1208736393 J * gverlf ~bgds@pc-112-157-214-201.cm.vtr.net 1208736787 Q * PabloChile Ping timeout: 480 seconds 1208737079 J * esa bip@ip-87-238-2-45.static.adsl.cheapnet.it 1208737104 Q * esa` Ping timeout: 480 seconds 1208737920 M * Bertl okay, off to bed now .. have a good one everyone! 1208737924 N * Bertl Bertl_zZ 1208738175 M * Aiken good night 1208741052 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1208744364 Q * onox Quit: zZzZ 1208744803 J * balbir ~balbir@122.167.198.240 1208747089 J * spelling2 ~spelling2@mx.andromeda.e-ducativa.com 1208747211 M * spelling2 what do you call people who doesn't let you eat or encourage you eat good healthy mental food? and force you to eat shitty mental food such as video games and television..wrong education etc? 1208747252 Q * gverlf Ping timeout: 480 seconds 1208747948 J * ntrs_ ~ntrs@77.29.65.246 1208748039 Q * spelling2 autokilled: Please don't spam the network. If you feel an error has been made, please contact support@oftc.net. (2008-04-21 03:20:38) 1208748077 J * spelling2 ~spelling2@CPE00012e15cab1-CM00194757ed42.cpe.net.cable.rogers.com 1208748183 Q * spelling2 autokilled: K-line evasion. If you feel an error has been made, please contact support@oftc.net. (2008-04-21 03:23:02) 1208748377 Q * ntrs__ Ping timeout: 480 seconds 1208750651 Q * balbir Ping timeout: 480 seconds 1208754040 J * sharkjaw ~gab@64.28.12.166 1208755925 J * balbir ~balbir@59.145.136.1 1208757317 Q * larsivi Ping timeout: 480 seconds 1208757319 J * yarihm ~yarihm@vpn-global-dhcp3-081.ethz.ch 1208757590 J * Slydder ~chuck@194.59.17.53 1208757847 J * cryptronic ~oli@p54A3B55A.dip0.t-ipconnect.de 1208758509 Q * yarihm Quit: This computer has gone to sleep 1208759458 Q * tokkee Ping timeout: 480 seconds 1208759699 J * JonB ~NoSuchUse@77.75.164.169 1208760119 Q * balbir Remote host closed the connection 1208760272 J * balbir ~balbir@59.145.136.1 1208760561 Q * cryptronic Quit: Leaving. 1208761743 Q * zbyniu Read error: Connection reset by peer 1208762008 J * zbyniu ~zbyniu@host13-188.crowley.pl 1208763420 N * DoberMann[ZZZzzz] DoberMann 1208763474 J * mess-mate ~chatzilla@ALille-254-1-13-220.w86-192.abo.wanadoo.fr 1208763497 M * mess-mate hi 1208763623 J * bfremon ~ben@ANantes-252-1-27-149.w82-126.abo.wanadoo.fr 1208764371 J * ISSAMNEO1 ~ISSAMNEO1@196.203.207.50 1208764385 M * ISSAMNEO1 GOOD MORNING 1208764427 M * ISSAMNEO1 to virtualize an existing linux server i follow ths steps in http://linux-vserver.org/util-vserver:Howto_virtualize_an_exisiting_Linux_server 1208764465 M * ISSAMNEO1 when i use rsync it shows an error with /sys/class 1208764492 J * rgl ~rgl@bl8-142-200.dsl.telepac.pt 1208764558 M * ISSAMNEO1 i remove init.d/alsa , init.d/keyboard ans init.d/networking 1208764590 M * ISSAMNEO1 i don't do the 2 last steps: disable pam authetification and remove the useless module 1208764620 M * ISSAMNEO1 last info, my guest, my host and my old server are ubuntu 6.06 1208764705 M * ISSAMNEO1 now when i try to start the vserver it shows me a million of errror , it's the same error "does not end on newline" 1208764709 M * ISSAMNEO1 any idea please 1208764807 Q * balbir Ping timeout: 480 seconds 1208765010 Q * nkukard Quit: Leaving 1208765375 J * tobifix ~tobifix@IVV7KNALLER.UNI-MUENSTER.DE 1208765383 M * tobifix good morning 1208765458 Q * bfremon Ping timeout: 480 seconds 1208766099 J * bfremon ~ben@ANantes-252-1-36-178.w82-126.abo.wanadoo.fr 1208766221 J * balbir ~balbir@59.145.136.1 1208766362 Q * JonB Quit: This computer has gone to sleep 1208766819 M * mess-mate ISSAMNEO1: i think the options are -rav ( r=récursive) to copy also the subdirs. Redo the operation. 1208766911 M * PowerKe -a, --archive archive mode; equals -rlptgoD (no -H,-A,-X) 1208767873 Q * bfremon Ping timeout: 480 seconds 1208767878 M * daniel_hozac ISSAMNEO1: you probably rsynced to the wrong directory. why aren't you just using vserver ... build -m rsync? 1208768479 J * bfremon ~ben@ANantes-252-1-35-193.w82-126.abo.wanadoo.fr 1208768530 M * mess-mate anybody could try to connect to my webserver ? http://www.laplaceverte.fr 1208769251 J * JonB ~NoSuchUse@130.226.210.8 1208769560 J * ntrs__ ~ntrs@77.29.66.215 1208769646 M * mess-mate Somebody wa connected to the webserver? 1208769689 M * mess-mate I've found a trace on /var/www/apache1/access.log on the host.. not the guest. 