng@proxy-sjc-1.cisco.com 1201458188 J * mountie ~mountie@trb229.travel-net.com 1201460047 Q * pmenier Quit: Konversation terminated! 1201460283 Q * matti Ping timeout: 480 seconds 1201460551 J * ema ~ema@rtfm.galliera.it 1201460555 Q * ema 1201461812 J * matti matti@acrux.romke.net 1201462200 J * derjohn_mobil ~aj@212.23.103.102 1201462346 J * ema ~ema@rtfm.galliera.it 1201464010 Q * derjohn_mobil Ping timeout: 480 seconds 1201464017 Q * Punkie Quit: Punkie 1201464102 J * Aiken ~james@ppp59-167-109-167.lns3.bne1.internode.on.net 1201464508 J * Infinito argos@200-140-66-167.gnace701.dsl.brasiltelecom.net.br 1201464740 J * brc bruce@megarapido.cliquerapido.com.br 1201464974 J * Punkie ~punkie@home.pekelny.net 1201465246 Q * JonB Quit: This computer has gone to sleep 1201465623 N * emag_ emag 1201466274 J * virtuoso_ ~s0t0na@ppp91-122-25-82.pppoe.avangard-dsl.ru 1201466684 Q * virtuoso Ping timeout: 480 seconds 1201466930 Q * DLange Quit: Bye, bye. Hasta luego. 1201467223 J * Piet__ ~piet@tor.noreply.org 1201467484 Q * Aiken Remote host closed the connection 1201467632 J * Aiken ~james@ppp59-167-109-167.lns3.bne1.internode.on.net 1201467638 Q * Piet_ Ping timeout: 480 seconds 1201468259 Q * mire Ping timeout: 480 seconds 1201468627 Q * Infinito Quit: Quitte 1201468658 Q * Piet__ Ping timeout: 480 seconds 1201468833 J * mire ~mire@212-171-222-85.adsl.verat.net 1201469116 J * Piet__ ~piet@tor.noreply.org 1201469405 Q * ftx__ Ping timeout: 480 seconds 1201472368 Q * Punkie Read error: Connection reset by peer 1201472450 J * Punkie ~punkie@home.pekelny.net 1201473336 Q * haxier Remote host closed the connection 1201473813 Q * bernard Ping timeout: 480 seconds 1201474826 M * duckx Hy 1201474851 M * duckx I just read the flower page again ... and discovered the cpuset thing .... 1201474912 J * dna_ ~dna@184-234-dsl.kielnet.net 1201475040 J * derjohn_mobil ~aj@e180195174.adsl.alicedsl.de 1201475317 Q * dna Ping timeout: 480 seconds 1201475443 N * mattzerah`afk mattzerah 1201475593 Q * larsivi Quit: Konversation terminated! 1201475831 Q * ema Quit: leaving 1201475964 Q * Punkie Quit: Punkie 1201476014 Q * mattzerah Quit: GONE! 1201477430 Q * dna_ Quit: Verlassend