1260662990 Q * bonbons Quit: Leaving 1260663509 M * orogor_ nobosy here? 1260664255 Q * tokkee Server closed connection 1260664256 J * tokkee tokkee@osprey.tokkee.org 1260664423 N * Bertl_oO Bertl 1260664426 M * Bertl back now ... 1260664471 M * Bertl orogor_: try to explain your setup, and again, what's your kernel/patch/util-vserver version? 1260665072 Q * niki_work Server closed connection 1260665096 J * niki_work ~niki@cpe.fe4-0-120.0x50a6de52.kdnxd4.customer.tele.dk 1260665626 M * orogor_ Bertl: kernel 2.6.26.2 from debian 1260665641 M * orogor_ i think i didnt got how the entwork was supposed to be configured 1260665663 M * orogor_ do i have to craete either a dummy0 card or an eth0:1 card for this to work ? 1260665725 M * orogor_ right now when i start the dummy0 card the host server can t ping anymore (worked at on point) 1260665764 M * orogor_ i tried setting the server with a dummy0 card at 10.1.172 with the real card at .174 1260665774 M * orogor_ and presenting the dummy one to the host 1260665787 M * orogor_ but as i said right now this eems to break networking 1260665855 M * orogor_ i thought configuring the guest to use some cardand some ip would create the cardwith that ip on the hos , but apparently not 1260665865 M * orogor_ Bertl: got it? 1260666058 M * Bertl you don't need a dummy0 for Linux-VServer, it is based on IP isolation 1260666101 M * Bertl you do not need an eth0:1 (alias) either, but a) you should avoid the known broken debian kernel, and b) what is your network setup, i.e. what do you want to achieve? 1260666125 M * Bertl should the guest get a public IP or a private IP, should it be masqueraded or directly connected? 1260666160 M * orogor_ directly connected 1260666174 M * Bertl public IP, same network as the host? 1260666185 M * orogor_ same net 1260666232 M * Bertl so simply another public IP in the same net for the guest, yes? 1260666239 M * orogor_ ya 1260666268 M * Bertl then just put 'eth0' in /etc/vservers//interfaces/0/dev 1260666295 M * Bertl the guest ip in 'ip' (same dir) and the prefix or netmask in 'prefix' or 'netmask' 1260666313 M * Bertl do not configure the IP on the host, util-vserver will do that for you 1260666353 M * Bertl if you want to use 'lo' inside the guest, disable the single IP special casing by putting ~single_ip in /etc/vservers//nflags 1260666425 M * orogor_ well same network , but not same ip 1260666451 M * orogor_ haa , guest , escuse me 1260666550 M * Bertl hmm? 1260666606 M * orogor_ the term host and guest arent very clear sometime for me 1260666651 M * orogor_ id prefere sometime virtualizing and virtualised or somethign like that 1260666704 M * orogor_ cause the guest can be either the person who invite to stay at the house or the person who stay at the house 1260666733 M * Bertl ah, okay, we call the virtual environment 'guest' and the physical machine 'host' 1260666760 M * Bertl (should be described on the wiki, btw :) 1260666798 M * orogor_ yes , everyone has the same convention , but still sometime i get troubled 1260666800 M * orogor_ hummm 1260666805 M * orogor_ actually that work 1260666821 M * orogor_ now i still have this previous issue that postfix is actuallya black hole for some domains 1260666848 M * Bertl well, I'd say that is a configuration problem (for postfix) 1260666876 M * Bertl postfix works perfectly fine in a Linux-VServer guest, we all use it 1260667319 M * orogor_ yes 1260667335 M * orogor_ i fear it s liked to the crash , like a corrupt binary or some weirdo stuff 1260667365 M * Bertl could be, but as I suggested, check that the single IP special casing doesn't affect your guest 1260667389 M * Bertl postfix often communicates with stuff like postgrey via lo 1260667412 M * Bertl (and checks for loopback ips) 1260667988 Q * yarihm Quit: This computer has gone to sleep 1260668040 M * orogor_ thanks 1260668059 M * Bertl you're welcome! 