1226966569 Q * dowdle Remote host closed the connection 1226967076 Q * pisco Remote host closed the connection 1226967134 J * pisco ~pisco@86.59.118.153 1226967457 Q * Mojo1978 Ping timeout: 480 seconds 1226967558 J * Mojo1978 ~Mojo1978@ip-88-152-50-100.unitymediagroup.de 1226968050 Q * hparker Quit: Quit 1226968181 Q * pisco Ping timeout: 480 seconds 1226968259 J * pisco ~pisco@86.59.118.153 1226968570 J * hparker ~hparker@2001:470:1f0f:32c:212:f0ff:fe0f:6f86 1226968765 Q * geb Remote host closed the connection 1226970393 Q * bonbons Remote host closed the connection 1226970439 J * xdr ~xdr@118-173-96-87.cust.blixtvik.se 1226970546 Q * xdr_ Ping timeout: 480 seconds 1226973993 J * ntrs_ ~ntrs@77.29.21.43 1226974477 Q * ntrs_ Ping timeout: 480 seconds 1226975358 Q * nenolod Quit: Leaving 1226975582 J * nenolod ~nenolod@ip70-189-74-62.ok.ok.cox.net 1226978219 J * balbir ~balbir@32.97.110.53 1226978455 Q * doener Quit: leaving 1226979106 J * doener ~doener@i577AF9EF.versanet.de 1226979834 Q * Mojo1978 Read error: Connection reset by peer 1226980158 Q * ensc Ping timeout: 480 seconds 1226984221 J * ensc ~irc-ensc@p54B4E1DE.dip.t-dialin.net 1226984428 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1226984731 N * quinq qzqy 1226985308 J * hparker ~hparker@2001:470:1f0f:32c:212:f0ff:fe0f:6f86 1226990596 J * sharkjaw ~gab@149-67-194.231210.adsl.tele2.no 1226991944 N * Bertl_zZ Bertl_oO 1226992680 J * mtg ~mtg@vollkornmail.dbk-nb.de 1226993685 J * davidkarban ~david@193.85.217.71 1226994246 Q * larsivi Ping timeout: 480 seconds 1226995581 Q * grobie` Ping timeout: 480 seconds 1226997226 J * larsivi ~larsivi@85.221.53.194 1226997976 J * arapaho ~arapaho@213.223.114.206 1227000369 Q * bibabu Quit: Coyote finally caught me 1227000373 J * bibabu bibabu@mikene.org 1227000526 J * grobie ~grobie@valgrind.schnuckelig.eu 1227001118 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1227001446 N * morrigan_oO morrigan 1227001741 J * Hurga ~foest@h-213.61.155.114.host.de.colt.net 1227001791 N * arapaho Guest3848 1227001806 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1227001846 Q * Guest3848 Ping timeout: 480 seconds 1227001866 J * arapaho ~arapaho@213.223.114.206 1227001942 M * Hurga cool, just entering the channel makes me realize my mistake 1227002061 M * mnemoc that's Bertl-effect, one gets enlightened just by joining :D 1227002085 M * Hurga could be :) 1227002690 J * chI6iT41 ~chigital@services.mivitec.net 1227002808 M * pmenier Hello 1227002832 M * pmenier Problem with last patch ? http://paste.linux-vserver.org/12606 1227003151 Q * pmenier Read error: Connection reset by peer 1227003223 J * pmenier ~pme@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr 1227003374 J * _nono_ ~gomes@libation.ircam.fr 1227003517 M * bonbons pmenier: seems so, I'm seeing same behavior here ... 1227003563 M * bonbons seems any non-zero context as no /proc access anymore 1227003579 M * pmenier ah ok... i just reboot on 2.6.27.5-vs2.3.0.35.9 to be sure :) 1227003614 M * arekm bonbons: will test ipv6 patch later 1227003737 M * bonbons arekm: for what I could test here with the patch bind() now fails [did no attempt without it] 1227006306 M * fb pmenier,bonbons: upgrade your util-vserver 1227006597 M * pmenier what version ? i use 0.30.216-pre2794 1227006706 M * pmenier will try pre2824 1227007131 M * pmenier same error with 0.30.216-pre2824 1227008662 Q * eyck Ping timeout: 480 seconds 1227009670 J * dna ~dna@52-200-103-86.dynamic.dsl.tng.de 1227009744 J * eyck 08fkGSw8@nat03.nowanet.pl 1227010752 J * Mojo1978 ~Mojo1978@ip-88-152-50-100.unitymediagroup.de 1227011826 Q * eyck Ping timeout: 