1224201657 Q * dowdle Remote host closed the connection
1224204925 J * emcepe ~mcp@wolk-project.de
1224205099 Q * mcp Ping timeout: 480 seconds
1224205099 N * emcepe mcp
1224205172 J * AndrewLe1 ~andrew@flat.iis.sinica.edu.tw
1224205222 Q * nenolod resistance.oftc.net charm.oftc.net
1224205222 Q * AndrewLee resistance.oftc.net charm.oftc.net
1224205222 Q * awk resistance.oftc.net charm.oftc.net
1224205222 Q * MooingLemur resistance.oftc.net charm.oftc.net
1224205840 J * MooingLemur ~troy@shells195.pinchaser.com
1224205877 J * nenolod ~nenolod@ip70-189-74-62.ok.ok.cox.net
1224206181 M * Bertl okay, off to bed now .. have a good one everyone!
1224206187 N * Bertl Bertl_zZ
1224206432 J * balbir` ~balbir@32.97.110.53
1224206554 J * doener ~doener@i577BAED8.versanet.de
1224206659 Q * doener_ Ping timeout: 480 seconds
1224206671 Q * balbir Ping timeout: 480 seconds
1224209148 J * speedy ~speedy@home.speedy.org
1224214654 Q * derjohn_mob Ping timeout: 480 seconds
1224214865 Q * speedy Quit: leaving
1224217920 Q * hparker Quit: Read error: 104 (Peer reset by connection)
1224220113 J * mtg ~mtg@dialbs-088-079-143-204.static.arcor-ip.net
1224223376 J * derjohn_mob ~aj@e180219023.adsl.alicedsl.de
1224224207 Q * balbir` Ping timeout: 480 seconds
1224226391 Q * larsivi Quit: Konversation terminated!
1224226593 Q * mattzerah Ping timeout: 480 seconds
1224227112 J * mattzerah ~matt@pool1-180.dyn.winshop.com.au
1224228284 Q * derjohn_mob Ping timeout: 480 seconds
1224229668 J * larsivi ~larsivi@85.221.53.194
1224231254 J * davidkarban ~david@193.85.217.71
1224231468 J * Loki|muh loki@satanix.de
1224233368 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1224239028 J * mrfree ~mrfree@host1-89-static.40-88-b.business.telecomitalia.it
1224239440 M * mrfree hi all
1224239454 M * mrfree I cloned a working guest but the cloned copy doesn't start http://pastebin.com/d6b13102b both host and guest are gentoo
1224239640 M * PowerKe is the initstyle correct in /etc/vservers/<guest>/apps/init/style ?
1224239725 M * mrfree mhhh there is any "style" file there
1224239730 M * mrfree isn't any...
1224239764 M * PowerKe but there is one for the working guest?
1224239771 M * mrfree yup
1224239791 M * PowerKe I'm not sure which files are optional, but I would copy that from the working to the cloned config then
1224239968 M * PowerKe any change?
1224239978 M * mrfree it works thanks... I cloned it using "vserver ver1_2 build -m rsync" I thought this command would set it correctly
1224240482 M * mrfree mhh no it doesn't "clone" the guest as I expect... I need to check etc config files manually 
1224240590 Q * larsivi Quit: Konversation terminated!
1224240768 M * Wonka seems to me that having the next really stable and longtime supported vserver patch should be based on 2.6.27, since that one will be longtime supported