1208769705 M * mess-mate And the webserver is on the guest :( 1208769989 Q * ntrs_ Ping timeout: 480 seconds 1208770219 N * Bertl_zZ Bertl 1208770225 M * Bertl morning folks! 1208770245 M * Bertl mess-mate: are you sure the guest's web server is connected? 1208770299 M * mess-mate What do you mean about connected ? 1208770329 M * Bertl well, from your information, it looks like your host is running a web server too, right? 1208770377 M * mess-mate No... There is a webserver on the host but not for laplaceverte.fr 1208770410 M * Bertl well, I'd account that as a running webserver nevertheless :) but the question is, is it limited to a host ip? 1208770443 M * Bertl or more precisely, does your guest have a separate public IP for laplaceverte.fr ? 1208770515 M * mess-mate Yes it do. 192.168.30.1, host= 192.168.20.1 1208770540 M * Bertl okay, then let's do the following on the host: 1208770554 M * Bertl 'lsof -ni :80' and upload the output to paste.linux-vserver.org 1208770688 Q * JonB Quit: This computer has gone to sleep 1208770791 M * mess-mate Bertl: is uploaded 1208770858 M * Bertl doesn't look too bad ... now what is the 'public' ip which gets mapped to 192.168.20.1? 1208770933 M * mess-mate there is no public ip mapped to 192.168.20.1 only to 192.168.30.1 1208770964 M * Bertl okay, then let's run the following on the host: 1208770971 M * mess-mate and it's a dynamic ip redirected to the guest with shorewall 1208770995 M * Bertl 'tcpdump -vvnei eth0 host 192.168.30.1' (replace the eth0 with the proper interface) 1208771013 M * Bertl let me know when the tcpdump is active 1208771040 M * daniel_hozac is the host the box with the public IP(s)? 1208771066 M * Bertl doesn't seem so 1208771075 M * mess-mate Bertl: ok it's activ 1208771085 M * Bertl now did you get something? 1208771094 M * Bertl if yes, please upload 1208771121 M * Bertl if no, then your shorewall/nat/upstream stuff doesn't work 1208771171 M * mess-mate no, tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes 1208771190 M * Bertl okay, so you now know what goest wrong, the firewall setting on the host 1208771211 M * daniel_hozac well, the host's NAT wouldn't show up in tcpdump. 1208771227 M * Bertl daniel_hozac: but the destination will, no? 1208771243 M * mess-mate but on the /var/log/apache2.access.log of the host there is a log from 62.47.172.51 1208771265 M * Bertl mess-mate: as expected 1208771344 M * mess-mate Ok but did you reach the website ? 1208771361 M * Bertl nope, and it would be a big issue if I did with your setup :) 1208771416 M * daniel_hozac i think we need a more thorough description of your setup and at least your NAT rules (on both levels). 1208771452 M * Bertl nah, not really, there should be a DNAT to 30.1 but there isn't 1208771472 M * mess-mate Bertl: yes there is one ... 1208771527 M * mess-mate DNAT $FW dmz:192.168.30.1 tcp 80 - $ETH0_IP ( on the router machine) 1208771590 M * Bertl no dmz 1208771637 M * Bertl i.e. your guest is on the host 1208771654 M * mess-mate $ETH0_IP is the redirected external ip from the net. 86.192.36.220 1208771683 M * mess-mate The host is on the dmz so also the guest ? 1208771783 M * mess-mate Go for lunch :) 1208771807 M * Bertl the host is $FW not dmz, so ist the guest 1208771830 J * dna ~dna@29-197-dsl.kielnet.net 1208772145 J * SpComb^ terom@zapotek.paivola.fi 1208772178 N * SpComb Guest1021 1208772178 N * SpComb^ SpComb 1208772263 Q * Guest1021 Ping timeout: 480 seconds 1208774349 J * tokkee tokkee@ssh.faui2k3.org 1208774623 J * JonB ~NoSuchUse@130.226.210.8 1208775373 J * nkukard ~nkukard@196.212.73.74 1208775974 Q * ISSAMNEO1 Ping timeout: 480 seconds 1208776008 J * friendly ~friendly@ppp59-167-94-13.lns2.mel6.internode.on.net 1208776033 J * ISSAMNEO1 ~ISSAMNEO1@196.203.207.50 1208776291 J * cryptronic ~oli@p54A3B55A.dip0.t-ipconnect.de 1208776437 M * mess-mate Bertl: that was the dnat rule from the router, not from the host. 1208776561 M * Bertl well, then it doesn't work for whatever reason, as it ends up on 192.168.20.1 1208776566 M * mess-mate So, the router dnat the extern (net) ip to the ip of the guest. 