1231113641 M * TobiX No. That part is working.
1231113694 M * Bertl hmm, then what do you want to accomplish?
1231113722 M * TobiX I want to connect from a guest to a service on another (or the same) guest using the external IP address. I have this setup with a real router, but it seems impossible with Vserver...
1231113730 M * daniel_hozac TobiX: don't specify the interface on the DNAT rule.
1231113760 M * daniel_hozac and you might want to do something silly like iptables -t nat -A OUTPUT -j PREROUTING, depending on your kernel.
1231113790 Q * Piet Quit: Piet
1231113791 M * Guy- is it safe to enable PID namespaces?
1231113808 M * daniel_hozac we don't use them yet.
1231113835 M * Bertl but it's safe, AFAICT
1231113839 M * Guy- OK
1231113844 M * mnemoc isn't more civilized to use split horizons in dns?
1231113844 M * TobiX daniel_hozac: 2.6.26-1-vserver-amd64 - add that silly route or not?
1231113952 M * TobiX daniel_hozac: iptables: Invalid argument - so much for that
1231113969 M * daniel_hozac not unexpected, to be honest.
1231113982 M * daniel_hozac you'd want to create your own chain, and send both OUTPUT and PREROUTING to it.
1231113986 J * hparker ~hparker@2001:470:1f0f:32c:212:f0ff:fe0f:6f86
1231114023 M * TobiX mnemoc: That would be an option, yes. But one with a rather big administrative overhead :(
1231114140 M * Guy- is there any specific trouble I should expect with 2.6.28+vs2.3.0.36.4 on x86?
1231114189 M * Guy- I shot myself in the foot in a somewhat roundabout way and will need to upgrade a remote box to something later than about 2.6.26
1231114251 M * daniel_hozac i don't know how well tested 2.6.28 is yet, but i've been pretty happy with 2.6.27.10-vs2.3.0.36.2 thus far.
1231114262 M * Guy- thanks
1231114574 M * TobiX daniel_hozac: Wooh. I don't know why this works, but it works. And there I thought I knew how iptables worked :)