1224240892 M * Wonka as said by Adrian Bunk in http://lkml.org/lkml/2008/10/11/235
1224241419 M * pmjdebru1jn Wonka: I noticed as well :)
1224241573 M * Wonka it was said it should be feature complete and well tested to become "stable". any way I can help?
1224241843 J * Punkie ~Punkie@goc.coolhousing.net
1224243316 Q * nkukard Quit: Leaving
1224243800 Q * mrfree Quit: Leaving
1224243887 J * larsivi ~larsivi@9.80-202-30.nextgentel.com
1224244128 M * davidkarban oka :)
1224244169 Q * Aiken Remote host closed the connection
1224244170 M * davidkarban srry again, wrong window ... will open rad only ...
1224246947 J * kir ~kir@swsoft-msk-nat.sw.ru
1224247861 N * Bertl_zZ Bertl
1224247864 M * Bertl morning folks!
1224249364 Q * ktwilight_ Read error: Connection reset by peer
1224249365 J * ktwilight_ ~ktwilight@135.89-66-87.adsl-dyn.isp.belgacom.be
1224249442 J * onion_ onion@virasto.com
1224249605 M * onion_ hi! I would like to test new vserver with 2.6.27.1 kernel. I got it patched with patch-2.6.27-rc7-vs2.3.0.35.6pre.diff, with fuzz 3, but I doesn't compile. It complains something about xfs.
1224249625 M * Bertl yep, disable xfs for now, it's broken
1224249633 M * Bertl i.e. will be fixed up soon
1224249648 M * onion_ Naah, my whole system uses xfs ;)
1224249668 M * Bertl then you are a good candidate for testing once it is fixed :)
1224249684 M * Bertl i.e. use 2.6.26.x for now, xfs is working and tested there
1224249727 M * onion_ Thats great, I will! There's some sata errors still in 2.6.26.x, it's dropping my array...
1224249746 M * Bertl what driver/controller?
1224249750 M * onion_ sata_mv
1224249783 M * Bertl okay, that could be fixed in 2.6.27, but I'd suggest you test with mainline 2.6.27 first, to see if it is actually fixed
1224249811 M * Bertl i.e. often sata issues are not caused by the kernel, but by the hardware
1224249829 M * Bertl like bad cable, incompatible drives and so on
1224249870 M * onion_ Great suggestion, thanks! I have replaced cables, brand new drives, but still suspecting power supply. I ordered one, but have to wait till monday :/
1224249872 M * Bertl fixed up xfs (for testing) should be available in the next few days
1224249946 M * onion_ ok, I volunteer for testing ;)
1224249962 M * sid3windr sata_mv is experimental
1224249970 M * Bertl onion_: excellent, keep hanging around or show up periodically (whatever you prefer)
1224249971 M * sid3windr so large chance it's not only the hardware to blame ;)
1224249994 M * onion_ sid3windr: I know, it has been working great for 2.5 year now
1224250002 M * sid3windr yeah, I had them uptil shortly
1224250005 M * sid3windr mmz, damn
1224250015 M * sid3windr talking about sata cards, I was still going to test some stuff for Bertl :/
1224250030 M * Bertl hehe :)
1224250047 M * sid3windr did you get a new raid card in the meantime Bertl ? :)
1224250071 M * Bertl no, I'm in heavy discussion with the adaptec folks atm, trying to figure what their card can and can't do
