1249604342 Q * bonbons Quit: Leaving 1249607276 J * saulus_ ~saulus@c150195.adsl.hansenet.de 1249607276 Q * saulus Read error: Connection reset by peer 1249607284 N * saulus_ SauLus 1249607911 J * saulus_ ~saulus@c192089.adsl.hansenet.de 1249608320 Q * SauLus Ping timeout: 480 seconds 1249608328 N * saulus_ SauLus 1249610431 J * derjohn_foo ~aj@e180192065.adsl.alicedsl.de 1249610747 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1249610865 Q * derjohn_mob Ping timeout: 480 seconds 1249611361 M * Bertl off to bed now .. have a good one everyone! 1249611366 N * Bertl Bertl_zZ 1249611806 J * Veslei ~majo@189.105.202.93 1249613917 Q * Veslei Quit: ..ALIVEscript  Prof. ROCHESTER usa.. Movimentocircularuniforme!! 1249614488 Q * Snow-Man Ping timeout: 480 seconds 1249614690 J * Snow-Man ~sfrost@tamriel.snowman.net 1249620262 J * doener_ ~doener@i59F57828.versanet.de 1249620364 Q * doener Ping timeout: 480 seconds 1249620981 J * sharkjaw ~gab@149-49-95.oke2-bras6.adsl.tele2.no 1249623411 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1249624076 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1249626041 Q * puck Ping timeout: 480 seconds 1249626110 J * scientes__ ~scientes@97-113-165-251.tukw.qwest.net 1249626238 J * puck ~puck@leibniz.catalyst.net.nz 1249626448 Q * derjohn_foo Ping timeout: 480 seconds 1249628997 J * dna ~dna@55-197-103-86.dynamic.dsl.tng.de 1249631311 J * derjohn_foo ~aj@51.42.69.80.in-addr.net-lab.net 1249632376 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1249632869 J * emcepe ~mcp@wolk-project.de 1249632874 J * dna_ ~dna@55-197-103-86.dynamic.dsl.tng.de 1249632971 J * arachnis1 arachnist@smierc.net 1249632988 J * mxs mxs@p4FCCB1A8.dip.t-dialin.net 1249633090 J * larsivi_ ~larsivi@70.84-48-63.nextgentel.com 1249633092 J * Hunger- ~Hunger@Hunger.hu 1249633132 J * fosco_ fosco@marx.wirefull.org 1249633139 J * kiorky_ ~kiorky@cryptelium.net 1249633158 J * PowerKe_ ~tom@d5153A2D7.access.telenet.be 1249633163 J * sladen__ paul@starsky.19inch.net 1249633164 J * maharaja_ raoul@93-189-26-52.rev.ipax.at 1249633169 J * AndrewLe1 ~andrew@u7.hlc.edu.tw 1249633172 J * jpic_ ~jpic@chocolatpistache.com 1249633172 J * bzed_ ~bzed@devel.recluse.de 1249633177 J * Abraxas_ ~Abraxas@94-224-69-84.access.telenet.be 1249633179 Q * dna testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * sharkjaw testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * Abraxas testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * larsivi testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * mxs_ testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * _nono_ testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * skainz testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * PowerKe testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * hijacker_ testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * nkukard testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * Hunger testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * derjohn testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * Rankin testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * kiorky testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * FIChTe testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * arachnist testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * matthew-_ testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * maharaja testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * theocrite testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * sladen testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * snooze testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * jpic testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * bzed testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * AndrewLee testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * fosco testlink-hotel.oftc.net galapagos.oftc.net 1249633179 Q * mcp testlink-hotel.oftc.net galapagos.oftc.net 1249633179 N * arachnis1 arachnist 1249633180 N * bzed_ bzed 1249633180 J * theocrite ~Robert@kim.theocrite.org 1249633185 J * derjohn ~derjohn@80.69.41.3 1249633190 J * snooze ~o@1-1-4-40a.gkp.gbg.bostream.se 1249633190 J * matthew-_ ~ms@ns2.wellquite.org 1249633436 J * skainz ~skainz@zidpc9027.tu-graz.ac.at 1249633437 J * _nono_ ~gomes@libation.ircam.fr 1249633455 J * Rankin ~sel@217-210-176-5-no37.tbcn.telia.com 1249633467 J * sharkjaw ~gab@149-49-95.oke2-bras6.adsl.tele2.no 1249633482 J * hijacker_ ~hijacker@213.91.163.5 1249633515 J * nkukard ~nkukard@196.212.73.74 1249633549 J * FIChTe fichte@bashpipe.de 1249634158 J * nohnoh krystek_@62.108.181.211 1249634163 M * nohnoh hello :) 1249634177 Q * nohnoh 1249634517 J * geb ~geb@79.82.4.46 1249635330 N * AndrewLe1 AndrewLee 1249636536 M * geb hi 1249636801 N * Abraxas_ Abraxas 1249637297 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net 1249638691 J * ghislainocfs21 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1249639015 Q * ghislainocfs2 Ping timeout: 480 seconds 1249640135 J * davidkarban ~david@193.85.217.71 1249641138 Q * pmenier_off Ping timeout: 480 seconds 1249641595 Q * geb Ping timeout: 480 seconds 1249642343 J * geb ~geb@79.82.4.46 1249642498 Q * scientes__ Ping timeout: 480 seconds 1249642808 Q * dna_ Ping timeout: 480 seconds 1249644871 Q * yang Quit: leaving 1249644988 Q * Abraxas Quit: bbl 1249645045 J * dna_ ~dna@55-197-103-86.dynamic.dsl.tng.de 1249646209 J * Pazzo ~ugelt@reserved-225136.rol.raiffeisen.net 1249647022 N * Bertl_zZ Bertl 1249647027 M * Bertl morning folks! 1249647143 M * geb welcome :) 1249648123 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1249648217 N * sladen__ sladen 1249648415 Q * ghislainocfs21 Ping timeout: 480 seconds 1249649927 J * ghislainocfs21 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1249650225 Q * ghislainocfs2 Ping timeout: 480 seconds 1249652839 J * docelic ~docelic@78.134.207.117 1249652855 J * uva bno@118-160-161-205.dynamic.hinet.net 1249653448 Q * derjohn_foo Ping timeout: 480 seconds 1249653602 Q * sharkjaw Remote host closed the connection 1249653634 J * pmenier_off ~pmenier@ACaen-152-1-17-115.w83-115.abo.wanadoo.fr 1249654848 J * derjohn_foo ~aj@e180192065.adsl.alicedsl.de 1249656309 Q * nkukard Quit: Leaving 1249656650 J * dowdle ~dowdle@scott.coe.montana.edu 1249657439 J * nkukard ~nkukard@196.212.73.74 1249658419 M * Bertl off for now .. bbl 1249658424 N * Bertl Bertl_oO 1249658694 J * mxs_ mxs@p4FCC935F.dip.t-dialin.net 1249658995 Q * mxs Ping timeout: 480 seconds 1249659752 Q * pmjdebru1jn Quit: leaving 1249660115 Q * dna_ Ping timeout: 480 seconds 1249660541 Q * Pazzo Quit: Ex-Chat 1249660988 N * DoberMann[ZZZzzz] DoberMann 1249661234 J * pmjdebruijn pascal@jester.pcode.nl 1249661276 Q * pmjdebruijn 1249661283 J * pmjdebruijn pascal@jester.pcode.nl 1249661296 Q * pmjdebruijn 1249661384 J * pmjdebruijn pascal@jester.pcode.nl 1249662441 J * TheSeer ~theseer@border.office.nonfood.de 1249662445 M * TheSeer heya :) 1249662449 M * TheSeer goot evening everyone 1249662458 Q * vServer_User Ping timeout: 480 seconds 1249662618 N * Bertl_oO Bertl 1249662622 M * Bertl back now ... 1249662626 M * Bertl evening TheSeer! 1249662651 M * TheSeer [root@core4 ~]# vrpm mx -- -qa | grep toaster 1249662651 M * TheSeer vcontext: execvp("rpm"): No such file or directory 1249662655 M * TheSeer ouhm...? 1249662657 M * TheSeer ;) 1249662675 M * TheSeer what did i mess up this time? 1249662738 M * Bertl maybe simply no rpm there? 