1203380060 M * Radiance night Bertl_zZ :) 1203380527 Q * Piet_ Quit: Piet_ 1203381630 Q * yarihm Quit: Leaving 1203381743 Q * daniel_hozac Ping timeout: 480 seconds 1203382616 J * daniel_hozac ~daniel@ssh.hozac.com 1203388449 Q * balbir Ping timeout: 480 seconds 1203390058 Q * nkukard Quit: Leaving 1203393450 J * Infinito argos@201-10-139-5.gnace701.dsl.brasiltelecom.net.br 1203394737 Q * Infinito Quit: Quitte 1203395601 J * nkukard ~nkukard@vc-196-207-41-245.3g.vodacom.co.za 1203395844 J * doener ~doener@i577B8F4B.versanet.de 1203396111 Q * nkukard Quit: Leaving 1203396261 Q * doener_ Ping timeout: 480 seconds 1203396935 J * balbir ~balbir@59.145.136.1 1203399155 J * WDTY ~root@82-171-214-117.dsl.ip.tiscali.nl 1203399485 Q * quasisane Read error: Operation timed out 1203404142 J * JonB ~NoSuchUse@77.75.164.169 1203406700 J * oliwel ~mail-at-o@129.187.6.59 1203407743 Q * JonB Ping timeout: 480 seconds 1203408511 J * JonB ~NoSuchUse@77.75.164.169 1203409907 Q * JonB Quit: This computer has gone to sleep 1203410288 Q * balbir oxygen.oftc.net osmotic.oftc.net 1203410288 Q * Supaplex oxygen.oftc.net osmotic.oftc.net 1203410342 J * balbir ~balbir@59.145.136.1 1203410342 J * Supaplex supaplex@166-70-62-194.ip.xmission.com 1203410342 Q * balbir Max SendQ exceeded 1203410418 J * gebura ~gebura@77.192.186.197 1203410448 N * DoberMann[ZZZzzz] DoberMann 1203410890 M * gebura hi 1203411252 J * balbir ~balbir@59.145.136.1 1203411456 J * nkukard ~nkukard@vc-196-207-45-245.3g.vodacom.co.za 1203411928 J * jsambrook ~jsambrook@aelfric.plus.com 1203411965 J * dib ~dib@LPuteaux-151-41-2-6.w217-128.abo.wanadoo.fr 1203412154 J * virtuoso_ ~s0t0na@ppp91-122-160-175.pppoe.avangard-dsl.ru 1203412364 M * dib hello ;-) I need to use a real IP in a vserver, what is the better way: declare it on the host, then remap any needed service on the private guest IP, or declare it directly on the guest ? thanks 1203412505 M * dib seems that declaring it on the guest does'nt works : host see it, but nobody outside host see it :-( 1203412527 Q * virtuoso Ping timeout: 480 seconds 1203412561 M * Loki|muh we have both setups here and both work flawless 1203412647 M * Loki|muh maybe a firewall or routing issue? 1203412766 M * dib ok, i will dig further... thanks 1203413918 J * JonB ~NoSuchUse@130.226.210.8 1203415003 J * sharkjaw ~gab@shell.ormset.no 1203415314 Q * jsambrook Quit: Leaving. 1203415421 J * jsambrook ~jsambrook@aelfric.plus.com 1203415458 Q * oliwel Quit: ChatZilla 0.9.80 [Firefox 2.0.0.7/2007092022] 1203416234 M * Slydder dib: if the guest is on a different subnet then it is defo a routing issue. if it is on the same subnet then routing should be easy. 1203416490 J * chigital ~chigital@91.90.144.102 1203416515 M * dib ah, i see. the second (public) IP for this guest is not on the same subnet. 1203416598 M * dib i mean, the second IP to declare on the same iface (eth0) 1203416792 M * daniel_hozac if you set it up on the host, does it work? 1203416814 M * daniel_hozac there's really no difference when assigning it to a guest. 1203416840 M * daniel_hozac if you get it to work on the host, the guest will woork too. 1203416911 M * dib yes, it works when declared on host. but i have also some other guest with private IP, and some iptables nat rules for theses... 1203417086 M * daniel_hozac as long as you specify the address, they shouldn't be a problem... 