1224250092 M * sid3windr adaptec is for scsi! ;)
1224250094 Q * davidkarban Ping timeout: 480 seconds
1224250186 M * onion_ Is areca for sata then? ;)
1224250296 M * onion_ Here is a guy having same problem: http://ubuntuforums.org/showthread.php?p=5939531
1224250297 M * Bertl well, fact is, that the areca controllers seem to use the intel SAS chip
1224250318 M * Bertl and that one seems to be incompatible with most of the drives I already have 
1224250355 M * onion_ unfortunately, mdraid gets angry for timeout too large or something, and it drops the drive.
1224250379 M * Bertl I think that can be adjusted, as long as the drive actually gets back
1224250397 M * sid3windr onion_: yes, it is ;)
1224250398 M * Bertl a good idea might also be to force the disk to 1.5GB instead of 3GB 
1224250408 M * sid3windr Bertl: aw, that's a bummer :(
1224250414 M * sid3windr those incompatible diskies :/
1224250430 M * Bertl yeah, otherwise the arcea seems to be a good solution
1224250439 A * sid3windr upgraded from sata_mv to arcsmr without any disk problems 
1224250484 M * onion_ sid3windr: what card is that?
1224250490 M * sid3windr areca ;)
1224250497 M * onion_ which one?
1224250511 M * sid3windr Controller#01(PCI): ARC-1160
1224250523 M * sid3windr and Controller#01(PCI): ARC-1120
1224250531 M * sid3windr which is more like it as it's an 8 port
1224250593 M * onion_ damn, I need one too!
1224250623 M * onion_ i have 5081 ja 6081 marvells now
1224250651 M * Bertl my latest idea, if I did the math right, is to look for dual eSATA cards on PCIe x1 ports
1224250673 M * Bertl and to add external port multipliers to that, with up to 4 drives per eSATA port
1224250689 M * onion_ what's the bandwidth for x1?
1224250694 M * sid3windr 250M/sec or so
1224250715 M * Bertl PCIe x32 has 8GB/s
1224250748 M * Bertl so so 2Gbit/s for x1
1224250750 M * sid3windr no
1224250750 Q * mattzerah Ping timeout: 480 seconds
1224250753 M * sid3windr x16 is 8G/sec
1224250773 M * Bertl hmm ... that would be even better
1224250777 M * sid3windr PCIe x1 is 250MB/sec
1224250779 M * sid3windr I was right :)
1224250786 M * onion_ MiB?
1224250802 J * davidkarban ~david@193.85.217.71
1224250803 M * sid3windr 2Gbit
1224250807 M * sid3windr so not Gibit
1224250810 M * sid3windr so 250MB/sec I guess
1224250813 M * sid3windr not MiB ;)
1224250828 M * sid3windr http://en.wikipedia.org/wiki/List_of_device_bandwidths to the rescue
1224250859 M * sid3windr and hmm
1224250866 M * sid3windr the x16 I mentioned was for pcie 2.0
1224250871 M * sid3windr but all recent boards have this I guess
1224250880 M * sid3windr but does anyone make x16 devices which aren't video cards?
1224250885 M * Bertl yeah, PCIe 2.0 doubles the rate
1224250923 M * onion_ that's about 200MiB/s, so about double PCI bandwidth..
1224251285 J * mattzerah ~matt@pool1-180.dyn.winshop.com.au
1224251304 M * Bertl another option is an actual MB change, I found one (not too expensive) with 4 PCIe ports (can be configured x8,x8,x4,x8)
1224251320 M * Bertl 4 PCI x16 ports that is
1224251392 M * onion_ now there's some room for expansion. Lot's of x8 cards out there!
1224251439 M * Bertl yes, I also found a bunch of x4 cards with 4 ports 2 eSata 2 internal
1224251440 M * onion_ not too many MB though supporting x8
1224251540 M * Bertl okay, have to grab some groceries, bbl
1224251546 N * Bertl Bertl_oO
1224252057 Q * onion_ Quit: bye
1224252082 Q * davidkarban Quit: Ex-Chat
1224253830 Q * Punkie Quit: ...mizim...
1224255906 J * dowdle ~dowdle@scott.coe.montana.edu
1224255995 Q * ghislainocfs2 Ping timeout: 480 seconds
1224256407 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr
1224258596 T * * http://linux-vserver.org/ |stable 2.2.0.7, devel 2.3.0.34, grsec 2.2.0.7|util-vserver-0.30.215|libvserver-1.0.2|vserver-utils-1.0.3| He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we forget about the minute. 