1249662759 M * TheSeer do i have to have rpm within the guest to use vrpm? 1249662782 M * TheSeer i mean, the box itself is a centos server, so it really has rpm... 1249662803 M * Bertl depends on the guest config .. i.e. internalized vs. external (I'd say) 1249662814 Q * uva Read error: Connection reset by peer 1249662821 J * mrfree ~mrfree@host1-89-static.40-88-b.business.telecomitalia.it 1249662827 M * TheSeer good point.. let's check 1249662906 Q * mrfree Remote host closed the connection 1249662924 Q * geb Quit: / 1249663002 J * mrfree ~mrfree@host1-89-static.40-88-b.business.telecomitalia.it 1249663051 J * ousado ~johnny@p5B3C126B.dip0.t-ipconnect.de 1249663186 J * krystian_ ~krystek_@ehg63.neoplus.adsl.tpnet.pl 1249663190 M * krystian_ hi 1249663196 Q * mrfree Remote host closed the connection 1249663352 Q * gnuk Quit: NoFeature 1249663409 M * Bertl hey krystian_! 1249663426 M * krystian_ i was using 2.6.29.6+vs+grs[experimental] patch, now I switched to 2.6.22.19+vs+grs [stable] and I can't run my guest vserver - "chbind: kernel does not provide network isolation"... could anyone tell my how to fix it, please? 1249663461 M * Bertl what util-vserver version? 1249663505 Q * ousado__ Ping timeout: 480 seconds 1249663509 M * krystian_ vserver 0.30.216-pre2772 -- manages the state of vservers 1249663558 M * Bertl I'd suggest to get a newer one, and if that doesn't work out, try without the grsec 1249663625 M * krystian_ there is newer version in repo, 0.30.216~r2842-2 [debian package]... 1249663656 M * krystian_ i'll try upgrade later, thanks Bertl :) 1249663734 M * Bertl np, let us know how it goes 1249663753 M * krystian_ okey :) 1249663915 M * TheSeer Bertl: the vserver in question was copied from one box over to this one 1249663927 M * TheSeer Bertl: for whatever reason it is confused in regards to rpm 1249663944 M * TheSeer no idea what happend, i manually updated the rpm in question by copying the files... 1249663949 M * TheSeer solved the problem for now ;> 1249663972 M * TheSeer anyway.. weekend :) 1249663975 Q * TheSeer Quit: Client exiting 1249664231 M * krystian_ kernel: [27002.228054] vxW: [?ps?,3805:#40017|40017|40017] did lookup hidden ffff81022a06e6f8[#0,4] ?/dev/pts?. - what's going on? 1249664340 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1249664366 M * Bertl a process (ps, pid=3805) inside your guest (context 40017), did lookup a devpts entry which belongs to the host 1249664394 M * Bertl this usually happens when you use 'enter' on a guest, and bring the host pty with you (into the guest) 1249664629 M * krystian_ ah, so :) 1249664729 M * krystian_ i was using experimental version, 2.6.29.6 but it was totally unstable 1249664763 M * Bertl probably because you used the grsec version 1249664764 M * krystian_ server was crashing all the time 1249664768 M * krystian_ yes 1249664812 M * Bertl if you experience any crashes with the mainline version, please let me know 1249664819 M * Bertl (or other issues FWIW :) 1249664827 M * krystian_ is grs+vs "stable version" stable? :) 1249664844 M * krystian_ i'll check stable version on monday 1249664882 M * krystian_ i don't have physical access to server on weekends, so i don't want to try 1249664993 M * Bertl well, the grsec patches are done by harry, who has not much time/patience to test them, so they can always be considered 'experimental' 1249665040 M * Bertl if you aim for stability, I'd suggest to go for a mainline version, preferably 2.6.22.x or 2.6.27.x (if you want experimental) 1249665070 M * krystian_ i wish to have any working version with grsecurity :)) 1249665081 M * krystian_ i must have working version with grs 1249665151 M * Bertl well, then you have to take your chances with one of harry's patches :) 