1203417495 Q * balbir Ping timeout: 480 seconds 1203417770 Q * nkukard Ping timeout: 480 seconds 1203417822 J * nkukard ~nkukard@vc-196-207-45-245.3g.vodacom.co.za 1203419575 J * lilalinux ~plasma@80.69.41.3 1203419632 J * balbir ~balbir@59.145.136.1 1203420026 J * pmenier ~pme@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr 1203420264 J * _mcp ~hightower@wolk-project.de 1203420366 Q * mcp Ping timeout: 480 seconds 1203420367 N * _mcp mcp 1203420578 Q * WDTY Remote host closed the connection 1203420653 N * Bertl_zZ Bertl 1203420661 M * Bertl greetings! 1203420755 J * Punkie ~Punkie@goc.coolhousing.net 1203421470 M * dib so, i need iptables nat help: IP0 is host main IP, IP1, IP2 are public IP declared on vs1, vs2, IP3, IP4 are privates IP on vs3, vs4 1203421496 M * dib 1) howto nat only IP3 IP4 via IP0 ? 1203421553 M * dib 2) howto portmap, say IP0:80 to IP3:80, and IP0:25 to IP4:25 1203421561 M * dib 3) many thanks 1203421736 Q * lilalinux Remote host closed the connection 1203421747 M * gebura dib, search on the wiki 1203421759 M * gebura don't remember the page name but there is some one 1203421798 M * gebura http://linux-vserver.org/Networking_vserver_guests 1203421893 M * dib yes, i've been using that rules so far, with only private addresses on guests 1203422014 M * dib but this rule: iptables -t nat -A PREROUTING -s ! 192.168.1.0/24 -m tcp -p tcp --dport $EXTPORT -j DNAT --to-destination $VHOST:$INTPORT 1203422098 M * dib seems incorrect for my new setup 1203422143 M * Bertl why? 1203422195 J * remark ~lol@host49-16-dynamic.7-87-r.retail.telecomitalia.it 1203422210 A * ard6 would use -i !lo instead of -s ! ... 1203422214 A * remark come here is good ..:irc.ircitaly.net:.. 1203422215 A * remark come here is good ..:irc.ircitaly.net:.. 1203422216 A * remark come here is good ..:irc.ircitaly.net:.. 1203422217 A * remark come here is good ..:irc.ircitaly.net:.. 1203422217 A * remark come here is good ..:irc.ircitaly.net:.. 1203422217 F * FloodServ +q *!*@host49-16-dynamic.7-87-r.retail.telecomitalia.it 1203422235 A * ard6 doesn't know -m tcp 1203422256 F * ChanServ +o Bertl 1203422262 J * ftx ~ftx@dslb-084-060-253-128.pools.arcor-ip.net 1203422263 M * ard6 ah, match tcp... 1203422269 F * Bertl +b *!*lol@*.7-87-r.retail.telecomitalia.it 1203422269 K remark Bertl remark 1203422271 M * ard6 -p tcp is enough for that 1203422330 M * ard6 But the biggest reason that it doesn't work is probably because there is a matching DNAT before this rule 1203422339 M * ard6 anyway, you can see if the rule matches 1203422708 M * dib yes, it works!! fine, many thanks. 1203423674 Q * ard6 Quit: Gone with the r00t exploit 1203424181 Q * Chr0nicles Quit: 2.6.22.18 \o/ 1203424300 Q * balbir Ping timeout: 480 seconds 1203424862 Q * chigital Ping timeout: 480 seconds 1203425040 J * ard6 ~ard@2002:d9c4:2909:1::1 1203425201 Q * Aiken Remote host closed the connection 1203425317 M * derjohn Hello Bertl, I look into the /Experimental dir ffrom day to day, hoping for a new rc (for 2.6.24). Can you estimate, when it will appear? I should I better usea 2.6.22 based kernel ? 1203425531 M * Bertl 2.6.22 is definitely the better choice for now 1203425566 F * Bertl -o Bertl 1203425628 Q * matthew_ Ping timeout: 480 seconds 1203425637 M * gebura the question of the month :) 1203425821 F * FloodServ -q *!