1224258596 T * ChanServ -
1224259102 J * Bertl_oO herbert@IRC.13thfloor.at
1224259408 J * BobR_zZ odie@IRC.13thfloor.at
1224259460 N * Bertl_oO Bertl
1224259465 M * Bertl back now ...
1224259504 J * hparker ~hparker@linux.homershut.net
1224259531 M * Supaplex hi Bertl :)
1224260158 Q * esa` Ping timeout: 480 seconds
1224260377 J * esa bip@62.123.8.76
1224260831 J * cga ~weechat@94.36.110.128
1224262093 Q * mtg Quit: Verlassend
1224263414 Q * doener Read error: Connection reset by peer
1224263550 J * doener ~doener@i577AE087.versanet.de
1224265293 Q * dowdle Remote host closed the connection
1224265304 J * dowdle ~dowdle@scott.coe.montana.edu
1224265400 J * jmcaricand jm@172.252.192-77.rev.gaoland.net
1224265566 M * jmcaricand Hi ! which is the best nfs server (user space) for my guests ? Any feedback ? 
1224265884 M * Bertl what are the options?
1224266066 M * jmcaricand Bertl: nfs-ganesha or unfs3
1224267115 M * Bertl never heard of the first one ... but sounds interesting
1224267133 M * Bertl if they are userspace, both should work fine
1224268263 P * jmcaricand 
1224269376 J * derjohn_mob ~aj@p5B23BC08.dip.t-dialin.net
1224272392 J * cga_ ~weechat@94.36.121.222
1224272473 Q * cga Ping timeout: 480 seconds
1224274409 J * hijacker_ ~hijacker@87-126-142-51.btc-net.bg
1224274597 Q * nenolod Quit: Leaving
1224274691 Q * hijacker_ Remote host closed the connection
1224275177 Q * cga_ Quit: WeeChat 0.2.6
1224276547 J * Aiken ~Aiken@ppp118-208-28-181.lns2.bne1.internode.on.net
1224276577 J * nenolod ~nenolod@ip70-189-74-62.ok.ok.cox.net
1224278490 J * Walex ~Walex@82-69-39-138.dsl.in-addr.zen.co.uk
1224278623 J * jacob ~chatzilla@gecko.geckosoftware.com
1224279197 M * jacob Hello, I'm stumped on a routing issue. My vserver host machine is on three networks. I have a vserver guest that is on two of those networks. I want it to get to the third network via a router instead of giving it the third interface. http://pastebin.com/d66db6e5
1224279250 M * jacob I was hoping that I could use routing tables to sort this out, but I have not found the right incantation :)
1224279499 M * PowerKe routing is done by the host, so you'd have to define a route there so it routes traffic for privnet2 through router
1224279593 M * jacob any tip or documents on selection? if I try without routing tables to send traffic from the guest's privnet1 ip to privnet2 via router ip, it says "file exists" - it already has  a route doing that
1224279623 M * jacob without doing anything attemps to ping privnet2 give "connect: Invalid argument"
1224279646 M * jacob which I thikn is because routing knows that eth1 should get you to privnet2 but the guest has eth0 and eth2
1224279681 M * jacob the tables aren't working because ip rules say that the first rule, 0:, is to lookup local where it gives link local routing
1224279708 M * jacob and that's evaluated before my 32765: from guestip lookup guesttable
1224280015 M * PowerKe Does it work from the host?
1224280030 M * jacob yes
1224280054 M * jacob I believe the host works fine without any routing because the link local routes (local table) are correct. it is on all 3 networks and can figure it out
1224280064 M * jacob but the guest is only given 2 of the 3 interfaces.
1224280105 M * jacob I can even ssh to the guest on privnet1 from privnet2 and it works, but the guest can't initiate a connection out to privnet2
1224280135 M * PowerKe That's odd...
1224280167 M * PowerKe routing ip requests or replies shouldn't make a difference
1224280211 M * PowerKe Are you sure this isn't a firewall issue then?
1224280264 M * PowerKe hmm, you got the connect error in the guest...
1224280330 M * jacob I am not sure about the firewall. It is currently set to be very permissive while testing & configuring. I really think it is because link local routing knows how to get to privnet2 but the guest doesn't have that interface or ip.
1224280337 M * jacob but I hope to be very wrong :)
1224280416 J * Radiance ~Radiance@193.16.154.187
1224280420 M * jacob http://pastebin.com/m126f1cbb
1224280451 M * jacob http://pastebin.com/m78dc9e62
1224280513 M * Bertl what does tcpdump say?
1224280585 M * daniel_hozac if there's a specific table specified with an ip rule, that table is going to get used.
1224280594 M * Bertl btw, you don't have any rules which would make the guest handled specific
1224280613 M * Bertl *the guest ips being handled differently
1224280617 M * jacob I added the rule for the guest, then removed it
1224280679 M * jacob I don't see anything on tcpdump run in the host. The guest says immediately connect: Invalid argument
1224280689 M * jacob when pinging to privnet2
1224280717 M * jacob isn't table 0: consulted before table 32765:?
1224280739 M * jacob or any other table id > 0
1224280761 M * daniel_hozac no.
1224280812 M * jacob ok, that's good. I'd be happy to make a full table for the guest. what's the best way to make all of it's traffic consult that table instead of the other tables?