1208776614 M * Bertl (otherwise the host would not be able to log it :) 1208776624 M * mess-mate An ip route on the router give me : 192.168.30.0/24 via 192.168.20.254 dev eth2 1208776657 M * Bertl doesn't make much sense if it is directly connected 1208776706 M * Bertl (note that none of this is actually Linux-VServer related) 1208776856 M * Bertl what you want to do is the following: 1208776899 M * Bertl get your network setup right, so that an access to laplaceverte.fr:80 ends up reaching your machine (host) with a request to 192.168.30.1 1208776946 M * Bertl and that a ping on your host, with that ip (e.g. ping -c 5 -I 192.168.30.1 www.google.com) reaches the internet 1208776959 M * Bertl if that is working, your guest should be doing fine 1208777178 M * mess-mate No problem pinging google from the host. 1208777384 M * mess-mate If i setup the website 'laplaceverte.fr' on the host you can access the site with no problem..but you access the host, not the guest. So was it before. 1208777497 Q * ISSAMNEO1 Ping timeout: 480 seconds 1208777519 M * mess-mate All is restored as you said. 1208777555 M * daniel_hozac you did remove your old NAT rule on the router, right? 1208777624 M * mess-mate If i do that, you couldn't reachh anything here. 1208777662 M * daniel_hozac well.... if you still NAT the traffic to your host's IP, what do you expect to happen? 1208777708 M * mess-mate It is NOT my host-ip, it's my guest-ip : 192.168.30.1 1208777729 M * daniel_hozac that's the _new_ NAT rule, not the old one. 1208777796 M * mess-mate DNAT $FW dmz:192.168.30.1 tcp 80 - $ETH0_IP 1208777809 J * yarihm ~yarihm@vpn-global-dhcp2-67.ethz.ch 1208777820 M * daniel_hozac and you don't NAT anything to the host's IP? 1208777830 M * Bertl mess-mate: just think for a minute: 1208777856 M * Bertl - you showed us (with lsof) that the host apache binds to 192.168.20.1 1208777872 M * Bertl - you say, if you set up the domain on the host apache, it works 1208777887 M * Bertl ergo, the requests hit 192.168.20.1 not 192.168.30.1 1208777928 M * Bertl so how is the guest, which _only_ uses 192.168.30.1, supposed to answer? 1208777950 M * mess-mate Bertl: 1 yes, 2 yes and 3 yes. You can try it 1208778007 M * Bertl you are nat-ing to the wrong ip .. (as it looks, on your router) 1208778010 J * zbyniu_ ~zbyniu@host13-188.crowley.pl 1208778128 Q * zbyniu Ping timeout: 480 seconds 1208778133 Q * PowerKe Ping timeout: 480 seconds 1208778145 M * mess-mate Ok, i'v changed the ip on the dnat rule to 192.168.20.1 1208778184 M * Bertl and I suspect that won't change a bit :) 1208778186 M * mess-mate That's now completely as before without any vserver. 1208778201 M * mess-mate Did you try it ? 1208778210 M * Bertl what? 1208778225 M * mess-mate Lookup www.laplaceverte.fr ? 1208778249 M * Bertl well, you have added the domain to your host's apache now, right? 1208778259 M * mess-mate You have to reach the vserver-host now 1208778271 M * mess-mate Yes i did. 1208778275 J * ISSAMNEO1 ~ISSAMNEO1@196.203.207.50 1208778285 M * Bertl okay, that was expected, no? 1208778312 M * mess-mate Yes it was :) 1208778333 M * daniel_hozac do you have any NAT rules on the host? 1208778361 M * mess-mate daniel_hozac: no not one. 1208778471 M * Bertl mess-mate: your router is (for whatever reason, probably config) not forwarding the public port to 192.168.30.1. period. 1208778507 M * Bertl fix that, so what the tcpdump from above shows requests to 192.168.30.1 and you're fine 1208778539 M * mess-mate Bertl: it was, you asked to change it :( 1208778555 M * Bertl nah, it wasn't, otherwise the guest would receive the requests 1208778555 M * mess-mate I'll reset it again. 1208778568 M * mess-mate That's just the problem 1208778595 M * Bertl check with the tcpdum I gave you above 1208778599 M * Bertl *tcpdump 1208778627 M * Bertl if that doesn't show incoming packets on the host, your setup is faulty 1208779012 M * mess-mate ok is up loaded: a tcpdump from the host as follows: tcpdump -vvnei eth1 host 192.168.20.1 and the dnat rule to 192.168.20.1 1208779026 M * Bertl forget 192.168.20.1 1208779042 M * Bertl the packets have to reach the host with a destination ip of 192.168.30.1 1208779080 M * Bertl if they don't then the guest at 192.168.30.1 will not receive them. period. 