*@host49-16-dynamic.7-87-r.retail.telecomitalia.it 1203426762 Q * friendly12345 Quit: Leaving. 1203427905 J * menomc ~amery@kilo105.server4you.de 1203427905 Q * mnemoc Read error: Connection reset by peer 1203427914 N * menomc mnemoc 1203427915 Q * morfoh Read error: Connection reset by peer 1203427921 J * morfoh ~morfoh@kilo105.server4you.de 1203427997 M * Slydder with the new version of vserver what is the best way to do localhost (127.0.0.1) interfaces? I set up a lo interface on a guest with the ip of 127.0.0.133 and when I ping localhost it resolves to 127.0.0.133 and then pings 127.0.0.1. or can i use 127.0.0.1 without worries? and what of 0.0.0.0? 1203428210 M * Slydder am guessing the seperate loopbacks are no longer needed due to the new localhost support but 0.0.0.0 is still not allowed (meaning ssh, apache and others will need to be bound to certain IP's). 1203428279 M * pmjdebruijn Slydder: what do you mean by "new" 2.2 of 2.3? 1203428292 M * Slydder 2.3 1203428421 M * Bertl use lback and the remapping, you'll get an 'lo' with 127.0.0.1 by default 1203428468 M * Slydder i already have the 127.0.0.1 interface on my guests now. am just wondering if there are any limitations I should now about. 1203428505 M * Bertl all 127.x.x.x addresses are mapped to the lback address by default 1203428516 M * Slydder i know when I set up exim to listen on loopback it shows up not as the loopback but as the public ip when i do netstat -l 1203428531 M * Bertl which is 127.x.y.1 with x:y based on context ip 1203428556 M * Bertl you do not use auto lback as it seems, otherwise that would be a separate address 1203428564 M * Slydder oh. ok 1203428571 M * Slydder and how do i enable that? 1203428585 M * Bertl just select it in the kernel config 1203428591 M * Slydder i did 1203428613 M * Slydder there was only 1 or 2 options i didn't choose in the kernel config 1203428641 M * Slydder one was "very experimental" and i think that was the only one i didn't activate 1203428649 M * Bertl then your guest should get an lback address by default, check with /proc/virtnet//status 1203428721 M * Slydder what am I looking for in status? 1203428788 M * Bertl for the 'lback' address and the flags (best upload status and info to pastebin) 1203428817 Q * sharkjaw Quit: Leaving 1203428847 M * Slydder http://paste.linux-vserver.org/11760 1203428937 M * Bertl ah, single ip is enabled 1203428965 M * Slydder Automatically Assign Loopback IP was enabled in the config and Enable Virtualized Guest Time was the one I didn't enable 1203428977 M * Bertl disable that in your nflags and you'll get your own lback :) 1203428986 M * Slydder k 1203428994 M * Slydder off to the flower page once more. lol 1203428996 M * Slydder thanks 1203429001 M * Bertl the single ip special casing has priority atm 1203429008 M * Slydder k. 1203429026 M * Bertl if you assign more than one IP to the guest, it will be automatically disabled 1203429276 J * balbir ~balbir@59.145.136.1 1203429481 M * Slydder is there a way to get the LBACK_REMAP and the ~SINGLE_IP working by default when I install a guest? a default nflag file maybe? 1203429539 M * Bertl you can do that, or if you are sure that you don't want the single ip special casing, then you can disable it in the kernel config 1203429598 M * Slydder can't do a rebuild of the kernel now. just went into production today. lol. the loopback was the last problem i had on the box. will disable single IP in the next host though. 