1224281079 M * PowerKe you have table 'guest' (line 27) and table 'green' (line 31) in your paste
1224281112 M * jacob sorry. green is guest. I have missed a couple of lines trying to make it anonymous
1224281201 M * jacob when I did the routing test, table 'guest' (green) was listed in ip rule ls between local and main as 32765
1224281207 M * Bertl jacob: you know how multiple routing tables work?
1224281267 M * jacob I'm not expert on multiple routing tables. I have done multi-homed routing once. long ago. It seems like this is the reverse idea and I am having trouble getting my head around it
1224281310 M * jacob I don't know what rules to match to get the guest traffic to lookup the guest table so I can route differently than the default tables
1224281376 M * Radiance any one has an experimental merge of grsec+vserver for 2.6.23 kernels ? (or higher) 
1224281399 M * jacob i'd be glad to read some more, especially vserver specific examples. I've spent a lot of time on the LARTC site and have read over linux-vservers, but the vserver examples don't have this 3 networks 2 interfaces setup.
1224281487 M * daniel_hozac Radiance: harry posted one to the mailing list, didn't he?
1224281538 M * Radiance that would be awesome
1224281541 M * Radiance lemme check
1224281549 M * PowerKe jacob: does ping -I 192.168.0.7 192.168.1.x work on the host?
1224281586 M * jacob yes
1224281630 M * PowerKe and other pings in the guest also work?
1224281670 M * jacob the guest can ping any valid public ip and any 192.168.0/24
1224281697 M * Bertl jacob: the important part is to ignore the guest for your basic setup
1224281709 M * Bertl (or the guests to be precise)
1224281731 M * jacob ok. my host system networks with all three networks perfectly. what else should I look at?
1224281743 M * Bertl i.e. they will not interfere with the routing decisions, they will only affect the source address selection and what IPs can actually be used inside a guest
1224281770 M * Bertl on the host, try to 'use' the guest IPs
1224281780 M * jacob like that ping -I right?
1224281784 M * Radiance daniel_hozac, i've checked http://people.linux-vserver.org/~harry/ but highest version is 2.6.22.19
1224281791 M * Bertl jacob: yep, correct
1224281798 M * jacob seemed to work like a champ
1224281815 M * Bertl jacob: check with tcpdump that the proper interfaces/IPs are involved
1224281851 M * Bertl btw, in general ping is a bad choice for testing, as you probably won't do icmp communication but more tcp or udp :)
1224281863 M * Bertl (and icmp is kind of below the ip layer)
1224281867 M * jacob true, but we'vegot to start somewhere
1224281897 M * Bertl yep, so check that your ping -Is work and use proper addresses
1224281940 M * Bertl if that works, start up the guests, and use ping from inside the guest (being limited to one or more IPs from the host)
1224281966 M * Bertl jacob: btw, what kernel patch/version do you use?
1224281971 M * jacob tcpdump on [router] in the pastebin sees traffic from 192.168.0.7 to 192.168.1.1
1224282013 M * jacob it sees nothing when I ping from the guest. again, ping exits immediately with connect: Invalid argument
1224282021 M * Bertl the router connects the private networks and so does the vserver box, yes?
1224282029 M * jacob yes
1224282037 M * jacob but only the router has forwarding enabled
1224282053 M * Bertl what about rp_filter?
1224282073 M * jacob oh  my bad, the vserver host has forwarding enabled too
1224282118 M * Bertl still no reason for an invalid argument if the very same ping -I works on the host (and only involves guest IPs)
1224282153 M * jacob rp_filter is enabled on router, not on vserver host
1224282180 M * Bertl you probably want that there too, otherwise the packets might go out on the wrong interface
1224282208 M * jacob well, try ping -I eth999 <someip>
1224282225 M * jacob it says: connect: Invalid argument
1224282237 M * Bertl what IP should eth999 be?
1224282264 M * jacob I'm just saying I can reproduce that message on any machine by giving it a device that doesn't (appear to) exist
1224282282 M * Bertl not really unexpected, is it?
1224282361 M * jacob my thinking, which is probably way wrong, is that the kernel knows eth1 goes to privnet2, but I didn't give eth2 to the guest. when I try to ping privnet2 it fails.