1208779081 M * mess-mate for a destination to 192.168.30.1 nothing is dumped 1208779113 M * Bertl which means, that the packets _do_not_go_to_ 192.168.30.1 (on your host), and the router setup is faulty :) 1208779137 M * Bertl look, it's quite simple ... let me give you an example: 1208779165 M * Bertl let's assume, I'm living in destination street 20 1208779189 M * Bertl and let's further assume, I rent the basement to you, and you get the address 30 1208779225 M * Bertl if I don't tell the postal service, that destination street 30 should be delivered to my house, your mail will not arrive :) 1208779269 M * Bertl given that the guest has an IP on the same interface on your host, all you need to do is to convince the router to DNAT the requests to that ip 1208779304 M * Bertl note: those _will_ show up on the tcpdump with a destination of 192.168.30.1 1208779395 M * mess-mate I agree; and i think that the host has to act as a router and forward to the guest, do it ? 1208779402 M * Bertl nope 1208779413 M * Bertl there is _no_ forwarding on the host in Linux-VServer 1208779431 M * Bertl forwarding happens between different interfaces 1208779454 M * Bertl the guest is just using one (or more) host IPs, so no forwarding or similar 1208779530 J * bzed_ ~bzed@devel.recluse.de 1208779569 M * Bertl note: I assume your router config would be much simpler if you gave the guest an IP in the same subnet, e.g. 192.168.20.42 1208779589 M * Bertl (assuming that you have a /24 prefix) 1208779655 Q * bzed Ping timeout: 480 seconds 1208779659 N * bzed_ bzed 1208779724 J * PowerKe ~tom@d5153A1EB.access.telenet.be 1208779746 M * mess-mate I'll try it out. But you said a couple of day's ago that the guest could have any prive ip. 1208779762 M * Bertl yes, of course, given that your routing setup is correct 1208779807 M * mess-mate I can ping from the router to the guest... 1208779852 M * Bertl that is a good sign, now get the port 80 forwarded there too, and you're done 1208780111 M * mess-mate I can ping the guest because there is a route VIA 192.168.20.254 1208780140 M * Bertl nice, who has 192.168.20.254 ? 1208780217 M * mess-mate the gateway of the host. 1208780248 M * Bertl which is different from the firewall/router, yes? 1208780317 M * mess-mate Yes, it must be. 1208780337 M * Bertl okay, fine, another point where you can check that your setup is correct 1208780360 M * Bertl a tcpdump on the gateway must also show packets with a destination ip of 192.168.30.1 1208780377 M * Bertl (if they are supposed to reach the guest, that is) 1208780826 Q * JonB Quit: This computer has gone to sleep 1208780996 M * mess-mate I checked pcdump's from the roure/firewaal to: 192.168.20.1,20.254 and 30.1. The packets are received on 20.254 1208781058 M * Bertl okay, and _what_ destination do the packets for 192.168.30.1 (http port that is), have on the gateway (preferably when they leave the gateway towards your host) 1208781148 M * mess-mate Wait...wait.. had i to set the guest/gateway to them of the host ? 192.168.20.254 ? 1208781177 M * Bertl there is no 'guest gateway' 1208781206 Q * ISSAMNEO1 Ping timeout: 480 seconds 1208781355 J * ISSAMNEO1 ~ISSAMNEO1@196.203.207.50 1208781679 M * mess-mate Is it normal i can't do a tcpdump on the guest ? when tcpdump is installed 1208781687 M * Bertl yep 1208781710 M * Bertl but there is no point in doing it, as it would show the _very_same_ as on the host 1208781826 M * mess-mate "socket operation is not permitted" 1208781871 M * Bertl yep, correct, nothing below the ip layer is allowed (except for certain pings) 1208782177 M * mess-mate What does that mean: " arp who-has 192.168.20.254 tell 192.168.20.1" 1208782194 M * Bertl that your host is looking for 192.168.20.254 (mac wise) 1208782415 M * harry arp = address resolution protocol 1208782426 M * harry hence... Bertl 's explanation :) 1208782581 Q * friendly Quit: Leaving. 1208782864 Q * ensc Ping timeout: 480 seconds 1208783085 J * ensc ~irc-ensc@77.235.182.26 1208783486 M * mess-mate What route does the guest have ? 