1203429713 M * Slydder where would I add the nflags file in the .defaults area to get that added with each new guest? 1203429767 M * Slydder in the options file in /etc/vservers/.defaults/apps/build ? 1203429792 M * Bertl check with daniel_hozac, he knows where and how you can do that (maybe requires modifying an install script) 1203429819 M * Slydder k 1203429823 M * Slydder thanks for the info. 1203429869 M * Bertl you're welcome! 1203432015 Q * dowdle Remote host closed the connection 1203432027 J * dowdle ~dowdle@scott.coe.montana.edu 1203432384 Q * JonB Ping timeout: 480 seconds 1203432648 J * grocanar ~grocanar@patefgh.int-evry.fr 1203432657 M * grocanar hello there 1203432692 Q * nkukard Read error: Connection reset by peer 1203432697 M * dowdle grocanar: Hello. 1203432717 J * ema ~ema@rtfm.galliera.it 1203432722 M * grocanar well i have a little problem with packaged provided by daniel 1203432766 M * grocanar my server have 8gb of memory and i have to work on 32 bits kernel 1203432777 M * grocanar then i m okking for pae kernel 1203432884 M * dowdle grocanar: If you are using a PAE kernel... yes, it can work with more than 4GB of memory. Physical Address Extension is what PAE stands for I think. 1203432915 M * grocanar opps i wouldl ike to say i m looking for a pae kernel 1203432918 M * Bertl grocanar: you'll need to compile your own kernel for this setup 1203432923 M * grocanar okay 1203432929 M * grocanar i will do that 1203432935 M * gebura a kernel with PEA will never be as performant as a 64bits kernel 1203432940 M * gebura because of some internals design 1203432953 M * gebura based notably of memory copys 1203432956 M * Bertl grocanar: that is a very unusual (and also unfortunate) setup, as it makes stuff slow compared to 64bit 1203432960 M * gebura correct me if i am wrong (not sure) 1203432978 M * grocanar well then i should work to a move to 64 bits system 1203432984 M * Bertl grocanar: I would double check if you system doesn't provide 64bit already 1203432988 M * dowdle People say "slow" but I've yet to see any real evidence. I'm not saying it isn't true... I just want to know by how much. 1203433020 M * Bertl dowdle: it gets worse with heavy memory load, as then, the kernel has to constantly map in/out PAE blocks 1203433031 M * grocanar well i m sure it can provide it but peope here are reuctant to go for it for some obscure reason 1203433042 M * grocanar thanks for the advice 1203433263 M * gebura dowdle, using bonnie++ with ramdisk , you will have some simple results quicly 1203433297 M * dowdle gebura: But that isn't something I usually do. 1203433720 J * nkukard ~nkukard@vc-196-207-45-241.3g.vodacom.co.za 1203434105 Q * balbir Ping timeout: 480 seconds 1203434273 J * onox ~onox@kalfjeslab.demon.nl 1203435072 Q * weasel Quit: brb 1203435098 J * weasel weasel@weasel.chair.oftc.net 1203435200 M * ard6 grocanar : you can work with a 64 bits kernel, and still have a 32 bits userspace... 1203435218 Q * dib Quit: Ex-Chat 1203435220 M * ard6 if your processor has the lm (large mode) flag in /proc/cpuinfo 1203435255 M * ard6 dowdle : perl text filtering with regexes and such are 11% faster 1203435287 M * ard6 that's 64 bits user and kernel... 