1231114681 M * TobiX Then http://jengelh.medozas.de/images/nf-packet-flow.svg is wrong, I think...
1231119317 M * Supaplex cool svg
1231119320 Q * TobiX Quit: leaving
1231119390 Q * TimLyth Read error: Operation timed out
1231121065 J * TimLyth ~tux@202.134.227.227
1231121788 J * takeru ~takeru@nttkyo888227.tkyo.nt.ftth.ppp.infoweb.ne.jp
1231122226 Q * takeru Quit: takeru
1231124077 J * takeru ~takeru@nttkyo370117.tkyo.nt.ftth.ppp.infoweb.ne.jp
1231129109 M * Bertl off to bed now ... have a good one everyone!
1231129116 N * Bertl Bertl_zZ
1231131528 Q * balbir_ Ping timeout: 480 seconds
1231134700 J * balbir_ ~balbir@59.145.136.1
1231136243 Q * pmenier_off Quit: Konversation terminated!
1231138096 Q * ag- Quit: Aiee, killing interrupt handler!
1231138181 J * ag- ~ag@fedaykin.roxor.cx
1231139356 J * cga ~weechat@94.36.127.183
1231139553 J * doener_ ~doener@i577B8497.versanet.de
1231139654 Q * doener Ping timeout: 480 seconds
1231140122 Q * larsivi_ Remote host closed the connection
1231141131 J * pmenier ~pme@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr
1231141489 J * davidkarban ~david@193.85.217.71
1231142628 J * ghislainocfs2 ~Ghislain@adsl2.aqueos.com
1231143069 J * _gh_ ~gerrit@c-71-193-204-84.hsd1.or.comcast.net
1231143633 J * friendly ~friendly@ppp118-208-186-144.lns10.mel4.internode.on.net
1231143637 P * friendly 
1231143685 Q * FireEgl Remote host closed the connection
1231143821 J * mib_5tavib2h 4a03046f@webchat.mibbit.com
1231143864 M * mib_5tavib2h 123
1231143891 M * mib_5tavib2h buscando linux canals espanol
1231143909 J * larsivi ~larsivi@85.221.53.194
1231144449 M * mib_5tavib2h 111
1231144475 M * hparker mib_5tavib2h: You'll probably get more help in English
1231144661 P * mib_5tavib2h 
1231147422 N * ensc Guest95
1231147422 Q * Guest95 Read error: Connection reset by peer
1231147432 J * ensc ~irc-ensc@77.235.182.26
1231148519 J * ktwilight__ ~ktwilight@239.96-66-87.adsl-dyn.isp.belgacom.be
1231148608 Q * ktwilight__ Read error: Connection reset by peer
1231148640 J * ktwilight__ ~ktwilight@43.110-66-87.adsl-dyn.isp.belgacom.be
1231148938 Q * ktwilight_ Ping timeout: 480 seconds
1231148977 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net
1231149185 J * jsambrook ~jsambrook@aelfric.plus.com
1231151894 J * sunkencity_ ~sunkencit@h121n2c1o1036.bredband.skanova.com
1231154015 M * transacid german page but partial related http://www.heise.de/security/Grsecurity-vor-dem-Aus--/news/meldung/121136
1231154158 M * arekm that's how avoiding mainline by devs ends sometimes ;P
1231154251 M * mnemoc can you make a short summary in english? :(
1231154269 M * arekm mnemoc: google.com/translate
1231154318 J * FireEgl FireEgl@173-16-9-10.client.mchsi.com
1231154318 M * mnemoc :)
1231154319 M * arekm in short: sponsor lost, project dies
1231154361 M * mnemoc http://translate.google.com/translate?hl=en&langpair=de|en&u=http://www.heise.de/security/Grsecurity-vor-dem-Aus--/news/meldung/121136   didn't translate anything... i'll try copy&paste
1231154365 M * mnemoc oh
1231155041 M * ktwilight__ hm, i get a "rsync: change_dir "/etc/vservers/ource" failed: No such file or directory (2)" when doing vserver -m rsync, sure is strange...
1231155075 Q * Aiken Remote host closed the connection
1231155148 M * ktwilight__ aha, nevermind, got the syntax wrong :/
1231157612 J * blues_ blues@adg136.neoplus.adsl.tpnet.pl
1231157728 Q * blues Ping timeout: 480 seconds
1231159947 Q * takeru Quit: takeru
1231160230 Q * jrdnyquist Quit: Leaving
1231162028 Q * larsivi Ping timeout: 480 seconds
1231162291 P * jsambrook 
1231162886 N * Bertl_zZ Bertl
1231162890 M * Bertl morning folks!
1231163041 M * mnemoc Bertl: hi... question: beside the lack of time, what blocks vserver from been mainlined? is lkml too hostile to it?
1231163066 M * Bertl basically .. i.e. it is a political issue
1231163124 M * Bertl lkml is re-implementing most of Linux-VServer piece by piece so that it can be called 'mainline development' :)
1231163192 M * mnemoc uh
1231163287 M * Bertl that's not unusual practice ... see for example "Ingo's" CFS scheduler :)
1231163359 M * mnemoc but that "feedback" is supposed to be for improving the quality not to redesign...
1231163436 M * mnemoc i'm too naive to lkml :(  .... even linux-embedded list manages to dizyy me
1231163439 M * mnemoc idzzy
1231163444 M * mnemoc err, dizzy*
1231163543 M * ktwilight__ strange how people like to re-implement rather than integrate, strange... :|
1231163566 M * mnemoc :(
1231163586 M * Bertl re-implementation is not always a bad thing ... it's a good chance to cleanup leftover legacy stuff and such
1231163642 M * Bertl but a good knowledge of the previous implementations and the challanges it faced and solved is necessary to _improve_ the overall quality
1231163695 M * Bertl unfortunately lkml is neither interested in doing that nor willing to spend some time on investigating either :)
1231163792 M * mnemoc but linux is not a democracy, and if the technical rules are honored anything is supposed to be able to get in... or that is BS?