1208783626 M * Bertl the guest has no route, the host has a routing setup 1208783645 M * Bertl (naturally that routing setup has to cover the guest IPs as well) 1208783658 M * mess-mate Bertl: i changed everything, so the dnat rute in the router/firewall points now to the guest ip 192.168.20.10 (same subnet of the host) 1208783712 M * mess-mate The ping from the router works but can't access the domain from inside via the net. 1208783719 M * mess-mate to test 1208783752 M * Bertl what does 'can't access the domain from inside via the net' mean? 1208783768 Q * sharkjaw Quit: Leaving 1208783812 M * mess-mate That i can't access the webpage in the guest from the lan via internet. Wombody else has to do it to test. 1208783829 M * mess-mate Wonbody>somebody 1208783872 M * Bertl directory index shows up 1208783879 M * Bertl [ ] info.php 18-Mar-2008 18:21 20 1208783947 M * mess-mate That's why i removed the domain from the host. You are in the host not the guest. 1208783972 M * Bertl which means, that your router does not use 192.168.20.10 but 192.168.20.1 :) 1208783977 M * mess-mate And that is the reason i want to isolate the webserver 1208783988 M * Bertl again, cross check with tcpdump on the host 1208784093 M * mess-mate ip route : 192.168.20.0/24 dev eth2 proto kernel scope link src 192.168.20.254 1208784118 M * Bertl nice, but the routing has nothing to do with that 1208784136 M * Bertl as I said a few hours ago, your DNAT is not working :) 1208784202 M * Bertl my best guess now would be that you have some kind of explicit/implicit (D)NAT rule for the host ip on your router, so that any additional DNAT (for the guest) fails 1208784205 J * ryker ~ryker@76.16.114.60 1208784241 M * Bertl anyway, as long as the router does not use guest IPs, your guest setup will not get a chance to answer :) 1208784339 J * JonB ~NoSuchUse@130.226.210.8 1208784356 M * mess-mate Grrrrr.... i did as said in http://www.unixshell.com/wiki/index.php/Creating_and_using_vserver_virtual_servers, i've set it up as option A. 1208784365 M * ryker I apologize for my ignorance, but how can I install the vserver kernel on my rhel5 server that I've already configured to use yum and centos5 repos? 1208784392 M * daniel_hozac ryker: did you add the vserver repository? 1208784394 M * Bertl mess-mate: once again (and probably the last time): this is not at all Linux-VServer related!!! 1208784415 M * ryker daniel_hozac: yes, and yum install kernel didn't quite work 1208784421 M * daniel_hozac meaning? 1208784423 M * ryker daniel_hozac: it says the kernel is already installed 1208784434 M * ryker but it's not. 1208784437 M * Bertl mess-mate: look, why is it that I do not get the requests for www.laplaceverte.fr on my host here? 1208784449 M * ryker daniel_hozac: sry, i'm a gentoo guy, and rh/centos is new to me 1208784473 M * daniel_hozac ryker: how did you add the repo then? what does rpm -q kernel say? 1208784511 M * mess-mate Bertl: because i delete him from the host. Is installed in the guest now. 1208784516 M * ryker daniel_hozac: following the wiki, i added the dhozac-vserver.repo file and tried yum install kernel 1208784527 Q * Aiken Quit: Leaving 1208784530 M * ryker i got the following: package kernel-2.6.18-53.1.14.el5 (which is newer than kernel-2.6.18-53.1.13.el5) is already installed 1208784538 M * Bertl mess-mate: no, wrong answer: because my host hasn't 86.192.36.220 1208784551 M * ryker daniel_hozac: rpm -q kernel shows: kernel-2.6.18-8.el5 1208784552 M * ryker kernel-2.6.18-53.1.14.el5 1208784570 M * Bertl mess-mate: that's your host/ip, and as long as packets go to that address, they will not end up on _my_ server 1208784582 M * daniel_hozac ryker: where did you add it? 1208784604 M * ryker I added the repo file to /etc/yum.repos.d/dhozac-vserver.repo 1208784628 M * ryker I can see it read the repo when i run yum. 1208784634 M * Bertl mess-mate: the same is true for your setup, as long as the packets go to 192.168.20.1, they naturally will not end up (magically?) on 192.168.20.10 or 192.168.30.1 1208784678 M * daniel_hozac ryker: could you paste the output of yum install kernel on paste.linux-vserver.org? 1208784701 M * ryker daniel_hozac: sure thing. just a sec. btw, thanks for taking the time to help me. 1208784730 M * Bertl mess-mate: feel free to hire me (or anybody else) to fixup your router setup so that it does the RightThing(tm) 1208784778 M * ryker daniel_hozac: http://paste.linux-vserver.org/12029 1208784805 M * ryker daniel_hozac: i can see it's not trying to install the vserver kernel, but i'm not sure how to tell it to. 1208784822 M * daniel_hozac ryker: try yum --noplugins install kernel 1208784872 M * ryker daniel_hozac: :) thank you. it's downloading the kernel right now 1208784918 M * mess-mate Bertl: okay, i'll check the firewall on the router? Maybe hi refuse access to the guest. 