1203435304 M * ard6 vs 32 bits user and 64 bits kernel 1203435462 J * Infinito_ ~argos@201-3-115-164.gnace701.dsl.brasiltelecom.net.br 1203435735 Q * _gh_ Ping timeout: 480 seconds 1203436049 Q * Slydder Quit: Leaving. 1203436198 J * JonB ~NoSuchUse@77.75.164.169 1203437217 Q * grocanar Quit: Quitte 1203438056 Q * nkukard Quit: Leaving 1203438257 Q * ard6 Quit: b0rken x-server 1203438502 J * _gh_ ~gerrit@bi01p1.co.us.ibm.com 1203438958 Q * JonB Quit: This computer has gone to sleep 1203439129 Q * jsambrook Quit: Leaving. 1203439406 J * ISSAMNEO1 ~ISSAMNEO1@213.150.170.98 1203439419 Q * _gh_ Ping timeout: 480 seconds 1203439419 M * ISSAMNEO1 HI ALL 1203439437 M * ISSAMNEO1 i create a guest 1 using eth0 1203439469 M * ISSAMNEO1 with ip 202 1203439477 M * ISSAMNEO1 then i install apache 1203439485 M * ISSAMNEO1 all is ok now 1203439498 M * ISSAMNEO1 i create geust 2 using eth0 1203439500 M * Bertl sounds good so far! 1203439512 M * ISSAMNEO1 with ip 203 1203439521 M * ISSAMNEO1 when i begin install apache 1203439530 M * ISSAMNEO1 i install apache 1203439545 M * ISSAMNEO1 but then the network doesn't exist anymore 1203439558 M * ISSAMNEO1 i try to ping yahoo but without result 1203439566 M * Bertl you mean, you cannot reach the internet? 1203439572 M * ISSAMNEO1 yes 1203439582 M * Bertl try the following on the host (physical) server 1203439591 M * ISSAMNEO1 unless on the geust 1 all is ok 1203439606 M * Bertl ping -c 1 -I x.x.x.202 www.google.com 1203439621 M * Bertl (supposed to work) 1203439628 M * Bertl if so, try: 1203439634 M * Bertl ping -c 1 -I x.x.x.203 www.google.com 1203439646 M * ISSAMNEO1 i dunno unders tand anything 1203439652 M * ISSAMNEO1 now anything is ok 1203439669 M * ISSAMNEO1 i don't do the ping -c 1 -I x.x.x.203 www.google.com 1203439694 M * Bertl you mean: the second one (203) doesn't work, yes? 1203439703 M * ISSAMNEO1 now it work 1203439718 M * ISSAMNEO1 just i begin to post here and the ping is ok 1203439723 M * ISSAMNEO1 looooooooooool 1203439742 M * Bertl well, probably your upstream router took some time to ack the 'new' ip 1203439749 M * ISSAMNEO1 @ bert1 yes this what i mean , but it work now 1203439768 M * Bertl okay, enjoy your new guests :) 1203439809 M * ISSAMNEO1 no it works ok with the package apache 1203439815 M * ISSAMNEO1 but when i try 1203439826 M * ISSAMNEO1 apt-get install apache2-doc 1203439830 M * ISSAMNEO1 it stops 1203439839 M * ISSAMNEO1 and again now it's down 1203439844 M * ISSAMNEO1 !!!!!!!!!!!!!!!!!!!!!!!! 1203439863 M * Bertl that could have a few reasons 1203439875 M * Bertl first, check that the 203 is not used elsewhere 1203439898 M * Bertl duplicate IPs certainly confuse the router 1203440134 M * ISSAMNEO1 I M UNDER DHCP 1203440165 M * ISSAMNEO1 and it may give those adress to other? 1203440224 M * Loki|muh disable the ip in the guest, wait 5 minutes and try to ping the ip 1203440343 J * balbir ~balbir@122.167.208.149 1203440364 M * ISSAMNEO1 how to disable the ip on the gost 1203440371 M * ISSAMNEO1 guest 1203440373 M * ISSAMNEO1 :) 1203440399 M * ISSAMNEO1 ifdown eth0 don't work 1203440467 Q * gebura Quit: Quitte 1203440543 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1203441154 J * JonB ~NoSuchUse@77.75.164.169 1203441308 P * Alteisen ( bye ) 1203441375 M * ISSAMNEO1 my 2 guest use the same macadress is it normal, or i have to specify a # macadress to each 1203441439 M * Bertl nah, that is perfectly fine 1203441443 M * JonB they use the same NIC, right? 