1231163860 M * Bertl linux has become a political playgroung, but anybody is free to make his own branch (as Linus put it), and that's exactly what we do ... since 7 years :)
1231163866 M * Bertl *ground
1231163902 M * mnemoc =)
1231164043 J * davidkarban_ ~david@193.85.217.71
1231164043 Q * davidkarban Read error: Connection reset by peer
1231164577 M * ktwilight__ Bertl, sad, but true.
1231165328 M * Bertl off for now .. have to grab some groceries ... bbl
1231165336 N * Bertl Bertl_oO
1231165613 J * larsivi ~larsivi@9.80-202-30.nextgentel.com
1231169363 Q * balbir_ Ping timeout: 480 seconds
1231171121 J * takeru ~takeru@nttkyo888227.tkyo.nt.ftth.ppp.infoweb.ne.jp
1231171374 J * dowdle ~dowdle@scott.coe.montana.edu
1231174600 N * Bertl_oO Bertl
1231174603 M * Bertl back now ...
1231174629 M * Bertl daniel_hozac: did you comment on the device namespace/cgroup thingy? (maybe I missed it :)
1231174644 M * daniel_hozac hmm? where+
1231174731 M * daniel_hozac i'm not caught up on containers list, so i have missed any device namespace patchsets.
1231174765 M * Bertl well, mainline introduced a device cgroup thingy, which is supposed to do the access control stuff we already do with the dev mapper
1231174774 M * Bertl (except for the mapping stuff, of course)
1231174810 M * Bertl it seems to be in 2.6.28 already
1231174812 M * daniel_hozac ah, yes.
1231174825 M * daniel_hozac i thought it had been available for longer than that.
1231174833 M * Bertl probably
1231174864 M * Bertl so, I was wondering, if we can add the mapping functionality of the device mapper to that?
1231174956 M * daniel_hozac well, since it's only doing access control, it doesn't hook quite the right places to allow for mapping.
1231174968 M * daniel_hozac but i guess we could just change that.
1231175374 M * Bertl was just an idea ... it seemed to me that we could save quite some code there
1231175419 M * daniel_hozac i don't know... pushing for an additional field in the inode, and some rather less than ideal semantics for it, to mainline doesn't seem like fun to me.
1231175422 M * daniel_hozac hehe.
1231175445 M * Bertl not talking about mainline here :)
1231175488 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1231175681 M * daniel_hozac i'm not sure we'd be saving too much code though. we'd have to rewrite most of it.
1231175739 M * Bertl well, currently, for the access control, we have basically the same functionality implemented twice, right?
1231175751 M * daniel_hozac yeah.
1231175774 M * Bertl and for the mapping, we need to store trees/lists to provide the necessary structures
1231175797 M * Bertl (which is already implemented for the access control in mainline too)
1231175806 M * daniel_hozac i suppose, if we make the mapping entirely separate, it wouldn't need as many changes.
1231179327 J * balbir_ ~balbir@xbl.dnsbl.oftc.net
1231180060 J * Piet ~piet@asteria.debian.or.at
1231181192 Q * takeru Quit: takeru
1231181250 Q * balbir_ Ping timeout: 480 seconds
1231183037 Q * davidkarban_ Quit: Ex-Chat
1231183182 Q * cga Quit: WeeChat 0.2.6
1231183463 Q * gnuk Quit: NoFeature
1231188963 J * Aiken ~Aiken@ppp118-208-102-132.lns3.bne4.internode.on.net
1231192560 J * docelic__ ~docelic@78.134.204.73
1231192978 Q * docelic_ Ping timeout: 480 seconds
1231193450 J * Walex ~Walex@82-69-39-138.dsl.in-addr.zen.co.uk
1231194322 Q * bonbons Quit: Leaving
1231196122 Q * sunkencity Quit: sunkencity
1231196224 J * sunkencity ~joel@h121n2c1o1036.bredband.skanova.com
1231196289 Q * sunkencity 
1231196779 Q * Walex Remote host closed the connection
1231196784 Q * sunkencity_ Ping timeout: 480 seconds
1231197027 J * blues blues@adh86.neoplus.adsl.tpnet.pl
1231197144 Q * blues_ Ping timeout: 480 seconds
1231198476 Q * docelic__ Quit: http://www.spinlocksolutions.com/
1231198511 J * docelic ~docelic@78.134.204.73