1208784948 M * Bertl no, it DOESN'T DNAT to the guest ip!!!! 1208784973 M * daniel_hozac ryker: you have the yum priorities plugin. its job is to make sure third party repositories don't overwrite the vendor packages, which is kind of the opposite of what you want here :) 1208784974 M * ryker daniel_hozac: i've been using vserver on gentoo for years, i'm just clueless on red hat stuff. That's why I'm trying to learn it now. Thanks again for your help. 1208784999 M * ryker daniel_hozac: oh yeah. I forgot about that. 1208785031 M * ryker daniel_hozac: I guess I should increase the priority of the vserver repo. 1208785080 M * daniel_hozac yup. 1208785091 M * ryker daniel_hozac: oops, it just failed after downloading the vserver kernel. is that because of the priorities? 1208785105 M * daniel_hozac depends on how it failed. what did it say? 1208785120 M * ryker daniel_hozac: Transaction Check Error: package kernel-2.6.18-53.1.14.el5 (which is newer than kernel-2.6.18-53.1.13.el5) is already installed 1208785171 M * daniel_hozac oh, without the installonlyn plugin, you'll be installing all kernels. 1208785188 M * daniel_hozac i guess you actually want yum --noplugins install kernel-2.6.22.19-vs2.3.0.34.1 1208785235 M * ryker daniel_hozac: yep, that worked. 1208785258 M * ryker thx. didn't realize i could specify a specific version like that. 1208785456 Q * ISSAMNEO1 Ping timeout: 480 seconds 1208785783 J * ISSAMNEO1 ~ISSAMNEO1@196.203.207.50 1208785808 M * ISSAMNEO1 I VIRTUALIZE AN EXISTING LINUX SERVER 1208785815 M * ISSAMNEO1 but when i try to login 1208785821 M * ISSAMNEO1 it's show 1208785827 M * ISSAMNEO1 error in vserver startup sequence 1208785848 M * ISSAMNEO1 init-script /etc/rc.d/rc3 1208785853 M * Bertl you cannot login, before you started it 1208785855 M * ISSAMNEO1 causes: 1208785896 M * ISSAMNEO1 append true to this file 1208785903 M * ISSAMNEO1 yes i mean start 1208785912 M * ISSAMNEO1 sudo vserver test start 1208785937 M * Bertl so your rc script inside that guest does not work properly 1208785977 M * Bertl for the first attempt, I'd suggest to configure 'plain' init instead of sysv 1208786111 M * ISSAMNEO1 the first error it shows is vlogin:openpty(): no such file or directory 1208786169 M * Bertl could be from missing pts/ptmx to weird environments 1208786197 M * Bertl make sure you have recent util-vserver (preferably 0.30.215) and try with the plain init style as suggested 1208786197 M * ISSAMNEO1 of course i remove /vservers/yourguest/etc/rc.d/init.d/networking 1208786214 M * ISSAMNEO1 and /vservers/yourguest/etc/rc.d/init.d/nvidia... 1208786227 M * ISSAMNEO1 and /vservers/yourguest/etc/rc.d/init.d/alsa-utils 1208786254 M * Bertl fine, before you list additional 20 services you removed, try what I suggested :) 1208786275 M * ISSAMNEO1 I JUST REMOVE ONLY THOSE 3 1208786288 M * Bertl then you probably have 20 to go :) 1208786320 M * ISSAMNEO1 do i have to remove all under init.d? 1208786343 M * Bertl no, basically you do not have to remove any of them 1208786383 M * Bertl (most of them will give errors when executed though, as they try to do things which aren't permitted, note: that won't stop a guest from starting) 1208786392 M * ISSAMNEO1 but on the howto the say remove all services related hardware 1208786463 M * ISSAMNEO1 ok 1208787251 Q * tobifix Quit: Leaving 1208787433 M * ISSAMNEO1 my util-vserver version is 0.30.210-6 1208787452 M * Bertl which makes it about ... hmmm ... 3 years old? 1208787508 M * ISSAMNEO1 how i upgrade? i remove then install, nothing changes 1208787517 M * ISSAMNEO1 with apt-get 1208787521 M * Bertl well, I assume you are using debian, right? 1208787533 M * ISSAMNEO1 yes, especially ubuntu 1208787537 M * Bertl so your first step is to add backports, which should have a recent version 1208787662 J * vasko ~vasko@unreal.rainside.sk 1208787672 M * ISSAMNEO1 backports!! :) what is 1208787674 M * ISSAMNEO1 ? 1208787711 M * Bertl http://wiki.debian.org/Backports 1208787729 Q * jsambrook Read error: No route to host 1208787752 M * ISSAMNEO1 i check www.backports.org 1208787781 J * jsambrook ~jsambrook@aelfric.plus.com 1208787783 M * ISSAMNEO1 why i don't download the recent util-vserver.deb and install itt 1208787785 M * ISSAMNEO1 ? 