1260669784 Q * FireEgl Remote host closed the connection 1260672590 Q * jrklein Server closed connection 1260675170 Q * orogor_ Remote host closed the connection 1260676822 J * saulus_ ~saulus@c192171.adsl.hansenet.de 1260677228 Q * saulus Ping timeout: 480 seconds 1260677236 N * saulus_ SauLus 1260678717 J * FelipeMcMont ~mcmont@187.59.243.141 1260680179 J * FireEgl ~FireEgl@2001:470:e056:1:4::9 1260680790 Q * FelipeMcMont 1260681516 J * Piet ~Piet__@04ZAACV3S.tor-irc.dnsbl.oftc.net 1260685301 M * Bertl off to bed now ... have a good one everyone! 1260685306 N * Bertl Bertl_zZ 1260687788 Q * nenolod Quit: Leaving 1260688562 J * ghislain ~AQUEOS@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1260693001 J * derjohn_mob ~aj@e180197239.adsl.alicedsl.de 1260694963 J * dna ~dna@p54BC9C8D.dip0.t-ipconnect.de 1260695001 Q * theocrite Remote host closed the connection 1260695566 J * lucrus ~papo@host-84-223-101-141.cust-adsl.tiscali.it 1260696410 J * yang yang@yang.netrep.oftc.net 1260696438 N * Guest1476 yang2 1260696475 N * yang2 Guest1518 1260696887 J * nenolod ~nenolod@petrie.dereferenced.org 1260697473 N * Guest1518 yang2 1260697979 Q * geb Quit: / 1260698672 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1260699901 J * thierryp ~thierry@home.parmentelat.net 1260701130 J * ghislain1 ~AQUEOS@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1260701433 Q * ghislain Ping timeout: 480 seconds 1260701621 J * pmenier ~pmenier@ACaen-152-1-90-55.w83-115.abo.wanadoo.fr 1260702164 J * julius ~julius@217.20.127.15 1260702298 Q * lucrus Quit: Sto andando via 1260703435 Q * blues_ Quit: Reconnecting 1260703436 J * blues ~blues@afy19.neoplus.adsl.tpnet.pl 1260703775 Q * larsivi Remote host closed the connection 1260705250 J * larsivi ~larsivi@37.80-202-217.nextgentel.com 1260705344 J * yarihm ~yarihm@102-59-239-77-pool.cable.fcom.ch 1260708771 N * infowolfe Guest1543 1260708771 J * infowolfe ~infowolfe@c-71-236-152-35.hsd1.or.comcast.net 1260709090 Q * infowolfe Quit: infowolfe 1260709505 J * theocrite ~Hubert@kim.theocrite.org 1260711176 Q * dna Ping timeout: 480 seconds 1260712028 Q * thierryp Remote host closed the connection 1260712836 J * dna ~dna@p54BC9C8D.dip0.t-ipconnect.de 1260714378 J * JonB ~NoSuchUse@192.38.8.25 1260714643 Q * isodude Ping timeout: 480 seconds 1260715202 Q * Guest1397 1260715205 Q * SubZero Read error: Connection reset by peer 1260717624 Q * pmenier Quit: Konversation terminated! 1260717687 Q * JonB Quit: Leaving 1260719418 Q * bonbons Ping timeout: 480 seconds 1260720915 J * FaUl immo@shell.chaostreff-dortmund.de 1260720917 M * FaUl hey 1260720959 M * FaUl is there any way to make files and directorys visible only in one particular vserver? 1260722498 J * thierryp ~thierry@home.parmentelat.net 1260722927 N * Bertl_zZ Bertl 1260722931 M * Bertl morning folks! 