1203441457 M * ISSAMNEO1 yes 1203441461 M * ISSAMNEO1 same nic 1203441467 M * JonB ISSAMNEO1: then there should be no problem 1203441469 M * ISSAMNEO1 but different ip adress 1203441488 M * JonB that doesnt matter 1203441499 J * _gh_ ~gerrit@bi01p1.co.us.ibm.com 1203441518 M * JonB local network only uses the MAC address to find your host, and then the kernel uses the ip address to find the vserver guest 1203441569 M * ISSAMNEO1 so why i have alot of problem when trying to reach internet with the second guest 1203441588 J * jsambrook ~jsambrook@aelfric.plus.com 1203441592 M * JonB there can be several reasons 1203441609 M * JonB use tcpdump at the path the packets travel, or are supposed to travel and see what happens 1203441680 M * ISSAMNEO1 i'm installing using apt-get 1203441691 M * ISSAMNEO1 it begin installing then it stop 1203441702 M * JonB there can be several reasons 1203441702 M * ISSAMNEO1 it download some packet 1203441703 M * Bertl ISSAMNEO1: still my best guess would be dumplicate IPs, i.e. somebody else is using the 203 IP 1203441739 J * ard6 ~ard@2002:d9c4:2909:1::1 1203441740 M * ISSAMNEO1 i try to reserve those adress on the dhcp server but it told me error this mac adress is used 1203441762 M * ISSAMNEO1 it's used by the first server i reserve it 1203441788 M * ISSAMNEO1 i reserve one IP and for the second i can't since they use the same mac adress 1203441792 M * JonB ISSAMNEO1: maybe you should change your dhcp setup to allow a range of ip adresses that you manually assign 1203441808 Q * eSa| Quit: Coyote finally caught me 1203441852 M * ISSAMNEO1 i'm using ipcop i will search this optio 1203441853 M * ISSAMNEO1 n 1203441876 J * larsivi ~larsivi@144.84-48-50.nextgentel.com 1203441942 M * ISSAMNEO1 i do the 2 reservation now 1203441947 M * JonB great 1203441952 M * ISSAMNEO1 the first with the macadress 1203441962 M * ISSAMNEO1 and ip adress 1203441973 M * ISSAMNEO1 the second with ipadress and hostname 1203442009 J * esa bip@ip-87-238-2-45.static.adsl.cheapnet.it 1203442015 N * esa eSa| 1203442208 J * Linus_ ~nuhks@bl7-146-123.dsl.telepac.pt 1203442221 Q * Linus Quit: leaving 1203442244 N * Linus_ Linus 1203442276 A * Linus hi :) 1203442295 J * nkukard ~nkukard@vc-196-207-32-221.3g.vodacom.co.za 1203442367 Q * JonB Quit: This computer has gone to sleep 1203442400 Q * _gh_ Ping timeout: 480 seconds 1203442418 J * Julius ~julius@p57B24A63.dip.t-dialin.net 1203442499 J * _gh_ ~gerrit@bi01p1.co.us.ibm.com 1203442702 Q * ISSAMNEO1 Ping timeout: 480 seconds 1203443471 Q * pmenier Quit: Konversation terminated! 1203443509 Q * _gh_ Ping timeout: 480 seconds 1203443669 M * Linus /quit 1203443674 Q * Linus Quit: leaving 1203443925 Q * Infinito_ Quit: Leaving 1203444511 M * Bertl nap attack ... back later ... 1203444521 N * Bertl Bertl_zZ 1203444941 N * DoberMann DoberMann[PullA] 1203445270 J * jmcaricand jm@d83-179-208-4.cust.tele2.fr 1203445410 Q * nkukard Quit: Leaving 1203445981 J * fatgoose ~samuel@76-10-149-199.dsl.teksavvy.com 1203446124 J * matthew_ ~matthew@81.168.74.31 1203446551 Q * fatgoose Remote host closed the connection 1203446582 J * fatgoose ~samuel@76-10-149-199.dsl.teksavvy.com 1203447002 Q * jmcaricand Quit: KVIrc 3.2.4 Anomalies http://www.kvirc.net/ 1203447437 N * DoberMann[PullA] DoberMann 1203447625 Q * Punkie Quit: Odcházím 1203448880 J * Punkie ~punkie@home.pekelny.net 1203450115 Q * ema Quit: leaving 1203450384 J * Aiken ~james@ppp121-45-255-138.lns2.bne4.internode.on.net 1203450983 J * mathx ~math@H5.C193.B246.A66.tor.harmony-mobile.net 1203450984 M * mathx hai 1203450999 M * mathx did vserver impliment private 127.0.0.1s recently? 