1208787821 M * Bertl because for debian stable, the above is considered recent? 1208788227 M * daniel_hozac actually, etch is at 0.30.212. 0.30.210 sounds like woody-backports. 1208788257 M * Bertl can't keep track with the fast debian development :) 1208788262 M * daniel_hozac ;) 1208788799 Q * balbir Ping timeout: 480 seconds 1208789245 M * snooze anyone good with iptables around? :> 1208789260 M * harry yesh 1208789279 M * ISSAMNEO1 NO ISSUE 1208789284 M * harry well... /me not devine at it, but i know my way around the "normal" and "advanced" stuff :) 1208789292 M * snooze hehe 1208789306 M * snooze well ive got some vservers under 172.16.0.0/21 and some other under 192.168.0.0/21 1208789307 M * harry you have to hurry tough.../ me about to leave ;) 1208789307 M * Bertl snooze: is it Linux-VServer related? 1208789311 M * ISSAMNEO1 i didn't arrive to install a debian util-vserver backports 1208789311 M * snooze yes Bertl 1208789335 M * snooze anyway, ive got three internet ip-addresses 1208789366 M * snooze i want each of those private networks to "have" one external ip address for itself 1208789398 M * snooze thing is 1208789406 M * snooze i do like this atm: 1208789415 M * snooze iptables -t nat -A POSTROUTING -s 172.16.0.0/21 -d ! 172.16.0.0/21 -j SNAT --to-source 1208789418 M * snooze iptables -t nat -A POSTROUTING -s 192.168.0.0/21 -d ! 192.168.0.0/21 -j SNAT --to-source 1208789440 M * harry uhu 1208789444 M * snooze and then i port forward to a specific vserver like this: 1208789456 M * snooze iptables -t nat -A PREROUTING -s ! 172.16.0.0/21 -m tcp -p tcp --dport -j DNAT --to-destination : 1208789485 M * snooze but then i can access the forwarded port on both ip1 and ip2 1208789492 M * snooze which i dont want :) 1208789515 Q * Slydder Quit: Leaving. 1208789517 M * harry ahmm... 1208789519 Q * JonB Ping timeout: 480 seconds 1208789564 M * snooze hehe, perhaps i wasnt that clear 1208789577 M * harry then just allow only the packets with destination ip1 1208789591 M * harry btw... don't use the -d ! bleh and -s ! bleh 1208789595 M * harry it's useless ;) 1208789601 M * harry unless you really want it :) 1208789607 M * snooze oh okey 1208789613 M * harry which i doubt :) 1208789613 M * snooze got it from http://linux-vserver.org/Networking_vserver_guests 1208789636 M * snooze but anyway.. how would i only allow packets with destination ip1? ;) 1208789636 M * harry best thing 1208789638 M * harry make chains 1208789652 M * harry one chain for each public ip in and one for each public ip out 1208789664 M * harry (if you want to to output filtering aswell) 1208789689 M * harry input, interface, --destination -j chainname 1208789697 M * harry then you filter it 1208789709 M * harry in prerouting, play with the destination aswell 1208789735 M * snooze hmm 1208789735 M * harry iptables -t nat -A PREROUTING -p tcp --destination --dport -j DNAT --to-destination : 1208789757 M * harry i'd add interfaces aswell tough... 1208789759 M * snooze i see 1208789802 M * snooze i've got virtual interfaces on eth0 for ip1 and ip2 tho, if that matters 1208789807 M * snooze eth0:0 and eth0:1 1208789814 M * harry then use that 1208789821 M * harry -i eth0:0 etc... 1208789833 M * harry then you stop spoofing of addresses aswell on different interfaces 1208789860 M * snooze i'll try 1208789861 M * snooze :) 1208789875 M * harry for postrouting, i'd do the same, but with -o off course:) 1208789896 M * harry and please... for readability, leave the -d ! bleh out :) 1208789932 J * onox ~onox@kalfjeslab.demon.nl 1208789936 M * snooze why did someone put that destination stuff on the wiki then? :) 1208789942 M * harry the -d stuff is normally not used as it's mostly your vserver host who does routing 1208789947 M * harry so it's not necessary 1208789958 M * harry snooze: in some cases it's useful :) 1208789964 M * snooze okey :> 1208789998 M * harry it's a bad page imho... i don't know who made it :) 1208790023 M * harry it's a generic sollution, but not a good one :) 1208790036 M * harry anyway... hope you're ok now... 1208790037 M * harry ? 1208790042 M * snooze i hope so 1208790046 M * snooze testing atm 1208790082 Q * bfremon Quit: Leaving. 