480 seconds 1227012307 J * eyck xC4172wW@nat05.nowanet.pl 1227013347 J * derjohn_mob ~aj@139.12.1.252 1227013409 J * wibble wibble@vortex.ukshells.co.uk 1227014839 J * kir ~kir@swsoft-msk-nat.sw.ru 1227014871 Q * sharkjaw Remote host closed the connection 1227014889 M * arekm bonbons: bind is disallowed now and correct source is used if I do ping6 some_remote_v6 1227014923 M * arekm bonbons: netlink still lies but this is the same af for ipv4 1227014997 M * bonbons arekm: netlink? what's the test-case? 1227015029 M * arekm bash-3.2# ip r g 1.1.1.1 1227015029 M * arekm 1.1.1.1 via 192.168.0.254 dev eth0 src 192.168.0.250 cache mtu 1500 advmss 1460 hoplimit 64 1227015033 M * arekm bash-3.2# ip a |grep 250 1227015035 M * arekm bash-3.2# 1227015036 M * arekm see "src 192.168.0.250" 1227015044 M * arekm (that's from inside of guest) 1227015113 N * qzqy quinq 1227015310 M * bonbons arekm: cool, on my old kernel the route case if correct for ipv6 but not for ipv4 1227015338 M * bonbons that is ipv6 suggests guest's source address, but ipv4 suggests host's main address 1227015378 M * arekm bonbons: is the "src xx" address on host the same as shown in guest by any luck? 1227015391 M * arekm bash-3.2# ip a |grep :200 1227015391 M * arekm bash-3.2# ip r g 2a01:390:1:0:a800:ffff:fede:ad05 1227015391 M * arekm 2a01:390:1:0:a800:ffff:fede:ad05 from :: via fe80::211:22ff:fe33:4455 dev eth0 proto kernel src 2002:594c:1b49:1:211:d8ff:feb3:200 metric 1024 expires 27sec mtu 1280 advmss 1220 hoplimit 64 1227015445 M * bonbons yes, matches host/guest in all cases ... will check in a second guest 1227015575 M * bonbons everywhere the same, so the first on seems to have been winning... any later attempt comes from some cache 1227015606 M * arekm then try different ip in each guest :) 1227015637 Q * opuk Quit: leaving 1227015652 M * arekm here wrong src is displayed at netlink but of course correct one when actually trying to connect 1227015708 M * bonbons checking which address is used, it's the first one listed by ip addr list for both ipv4 and ipv6 1227015761 M * bonbons I would assume nxi is not passed for the netlink case... (I hope the source selection code is not duplicated for this!) 1227015771 A * bonbons out to lunch 1227016648 M * daniel_hozac arekm: we don't modify routes. 1227016899 M * arekm so "broken by design" 1227016963 M * arekm reboothing then to new fixed kernel 1227019858 Q * larsivi Remote host closed the connection 1227020653 Q * ktwilight_ Remote host closed the connection 1227020697 Q * ghislainocfs2 Quit: Leaving. 1227022561 Q * mtg Quit: Verlassend 1227023339 Q * chI6iT41 Ping timeout: 480 seconds 1227023439 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1227023441 J * mrfree ~mrfree@host1-89-static.40-88-b.business.telecomitalia.it 1227023457 M * mrfree hi all 1227023485 M * mrfree I noticed something "strange" about amavis-new and postfix in a guest 1227023497 M * mrfree and ip address 1227023519 M * mrfree both amavis and postfix bind 127.0.0.1 1227023607 M * mrfree but when postfix connects to the amavis daemon amavis (using net::server) detects 11.22.33.44 for the client ip but it is the eth0 IP addr of the HOST!! 1227023631 M * mrfree it should be "invisible" in the guest, isn't it? 1227023663 M * mrfree "ip addr" in the guest only reports "lo" 1227023699 M * mrfree any idea? 1227023723 M * mrfree I'm using linux-vserver 2.6.26-vs2.3.0.35.6 1227023724 M * PowerKe what do you mean by detects? Maybe you're using a dns name that's resolving to the external IP? 1227023742 M * PowerKe Or do you really see it on the incoming mail log as the remote IP? 1227023767 M * mrfree in the mail.log file amavis reports DENIED ACCESS from 11.22.33.44 1227024025 M * mrfree I'm not sure but it could be an amavis-new issue 1227024039 M * mrfree because an old version on another guest works right 1227024059 M * PowerKe Did you grant any special capabilities to the guest? 