1203451009 M * daniel_hozac in 2.3, yes. 1203451015 M * mathx cuz my zimbra 5.0.2 is working right out of the box, and responds on 127.0.0.1 on the right ports but i have no 127.0.0.1 bound 1203451029 M * mathx woa, highly leet, cuz that was a MAJOR bitch from people about it 1203451053 Q * FireEgl Read error: Connection reset by peer 1203451060 M * mathx im wondering how its working on this etch vserver host tho, cuz i didnt think etch had that updated 1203451086 M * daniel_hozac etch has 2.0.2.2-rc9. 1203451102 M * mathx which makes me think it shouldnt work on this etch box, but yet, it does(!) 1203451106 M * mathx ii util-vserver 0.30.212-1 user-space tools for Linux-VServer virtual private servers 1203451111 M * mathx ii vserver-debiantools 0.3.4 Tools to manage debian virtual servers 1203451116 M * mathx not sure how those #s jive thoi 1203451128 M * daniel_hozac well, 127.0.0.1 has always been rewritten to the guest's first IP address. 1203451138 M * daniel_hozac for most software, that's enough. 1203451141 M * mathx ah! kludged in 1203451158 M * mathx so a quick soln would be to make the 0th interfaces/ip some rfc1918 1203451186 M * mathx yes? 1203451191 M * waldi mathx: just assign one from 127.0.0.0/8 as first one 1203451205 M * mathx should it be on dev lo and part of 127/8? 1203451210 M * daniel_hozac does that work on the etch kernel? 1203451228 M * waldi yep 1203451231 M * mathx dunno, havent tried that specifically. all i know is that zimbra is working out of the box heh 1203451237 M * mathx dont really want to change anything now heh 1203451254 M * daniel_hozac cool, i would've thought it was too old. 1203451276 M * mathx Linux dva1 2.6.18-5-vserver-686 #1 SMP Fri Jun 1 03:18:18 UTC 2007 i686 GNU/Linux 1203451308 J * _gh_ ~gerrit@bi01p2.co.us.ibm.com 1203451407 M * waldi mathx: you should update imediately 1203451455 M * mathx yeah likely ;) production box tho, gotta warn everyone with 48h notice yadda yadda, sign in triplicate, fill out a TPS report 1203451463 M * mathx and go ahead and come right in on the weekend and do it 1203451501 M * waldi forget it, there are two local root exploits 1203451526 M * mathx all unices have local roots, cept openBSD which has about a magnitude fewer 1203451539 M * mathx i dont let anyone on this box ;) 1203451547 A * mathx puts all his eggs in the ssh and postfix baskets! 1203451575 M * mathx oh, and that apache thing... and zimbra... and... sigh 1203451584 M * mathx local root for vservers or for the host kernel 1203451618 M * daniel_hozac kernel level code execution. 1203452001 M * mathx cant put rfc1918 on 127/8 ip first, or all outbound connections try to use that ip 1203452005 M * mathx and dont get too far to the internet 1203452032 M * waldi no, the kernel never uses 127.0.0.0/8 for output connections 1203452040 M * mathx oh so its my fault cuz i used 1918? 1203452092 M * waldi show your config 1203452113 M * mathx 0/ip is 10.78.3.2/32 1/ip is Some.Real.Ip 1203452213 M * waldi and 10.78.3.2 not in 127.0.0.0/8 1203452234 M * mathx yeah thats what i was saying... ok changed it to 127.something/8 1203452313 M * mathx hmm having 0/ip be 127.0.15.15 still doesnt let me ping the world, does it need to be in 127.0.0.0/24? 