1208790154 J * bfremon ~ben@ANantes-252-1-35-193.w82-126.abo.wanadoo.fr 1208790155 Q * bfremon Read error: Connection reset by peer 1208790183 J * bfremon ~ben@ANantes-252-1-35-193.w82-126.abo.wanadoo.fr 1208790216 A * harry gone now... 1208790234 M * harry all ok now? or should i wait , snooze ? 1208790295 M * harry mkay... gotta run 1208790301 M * harry gl, and see you later 1208790318 M * snooze oh 1208790323 M * snooze cya and thanks 1208790348 Q * cryptronic Quit: Leaving. 1208790607 M * snooze harry: yep, it worked great with --destination .. but virtual interfaces couldnt be specified apparently (Warning: weird character in interface `eth0:1' (No aliases, :, ! or *).) 1208790632 M * Bertl that's because there _are_ no virtual interfaces :) 1208790642 M * Bertl eth0:1 is an alias 1208790670 M * snooze right 1208790672 M * snooze alias 1208790694 M * snooze aliases couldnt be specified then ;) 1208790706 M * Bertl well, there is no point in doing so, same interface 1208790736 M * snooze yeah i see your point :) 1208791080 Q * bfremon Remote host closed the connection 1208791169 J * bfremon ~ben@ANantes-252-1-35-193.w82-126.abo.wanadoo.fr 1208791171 J * ntrs_ ~ntrs@77.29.65.175 1208791596 Q * ntrs__ Ping timeout: 480 seconds 1208791710 J * dowdle ~dowdle@scott.coe.montana.edu 1208792086 M * Bertl nap attack ... bbl 1208792092 N * Bertl Bertl_zZ 1208792516 M * ISSAMNEO1 could some one explain to me this: I'd suggest to configure 'plain' init instead of sysv 1208793777 Q * ISSAMNEO1 1208794027 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1208794438 P * mess-mate 1208795414 Q * yarihm Quit: Leaving 1208796656 J * JonB ~NoSuchUse@77.75.164.169 1208797508 Q * FireEgl Quit: Leaving... 1208798227 J * balbir ~balbir@122.167.177.163 1208798267 Q * hipe Ping timeout: 480 seconds 1208798267 J * hipe ~hipe@BSN-77-69-204.dsl.siol.net 1208799225 J * hijacker_ ~Lame@87-126-142-51.btc-net.bg 1208799316 N * DoberMann DoberMann[PullA] 1208799692 Q * bfremon Ping timeout: 480 seconds 1208799876 Q * balbir Ping timeout: 480 seconds 1208800082 J * bfremon ~ben@ANantes-252-1-22-84.w82-126.abo.wanadoo.fr 1208801702 J * balbir ~balbir@122.167.177.163 1208801976 J * ViRUS ~mp@port-92-193-100-56.dynamic.qsc.de 1208801979 Q * bfremon Ping timeout: 480 seconds 1208803178 J * virtuoso ~s0t0na@ppp78-37-122-65.pppoe.avangarddsl.ru 1208803582 J * ViRUS_ ~mp@port-92-193-63-148.dynamic.qsc.de 1208803589 Q * virtuoso_ Ping timeout: 480 seconds 1208803879 Q * JonB Quit: This computer has gone to sleep 1208803942 J * JonB ~NoSuchUse@77.75.164.169 1208803977 Q * ViRUS Ping timeout: 480 seconds 1208804561 Q * ViRUS_ Quit: Leaving 1208805057 J * hparker ~hparker@linux.homershut.net 1208807843 Q * rgl Quit: Saindo 1208808274 Q * balbir Ping timeout: 480 seconds 1208808411 Q * hijacker_ Quit: Leaving 1208808912 J * docelic ~docelic@78.134.194.59 1208810369 Q * nenolod Ping timeout: 480 seconds 1208810374 Q * bonbons Quit: Leaving 1208810949 J * nenolod ~nenolod@ip70-189-77-60.ok.ok.cox.net 1208811118 J * larsivi ~larsivi@144.84-48-50.nextgentel.com 1208811462 Q * dna Quit: Verlassend 1208812097 Q * nenolod Quit: ur a fucking prick :) | very good. thanks. 1208812340 J * nenolod ~nenolod@ip70-189-77-60.ok.ok.cox.net 1208812556 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1208812676 J * hparker ~hparker@linux.homershut.net 1208812727 Q * nenolod Quit: leaving 1208812754 J * nenolod ~nenolod@ip70-189-77-60.ok.ok.cox.net 1208812789 J * ntrs__ ~ntrs@77.29.64.240 1208812849 Q * hparker Read error: No route to host 1208813216 Q * ntrs_ Ping timeout: 480 seconds 1208813463 J * hparker ~hparker@linux.homershut.net 1208814392 Q * JonB Quit: This computer has gone to sleep 1208814744 N * DoberMann[PullA] DoberMann[ZZZzzz] 1208815101 J * fatgoose_ ~samuel@76-10-149-199.dsl.teksavvy.com 1208815474 Q * fatgoose Ping timeout: 480 seconds 1208815477 J * Infinito ~argos@200-140-65-128.gnace701.dsl.brasiltelecom.net.br 1208816350 Q * larsivi Remote host closed the connection 1208817745 Q * grobie Quit: Coyote finally caught me 1208817748 J * grobie ~grobie@valgrind.schnuckelig.eu 1208817771 Q * grobie 1208817773 J * grobie ~grobie@valgrind.schnuckelig.eu 1208817814 Q * grobie 1208817817 J * grobie ~grobie@valgrind.schnuckelig.eu 1208817964 J * Aiken ~james@ppp121-45-192-61.lns1.bne1.internode.on.net 1208818691 Q * dowdle Remote host closed the connection 1208820868 Q * onox Quit: zZzZ