1227024126 M * mrfree I cloned it (using rsync) from the working one, nothing more nothing less 1227024139 M * mrfree then I updated some software 1227024161 M * PowerKe ok, but nothing special in /etc/vservers//bcapabilities ? 1227024170 J * dowdle ~dowdle@scott.coe.montana.edu 1227024200 Q * davidkarban Quit: Ex-Chat 1227024225 M * mrfree no, that file doesn't exist here 1227024338 M * PowerKe I'm running amavis-new on 2.2.0 and haven't encountered any similar problem 1227024378 M * mrfree I'm running amavis-new 2.6.1 1227024400 M * mrfree 2.5.2 seems to work fine 1227024416 M * PowerKe Same here: amavisd-new-2.6.1 1227024466 M * PowerKe I'm binding on localhost though, with localhost = 172.16.x.x in /etc/hosts 1227024526 Q * derjohn_mob Ping timeout: 480 seconds 1227024533 M * PowerKe You're sure the incoming connection is from postfix on the same guest and not from something on the host (or internet)? 1227024537 J * larsivi ~larsivi@9.80-202-30.nextgentel.com 1227024550 M * daniel_hozac mrfree: are you using SNAT? 1227024587 M * mrfree daniel_hozac yes 1227024618 M * daniel_hozac limited to your outbound interface? 1227024633 M * mrfree iptables -t nat -A PREROUTING -s 10.10.0.10 -p tcp -m multiport --destination-ports 25,993,636 -j DNAT --to-destination 192.168.0.7 1227024671 M * mrfree opss DNAT 1227024680 M * daniel_hozac no SNAT? 1227024749 M * mrfree iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d ! 192.168.0.0/24 -j SNAT --to-source $EXTIP 1227024766 M * daniel_hozac that's your problem. 1227024770 M * daniel_hozac add -o eth0 1227024985 M * mrfree daniel_hozac, I think you're right now the incoming connection comes from 192.168.0.7 that is the local guest IP 1227025029 M * mrfree which device should I use for /etc/vserver/.../interfaces/0/dev ?? 1227025059 M * daniel_hozac the interface on which you want the IP address to be added. 1227025678 J * opuk ~kupo@potatisbulle.com 1227026040 J * doener_ ~doener@i577BAED4.versanet.de 1227026141 Q * doener Ping timeout: 480 seconds 1227026801 J * chI6iT41 ~chigital@tmo-100-193.customers.d1-online.com 1227027082 J * ntrs_ ~ntrs@77.29.17.126 1227027737 M * mrfree daniel_hozac, I noticed another little thing :) it I use telnet localhost 10024 for example from the guest shell the ip that try to connects is 192.168.0.7 (eth0 in the guest) instead of 127.0.0.1 1227027763 M * daniel_hozac does /etc/hosts in the guest have 127.0.0.1 localhost in it? 1227027777 M * mrfree yes 1227027795 M * daniel_hozac do you have single_ip enabled for the network context? 1227027817 M * mrfree what do you mean with "single_ip"? 1227027850 M * mrfree actually ip addr in the guest reports lo 127.0.0.1 and eth0 192.168.0.7 1227028066 Q * chI6iT41 Ping timeout: 480 seconds 1227028067 M * mrfree daniel_hozac, I suppose using the shell I'm "using" 127.0.0.1 1227028426 M * mrfree daniel_hozac, ok I found what is the single_ip flag :) no I haven't enable any flag 1227028652 Q * ntrs_ Ping timeout: 480 seconds 1227029059 M * mrfree daniel_hozac, forcing ~SINGLE_IP worked :) thz 1227029546 Q * mrfree Quit: Leaving 1227030490 J * ktwilight ~ktwilight@87.66.193.174 1227030519 Q * Hurga Remote host closed the connection 1227031170 J * geb ~geb@4.4.82-79.rev.gaoland.net 1227031175 M * geb hi 1227031505 N * pmenier pmenier_off 1227032106 J * Slydder1 ~chuck@dslb-088-072-096-160.pools.arcor-ip.net 1227032212 J * cga ~weechat@94.36.130.212 1227032251 Q * Slydder1 1227032289 J * Piet ~piet@86.59.118.153 1227032313 J * ntrs_ ~ntrs@77.29.17.126 1227033485 Q * kir Quit: Leaving. 