1249665211 M * krystian_ wish me luck :D 1249665336 M * Bertl good luck :) 1249665386 M * krystian_ ;) 1249665699 Q * davidkarban Quit: Ex-Chat 1249666699 M * krystian_ when i started to use vs [long time ago] mount --bind between guests was working fine.... until now 1249666724 M * krystian_ Bertl: what did you broken with mount! tell me, now :) 1249666729 M * krystian_ broke 1249667777 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1249668049 Q * Piet Quit: Piet 1249668069 J * Piet ~piet@659AABLCZ.tor-irc.dnsbl.oftc.net 1249668245 M * Bertl --bind mounts between host and guest (or even between guests) work fine .. what kind of breakage do you see? 1249668684 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1249668816 J * Mr_Smoke smokey@layla.lecoyote.org 1249668826 M * Mr_Smoke Hi crowd :) 1249668841 M * Bertl hi Mr_Smoke! :) 1249668858 M * Mr_Smoke Hey Bertl :) 1249668875 M * Mr_Smoke I'm wondering about this ... I have a setup running 2.2.0.7 1249668893 M * Mr_Smoke All the vservers have their eth0 with a publicly reachable ip address 1249668929 M * Mr_Smoke Now, suppose I assign them a non-routable address, such as one belonging to 10.0.0.0/8 or 192.168.0.0/16 etc 1249668948 M * Bertl instead or in addition to the public one? 1249668954 M * Mr_Smoke Is this something I must do on the eth0 or should I create a dummy interface, or can I do both ? 1249668957 M * Mr_Smoke In addition. 1249668961 M * Mr_Smoke The goal is this : 1249668962 J * balbir_ ~balbir@122.172.32.209 1249668980 Q * ghislainocfs21 Ping timeout: 480 seconds 1249668980 M * Bertl you can put the IP on any interface you like, the guest doesn't care 1249668997 M * Mr_Smoke I would like to run stuff like phpmyadmin, postfixadmin etc on ip-based virtual hosts that would only be "listening" on a virtual, non-routable LAN 1249668999 M * Bertl eth0, dummy0, lo ... 1249669003 M * Mr_Smoke (which I would then reach via VPN) 1249669022 M * Mr_Smoke Bertl: but it has no implication on hat the outside world will see ? 1249669035 M * Bertl if you set it up properly, no 1249669041 M * Mr_Smoke Say that I bind one of the guests to 192.168.1.2 on its eth0 1249669054 M * Mr_Smoke The host will also "have" that address, necessarily, IIRC 1249669070 M * Bertl there is no 'its eth0' i.e. eth0 belongs to the host. period. 1249669072 M * Mr_Smoke Can't someone spoof 192.168.1.3 and pretend they're on the same link ? 1249669097 M * Bertl if you allow traffic to 192.168.1.2 on eth0, yes 1249669111 M * Bertl local traffic will go over lo (for example for vpn) 1249669111 M * Mr_Smoke Bertl: oh, sorry about the language. I meant "the part of the host's eth0 that is visible to the guest" 1249669122 M * Mr_Smoke Hm 1249669142 M * Mr_Smoke Let's do this the other way around then 1249669145 J * BenG ~bengreen@94-169-110-10.cable.ubr22.aztw.blueyonder.co.uk 1249669170 M * Mr_Smoke I'm thinking, the host will be running a VPN client and connect to my home VPN. So it has a tun0, routes etc. 1249669226 M * Mr_Smoke Once it's up, should I set up a dummy LAN between the guests so that VPN hosts can talk to the gueses through the VPN ? 1249669254 M * Mr_Smoke Hm I just understood the implications of what you said earlier 1249669293 M * Mr_Smoke If a guest is talking to its host, it will go through lo, no mater what the IP setup 1249669304 M * Bertl correct 1249669340 M * Bertl you can do a bunch of things to make the guests reachable in your vpn 1249669342 M * Mr_Smoke So basically, the host is running VPN, routing the traffic to and from the VPN to its gueses if necessary, and nothing is visible form the outside world because it all happens on lo 1249669371 M * Mr_Smoke (sorry about the typos, HSDPA playing up and mucho lag) 1249669382 M * Bertl 