1224282373 M * jacob oops, I didn't give eth1 to the guest
1224282389 M * jacob I suspect that if I did, all would be peachy happy
1224282392 M * ktwilight_ ooo~ a 2.6.26.6 patch :)
1224282424 M * jacob 2.6.26-1-vserver-686
1224282424 M * daniel_hozac jacob: Linux doesn't care about interfaces.
1224282429 M * jacob k
1224282445 M * jacob what about ping or ssh?
1224282456 M * Bertl note: you cannot 'give' eth1 to a guest :)
1224282497 M * jacob I'm fine w/ my theory being all wrong, I just know it's not working :)
1224282502 M * Bertl you can only 'assign' an IP which may be associated with eth1 to a guest, which will make eth1 appear inside the guest
1224282536 M * Bertl maybe let's take a step back and figure what you actually want to accomplish
1224282597 M * jacob I want the guest, green, which use to be a real machine, to work just like it did before I virtualized it. I would like it to run on the new machine which I do want to be on all three networks.
1224282623 M * Bertl which IMHO boils down to packets from 'guest' heading for privnet2 are supposed to leave into privnet1, and be routed via the router
1224282647 M * Bertl is that correct?
1224282648 M * jacob soudns great to me
1224282661 M * Bertl okay, so you are facing two problems there
1224282679 M * Bertl the first one is, that the host _has_ a network card into privnet2
1224282706 M * Bertl and the second one is, that the router knows how to reach the host on _both_ networks
1224282716 M * jacob yep
1224282741 M * Bertl i.e. before your physical machine had a separate mac address
1224282744 M * jacob but with two different ip's
1224282753 M * Bertl now that address is shared with the host machine
1224282765 M * jacob on pubnet and privnet2 right
1224282769 M * jacob i mean privnet1
1224282781 M * Bertl so you will be required to tell the router about that
1224282825 M * Bertl the first part, is a simple routing setup, but you have to catch all packets originating from the guest IP so that they take the proper route
1224282828 M * jacob the router doesn't know that the host, 192.168.1.4 and 192.168.0.4 are the same machine does it?
1224282844 M * Bertl it knows from the mac address
1224282845 M * jacob yes, that is what I would like help understanding how to do
1224282863 M * jacob mac 192.168.1.4 != 192.168.0.4
1224282911 M * jacob 192.168.0.4 dev eth0; 192.168.1.4 dev eth1; 
1224282923 M * Bertl so, first, what you _cannot_ do on the hosts: you cannot make any packets for a 'host local' ip leave the machine, without doing evil tricks with nat-ing :9
1224282949 M * jacob ugh
1224282954 M * Bertl i.e. do not even try to ping *.1.4 from *.0.4
1224282966 M * Bertl (and expect it to go via the router)
1224282979 M * jacob right. the machine knows it owns both
1224282996 M * Bertl it will work fine as host local networking, but not via the router (again without doing evil stuff :)
1224283013 M * jacob that's fine by me
1224283024 M * Bertl so, first step, separate routing tables for 'host' IPs and the guest IP(s)
1224283044 M * jacob the guest can ping all the host's ip's as expected
1224283049 M * Bertl means, add a table, let's call it 'guest'
1224283055 M * jacob k
1224283064 M * Bertl add proper rules, based on the source IP(s)
1224283115 M * Bertl i.e. 'ip rule add from <ip> table guest
1224283121 M * jacob this is where I got hung up. is it enough to do just pubnet.7 and privnet1.7? what about 'localhost"?