1227033947 J * hparker ~hparker@2001:470:1f0f:32c:215:f2ff:fe60:79d4 1227033960 J * chI6iT41 ~chigital@tmo-096-120.customers.d1-online.com 1227034533 Q * chI6iT41 Ping timeout: 480 seconds 1227034588 Q * gnuk Quit: NoFeature 1227035124 J * chI6iT41 ~chigital@tmo-100-240.customers.d1-online.com 1227038178 J * dallas ~dallas@sf.newdream.net 1227039345 J * ntrs__ ~ntrs@77.29.11.119 1227039762 Q * ntrs_ Ping timeout: 480 seconds 1227040123 M * pflanze What is VSERVER_AUTO_LBACK exactly? The only page about it that I found in the wiki (http://linux-vserver.org/GroteblupsList) doesn't explain it. 1227040154 M * pflanze I guess I want "n" for the old behaviour? 1227040211 M * pflanze (I'm using aliases for creating ip's and iptable rules to define access) 1227040305 M * pflanze Hm. About same question for VSERVER_AUTO_SINGLE. 1227040310 M * pflanze Is this ngnet already? 1227040318 M * daniel_hozac AUTO_LBACK assigns a private loopback address to each guest. 1227040326 M * daniel_hozac no, mainline is doing ngnet. 1227040332 M * pflanze yes that's what the help text says 1227040340 M * micah pflanze: LBACK is very useful! 1227040351 M * pflanze micah: why? 1227040373 M * micah if you have any process that likes to bind to the loopback interface, this will be very useful 1227040373 M * pflanze I already assign a loopback ip to each guest. 1227040384 M * micah you no longer need to do that with LBACK 1227040403 M * pflanze Yes but then I'll have to rewrite all my setup stuff I guess 1227040411 M * pflanze I guess it doesn't buy me anything? 1227040421 M * pflanze If I'm already doing it with the config. 1227040432 M * daniel_hozac any service that really cares about 127.0.0.1 will be happy. 1227040447 M * pflanze But my guests already were happy with localhost services. 1227040448 M * micah except that each of your guests can see all the other guests over the loopback in your setup 1227040459 M * daniel_hozac there's that too. 1227040466 M * pflanze micah: nope, that's what the firewalling rules prevented 1227040472 M * micah with LBACK, you have a fully virtualized loopback 1227040479 M * micah pflanze: clean out the attic :) 1227040509 M * pflanze I'll only do that in the future when I know everything is working right. 1227040514 M * pflanze So I'm going with "n" for now. 1227040527 M * pflanze What about VSERVER_AUTO_SINGLE? 1227040534 M * daniel_hozac it does what the help text says. 1227040548 M * pflanze If I want the vs2.2 behaviour, I say "n", correct? 1227040558 M * daniel_hozac you say y. 1227040591 M * pflanze ehr. Then I don't understand it. Also, my guests all have 2 ip's. 1227040639 M * pflanze hm is this what chbind did? 1227040678 M * daniel_hozac what? 1227040716 M * daniel_hozac contexts with NXF_SINGLE_IP set will bind to the first IP, always. 1227040740 M * pflanze The chbind tool; it did set up the network contexts. iirc. hum. 1227040765 M * daniel_hozac AUTO_SINGLE sets NXF_SINGLE_IP automatically, and removes it when the context gets more than one IP. 1227040773 M * daniel_hozac just like it worked in vs2.2. 1227040799 M * pflanze What 2.2 did for me was: if some service binds to *, it gets the first ip. This is what I've relied on (the first ip is the "localhost" ip). 1227040804 M * pflanze k 1227040810 M * pflanze hm 1227040830 M * pflanze removes it. whatever, I guess if I have 2 ip's it's totally irrelevant anyway. 