1) you can 'assign' a vpn address to each guest (on e.g. lo or tun0) 1249669411 M * Bertl the fact that the guest is aware of that address, allows you to do checks inside the guest (or just bind to the vpn address) 1249669426 M * Mr_Smoke True, I could "share" tun0 1249669435 M * Bertl 2) you can 'reserve' a vpn address per guest, and map it to the public one (via S/DNAT) 1249669470 M * Bertl a little more flexible on the host (regarding assignment, etc) but the access checks have to happen on the host, as the guest is not aware of this setup 1249669502 M * Bertl 3) you can assign a private IP to each guest, reserve a public IP for network acces, and use S/DNAT on the host to grant access 1249669523 M * Bertl this is probably the most flexible and most secure variant, without any internal knowledge in the guests 1249669544 M * Bertl you can (re)map any port to any public IP, and prevent any unwanted access 1249669566 M * Mr_Smoke Hm yeah. 1249669598 M * Mr_Smoke Won't work for all my guests, but I used to do something similar back with 2.1 or 2.0, I think 1249669674 M * Bertl you can mix and match on a per-guest basis, so no problem there 1249669692 M * Mr_Smoke I think for the moment I will leave the public settings as they are, and use solution 3 for the VPN. 1249669746 M * Mr_Smoke This way, for specific guests, I can make them listen for SSH/sensitive web apps on the VPN address only, and hence prevent unwanted access or even break-in attempts 1249669770 M * Mr_Smoke Thanks for clearing it all up :) I keep forgetting about the lo thing, for host-guest or guest-guest talk, that is 1249669845 M * Mr_Smoke naddress can add an interface on the fly, right ? 1249670003 M * Bertl yep 1249670009 M * Mr_Smoke Ex-cellent. 1249670075 M * Mr_Smoke Thanks a bunch :) 1249670419 Q * BenG Quit: I Leave 1249670560 M * Bertl you're welcome! 1249673303 J * dna ~dna@55-197-103-86.dynamic.dsl.tng.de 1249675333 J * ghislainocfs21 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1249675648 Q * ghislainocfs2 Ping timeout: 480 seconds 1249676709 M * krystian_ Bertl: hmm.. no luck with mount --bind /dev/lv/lvm_vol1 /vserver/apache/home :( 1249676726 M * Bertl did you do it in the guest's namespace? 1249676765 M * krystian_ no, host 1249676780 M * Bertl well, then it isn't quite unexpected, is it? 1249676795 M * Bertl enter the guest namespace with vnamespace, and do the mount there 1249676962 J * ktwilight_ ~keliew@145.14-240-81.adsl-dyn.isp.belgacom.be 1249677091 M * krystian_ Bertl, done, thanks :D 1249677098 M * Bertl np 1249677180 Q * ktwilight Ping timeout: 480 seconds 1249677639 M * krystian_ echo "default" > /etc/vservers/apache/apps/init/mark is enough to autostart at boot? 1249677693 M * Bertl yes, if you have a vserver-default runlevel script 1249677733 M * krystian_ yes, i got it :) 1249677738 J * uva bno@118-168-237-111.dynamic.hinet.net 1249677752 M * krystian_ but what about my mount ? vnamespace --enter apache -- mount ... 1249677852 M * krystian_ i need to find a place, where i can put that line during start..;) 1249677961 M * Bertl best put it in the guest configs fstab? 1249678012 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1249678094 M * krystian_ right......... :) 1249679864 Q * krystian_ 1249681256 Q * Piet Quit: Piet 1249681298 J * Piet ~piet@659AABLIO.tor-irc.dnsbl.oftc.net 1249681886 Q * puck Ping timeout: 480 seconds 1249681894 Q * dna Quit: Verlassend 1249682015 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1249682292 J * puck ~puck@leibniz.catalyst.net.nz 1249682627 Q * bonbons Quit: Leaving 1249682677 Q * fosco_ Quit: Reconnecting 1249682678 J * fosco fosco@marx.wirefull.org 1249688604 J * mib_bghiunri 51a8fd13@webchat.mibbit.com 1249688614 P * mib_bghiunri