1224283136 M * jacob I did just ip rule add from 192.168.0.1 and it all went to pot
1224283139 M * jacob last time
1224283153 M * Bertl well, 192.168.0.1 is no guest IP, is it?
1224283162 M * jacob bah my fingers
1224283169 M * jacob 192.168.0.7
1224283186 M * Bertl you are logged onto the host via host IPs yes?
1224283205 M * Bertl you also need to setup the 'guest' table, with stuff like
1224283208 M * jacob yes. and I'm logged into the guest via guest ip
1224283215 M * Bertl ip route add .... table guest
1224283253 M * Bertl prepare the stuff, and upload the (anonymized) output of 'ip route ls' and 'ip route ls table guest'
1224283286 M * jacob like lines 27-29 of the pastebin. will I need to reproduce all the stuff in local, main and default?
1224283293 M * jacob http://pastebin.com/m78dc9e62
1224283335 M * jacob I tried the guest able with just line 28, then I added the default rule, line 29
1224283335 M * Bertl ah, you already did that there
1224283338 M * jacob I'll try again
1224283344 M * Bertl well, there is the problem
1224283351 M * Bertl 192.168.1.0/24 via 192.168.0.9 dev eth0  src 192.168.0.7
1224283362 M * Bertl but there is no way to reach 192.168.0.9 in that table
1224283383 M * Bertl you are missing something like
1224283390 M * jacob I was hoping it would figure that out from 0: local
1224283390 M * Bertl 192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.7
1224283409 M * jacob ok
1224283413 M * Bertl has nothing to do with the local table
1224283605 M * Bertl same goes for the default entry btw
1224284004 M * jacob this time adding the rule didn't seem to make everything go bad, but I still can't ping 192.168.1/24, so it seems like I don't have it active.
1224284030 M * PowerKe do you get an error, or no reply?
1224284032 M * Bertl can't ping means what exactly?
1224284058 M * jacob connect: Invalid argument
1224284089 M * Bertl what was the command?
1224284141 M * jacob http://pastebin.com/d7e81ccd7
1224284146 M * jacob ping 192.168.1.1
1224284161 M * jacob I haven't added rules for pubnet.7 yet
1224284211 M * Bertl what does 'ip addr ls' show inside the guest? and what does 'ping -I 192.168.0.7 192.168.1.1' say?
1224284262 M * jacob yeah ping -I 192.168.0.7 192.168.1.1 works
1224284267 M * jacob from guest
1224284272 M * Bertl there you go, everything fine :)
1224284290 M * PowerKe The guest still has 2 IP's, so it's probably selecting the wrong one there?
1224284300 Q * hparker Quit: Quit
1224284314 M * Bertl it is probably selecting the first assigned IP
1224284326 M * jacob ping -I pubnet.7 192.168.1.1 also works :(
1224284363 A * jacob wonders again about ping somehow selecting the interface, excuse me ip, it does not really have access to