1227040845 M * daniel_hozac no, that's not what 2.2 does. 1227040857 M * daniel_hozac only if the context only has one IP will 0.0.0.0 bind to the first one. 1227040911 M * pflanze ( hm. Yes binding to * would bind to both ip's, true; what I've meant was that outgoing connections would use the first ip. ) 1227040989 A * pflanze never heard of NXF_SINGLE_IP, anyway 1227041025 N * ensc Guest3922 1227041034 J * ensc ~irc-ensc@77.235.182.26 1227041136 Q * Guest3922 Ping timeout: 480 seconds 1227041275 Q * cga Quit: WeeChat 0.2.6 1227041281 M * pflanze Of course I wanted to say NGNet above. 1227042261 Q * Piet Quit: Piet 1227042649 J * derjohn_mob ~aj@e180206070.adsl.alicedsl.de 1227044636 Q * Mojo1978 Remote host closed the connection 1227046096 Q * dna Quit: Verlassend 1227046458 Q * dallas Ping timeout: 480 seconds 1227047099 Q * chI6iT41 Ping timeout: 480 seconds 1227048004 J * chI6iT41 ~chigital@tmo-096-97.customers.d1-online.com 1227048579 Q * chI6iT41 Ping timeout: 480 seconds 1227048857 M * pflanze Hm, /proc isn't mounted anymore in a guest. 1227048890 M * pflanze in spite of the 'none /proc proc defaults 0 0' entry in /etc/vservers/$vservername/fstab 1227048995 M * daniel_hozac what makes you say that? 1227049107 M * pflanze # lsof -i -n 1227049107 M * pflanze lsof: can't open /proc 1227049128 M * pflanze aha, # ls -lrt /proc/ 1227049128 M * pflanze ls: /proc/: Permission denied 1227049151 M * pflanze hm. why is this? 1227049184 J * chI6iT41 ~chigital@tmo-100-129.customers.d1-online.com 1227049200 M * daniel_hozac what kernel? 1227049209 M * pflanze 2.6.27.6-vs2.3.0.35.10 1227049254 M * pflanze previously I was running 2.6.22.x + vs2.2 1227049376 M * daniel_hozac setattr --~hide /proc 1227049430 M * pflanze on the host? on which dir, the host's /proc ? 1227049452 M * pflanze showattr /proc | head -1 is 1227049453 Q * chI6iT41 Read error: Connection reset by peer 1227049455 M * pflanze AwH-bui- /proc/ 1227049472 A * pflanze tries 1227049537 M * pflanze that helps; but hm is it safe? 1227049555 M * daniel_hozac safe to give the guest access to the /proc root directory? 1227049561 M * daniel_hozac of course. 1227049595 M * pflanze I mean, it sounds a bit strange to set 'permissions' on the *host's* proc so that the guest can use it 1227049607 M * daniel_hozac there's just one /proc. 1227049628 M * pflanze What's the purpose of the hide flag? 1227049666 M * pflanze and why isn't it cleared by vproc_unhide or so? 1227049711 M * daniel_hozac it's a bug. 1227049719 M * pflanze k 1227049768 Q * eyck Ping timeout: 480 seconds 1227050573 M * pflanze Thanks, things seem to be working. This is a test machine, tell me if you'd like me to test something in particular. 1227051231 J * mugwump ~samv@watts.utsl.gen.nz 1227051251 M * mugwump anyone know how to force 'vserver xxx exec' to allocate a psuedo-terminal? 1227051264 M * mugwump this used to happen with util-vserver 0.30.210, but not 0.30.212 1227051282 M * mugwump at least I'm trying to figure out why I can't 'vserver xxx exec login -f username' 1227051446 A * mugwump will check back later & 1227051450 J * eyck ocqRlemd@nat06.nowanet.pl 1227051477 Q * hparker Quit: Quit 1227051560 M * pflanze I can confirm that exec login -f user exits right away; but "vserver foo exec bash -c 'lsof -p $$'" *does* show /dev/pts/$x as stdin/out so? 1227051634 M * pflanze well, the kernel says (only with the login, not the lsof): vxW: [»login«,11439:#1001|1001|1001] did lookup hidden devpts:f5bc157c[#0,2] »/dev/pts«. 1227051668 M * pflanze (and the vserver tool exits with status code 1) 1227051780 M * daniel_hozac mugwump: enter is the only one that allocates a tty.