1203452316 M * mathx # ping 69.147.83.40 1203452319 M * mathx connect: Invalid argument 1203452365 M * waldi which device? 1203452376 M * mathx lo, should it be eth0 or whatever goes to default gw? 1203452415 M * waldi no, lo 1203452431 M * mathx wonder if this doenst work cuz of my old kernel :/ 1203452455 M * waldi does ping -I eth0 $somewhere work? 1203452469 M * mathx ping -I eth0 69.147.83.40 1203452469 M * mathx connect: Invalid argument 1203452483 M * waldi and the real ip? 1203452518 M * mathx ping -I eth0 -S 216.13.73.147 69.147.83.40 1203452521 M * mathx connect: Invalid argument 1203452539 M * mathx it can ping its own real ip tho 1203452544 M * waldi hmm 1203452547 M * mathx and that of the host. 1203452560 M * mathx but, really, dont spend too much time on this if its likely that i have an old kernel 1203452565 M * mathx ill update when i can and try it out 1203452571 M * mathx your help is appreciated! 1203452623 M * daniel_hozac i know this is fixed in recent kernels. 1203452645 M * daniel_hozac but if waldi says it's supposed to work, i'd believe him ;) 1203452658 M * mathx with an etch -18-5 kernel? 1203452660 M * mathx oldskule! 1203452720 M * waldi hmm, i use that. but i just saw that i only use 127.0.0.1 on the etch kernel, the other machines uses 2.2 1203453039 J * quasisane ~sanep@c-76-118-191-64.hsd1.nh.comcast.net 1203453277 Q * Punkie Remote host closed the connection 1203453323 J * Punkie ~punkie@home.pekelny.net 1203453422 M * daniel_hozac eyck: nice, an update for 2.4? 1203453445 Q * mick_work Ping timeout: 480 seconds 1203453445 M * mathx do i need to change net.ipv4.conf.all.rp_filter and ip_forward? 1203453453 M * daniel_hozac no. 1203453469 J * JonB ~NoSuchUse@77.75.164.169 1203453504 Q * Punkie Remote host closed the connection 1203453592 J * Punkie ~punkie@home.pekelny.net 1203454849 J * mick_work ~clamwin@adsl-068-157-089-099.sip.bct.bellsouth.net 1203456474 J * chigital ~chigital@p4FE5EF1C.dip.t-dialin.net 1203458115 Q * bzed Quit: reboot 1203458158 J * bzed ~bzed@devel.recluse.de 1203458189 Q * chigital Quit: Leaving 1203458307 J * FireEgl FireEgl@adsl-147-90-184.bhm.bellsouth.net 1203458314 Q * hparker Quit: Quit 1203460191 Q * ftx Ping timeout: 480 seconds 1203460412 Q * bonbons Quit: Leaving 1203460740 N * Bertl_zZ Bertl 1203460746 M * Bertl back now ... 1203460905 Q * FireEgl Read error: Connection reset by peer 1203461051 J * nkukard ~nkukard@196.212.73.74 1203461052 Q * larsivi Quit: Konversation terminated! 1203461172 Q * Julius Ping timeout: 480 seconds 1203461859 J * Julius ~julius@p57B24A63.dip.t-dialin.net 1203462056 J * FireEgl FireEgl@adsl-147-90-184.bhm.bellsouth.net 1203462574 J * friendly12345 ~friendly@ppp121-44-198-55.lns3.mel4.internode.on.net 1203462583 Q * onox Quit: leaving 1203462678 Q * JonB Ping timeout: 480 seconds 1203463615 Q * Julius Remote host closed the connection 1203464031 Q * _gh_ Ping timeout: 480 seconds 1203464587 Q * friendly12345 Ping timeout: 480 seconds 1203464818 Q * FireEgl Quit: Leaving... 1203464865 J * FireEgl FireEgl@adsl-147-90-184.bhm.bellsouth.net 1203465251 J * friendly12345 ~friendly@ppp121-44-229-183.lns2.mel4.internode.on.net 1203465378 J * _gh_ ~gerrit@bi01p1.co.us.ibm.com