1224284390 M * Bertl well, that is the part where the 'ip addr ls' comes into play, can we get that?
1224284423 M * jacob working on it. I use a proxy for packages and the proxy server is on... 192.168.1/24
1224284428 M * Bertl also, an 'strace -fF -o ping ping 192.168.1.1' inside the guest would be nice
1224284447 M * Bertl jacob: S/DNAT is your friend :)
1224284656 M * jacob ip addr ls http://pastebin.com/d1f297eb6
1224284706 M * Bertl what's the 127.0.0.7/8 for?
1224284783 M * jacob http://pastebin.com/d265919cd
1224284792 M * jacob ssh don't tell the vserver people :)
1224284803 M * jacob not secure shell
1224284807 M * jacob ssh like quiet :)
1224284824 M * jacob it's it's own localhost
1224284827 M * Bertl hmm, I guess that will be a problem :)
1224284838 M * jacob is that breaking it all?
1224284853 M * Bertl nah, I meant the 'not telling' part :)
1224284861 M * jacob :D
1224284896 M * Bertl but the 'lo' entry brings us back to the question, what kernel/patch is that?
1224284915 M * Bertl because you might as well shoot yourself in the foot with that one
1224284997 M * jacob I have the "debian name" 2.6.26-1-vserver-686, trying to find what the upstream versions are
1224285022 M * Bertl would be something like 2.3.0.3x I presume
1224285037 M * Bertl so yeah, you are most likely shooting yourself in the foot here :)
1224285047 M * jacob I haven't read on how vserver handles 127.0.0.1 for a long while. when I first did there was an issue with  that address. don't present it and some programs cry, present it and they all see eachother
1224285079 M * Bertl well, vs2.3.x supports isolated 'localhost' (i.e. 127.0.0.1)
1224285100 M * Bertl so all you want to do there is to set that flag, which might be default
1224285103 M * jacob I was guessing that you were going to lead to that.
1224285175 M * jacob changelog doens't help:  Update vserver patch to 2.2.0.5. in 2007... I'll google
1224285391 J * hparker ~hparker@linux.homershut.net
1224285666 M * jacob util-vserver is 0.30.216~r2772-2. still searching around and have asked on #debian:oftc
1224285734 M * Bertl well, I think it is definitely a vs2.3.x release
1224285791 J * yarihm ~yarihm@77-56-182-18.dclient.hispeed.ch
1224285950 M * jacob where do I go to read about this setting? I am not finding it. sorry
1224285965 M * Bertl http://linux-vserver.org/Capabilities_and_Flags
1224285981 M * Bertl LBACK_REMAP
1224286012 M * jacob thank you :)
1224286052 M * Bertl np
1224286106 Q * bonbons Quit: Leaving
1224286162 M * Bertl the other one is the HIDE_LBACK (check with the nflags in proc, I presume they are already set)
1224286371 M * jacob I am not finding nflags in /proc. In /proc/virtual/<xid:4>/there is info and status. ditto /proc/virtnet/<xid:4>/
1224286411 M * jacob nor in /etc/vserver/green which has context 4
1224286710 M * Bertl look in /proc/virtnet/<xid:4>/* for flags :)
1224286891 M * jacob http://pastebin.com/d684e0f7b
1224286938 M * Bertl here you go, already set there
1224286948 M * Bertl Flags:  0000000406000200
1224287047 M * jacob I should have checkd the default, that is after I created /etc/vservers/green/nflags with the value and restarted
1224287095 M * jacob which dropped some of my routing. I'll have to read up on how to preserve that. but still ping 192.168.1.1 says connect Invalid argument
1224287118 M * Bertl do we have an strace -fF yet?
1224287172 M * jacob ya. somewwhere up. Ill find it. Here is the current ip addr ls and ping http://pastebin.com/dca7cc35
1224287188 M * jacob strace ping: http://pastebin.com/d265919cd
1224287298 M * Bertl let's remove that [127.0.0.1-0.0.0.0/255.0.0.0:0010] from your guests config
1224287308 M * Bertl it is wrong in so many ways :)
1224287335 M * jacob heh ok. I am having a hard time finding the documentation on how to do it right. lots of old pages and threads about it, but no solid answer in my mind
1224287358 M * jacob i'll just stop, remove interfaces/0 and start
1224287366 M * Bertl yup, sounds good
1224287399 M * Bertl btw, you might want to remove http://pastebin.com/d684e0f7b (if you are concerned about your public ip :)
1224287624 M * jacob thanks. it's going again. loopback is visible, but it's not in virtnet/4/info as an [interface]
1224287631 M * jacob still the same story with ping
1224287642 M * jacob err
1224287644 M * jacob ...
1224287648 M * jacob did it just work?
1224287680 M * jacob yeah! I had to tripple check. I've been grinding at this a long time
1224287705 M * Bertl see, and now, if you think about it, you'll figure _why_ it works now
1224287734 M * Bertl the icmp ping is not giving an ip for the socket, so the kernel has to choose one for it
1224287756 M * Bertl as there is no real rule what to use for 192.168.1.1, it takes the fallback
1224287765 M * Bertl which is the first ip assigned to your guest
1224287787 M * Bertl unfortunately, that ip was 127.0.0.1, which cannot reach 192.168.1.1
1224287796 M * jacob I tried ping -I 127.0.0.7 and it gave a different error so I didn't htink that was it.
1224287842 M * Bertl now try to get your entire setup working and double check that the packets leave _and_ return through the proper interfaces
1224287853 M * Bertl (some adjustments to the router might be required)