1260722961 M * Bertl FaUl: yes, via namespaces and bind mounts 1260722988 M * FaUl Bertl: is there any for that howto yet? 1260723018 M * FaUl arr 1260723030 M * FaUl i fucked up the question 1260723037 M * Bertl np, I got it 1260723054 M * FaUl is there any way to make files and directorys in proc visible only in one particular vserver 1260723059 M * Bertl no howto, but it's basically mainline ... i.e. works on any linux machine since a few years 1260723061 M * FaUl that would be the correct question 1260723085 M * Bertl ah, for proc hiding it is more complicated 1260723086 M * FaUl i know how bind mounts work, yes ;-) 1260723110 M * Bertl there is no way to hide files/dirs per guest, but you can overlay them 1260724822 Q * ghislain1 Quit: Leaving. 1260727882 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1260733769 Q * dna Read error: Connection reset by peer 1260733783 J * dna ~dna@p54BC9C8D.dip0.t-ipconnect.de 1260736322 J * docelic ~docelic@78-2-106-183.adsl.net.t-com.hr 1260736506 J * dna_ ~dna@p54BC9C8D.dip0.t-ipconnect.de 1260736543 Q * yarihm Quit: This computer has gone to sleep 1260736901 Q * dna Ping timeout: 480 seconds 1260737282 M * fback daniel_hozac: it seems OpenWRT has some patches to compile ipv6 as a module too 1260737289 M * fback good evening :) 1260737539 M * Bertl against Linux-VServer? 1260737687 M * fback Bertl: daniel_hozac asked about asking pld people about sending patches that allows compiling ipv6 as a module upstream 1260737725 M * fback Bertl: openwrt seems to be another project that has similar (maybe the same?) patches 1260737747 M * Bertl against a Linux-VServer kernel? 1260737749 M * fback maybe there's a reason upstream didn't incorporate this? 1260737771 M * fback Bertl: afair pld has / works on this 1260737791 M * Bertl okay, but what's the relation to OpenWRT? 1260737961 M * fback Bertl: that's another project with ipv6 compiled as a module. 1260737984 M * Bertl but they do not use a Linux-VServer kernel, or? 1260738031 M * fback afaik no, they don't :) 1260738052 M * Bertl so .. I'm trying to figure what's the relation then? 1260738120 M * blathijs Bertl: It seems there's not relation to vserver, but only to daniel_hozac who has expressed his interest. 1260738129 M * blathijs Or that's what I gather from the above, anyway 1260738202 M * Bertl but, I cannot see the relation between daniel_hozac asking for patches from the 'pld folks' adding modular ipv6 to Linux-VServer and the OpenWRT project .. but maybe that's just me :) 1260738217 M * fback Bertl: http://people.fback.net/fb/log.txt 1260738220 M * daniel_hozac nope, i don't get it either :-) 1260738237 M * blathijs Bertl: Apparantly the OpenWRT folks have made similar patches as the pld folks? 1260738239 M * fback maybe that's my fault 1260738263 M * Bertl blathijs: that's what I'm trying to figure, but that would imply that they are using Linux-VServer :) 1260738281 M * fback I thought about pld folks adding patches for modular ipv6 to vanilla :) 1260738288 M * daniel_hozac no. 1260738297 M * daniel_hozac modular IPv6 in vanilla is not at all a problem. 1260738305 M * Bertl it has been there since years 1260738320 M * Bertl (to make all those distros happy :) 1260738330 M * blathijs Ah, in that case, I don't completely understand it either :-p 1260738382 M * fback hmm, that means I'm not allowed to compile it as a module because of vserver patch? :) 1260738390 M * Bertl correct 1260738437 M * Bertl and IMHO, there is no rela point in modular ipv6, unless you are maintaining a distribution 1260738444 M * fback so that's my misunderstanding 1260738449 J * blues_ ~blues@acwj132.neoplus.adsl.tpnet.pl 1260738512 M * fback sorry for the mess 1260738530 M * Bertl np 1260738566 Q * blues Ping timeout: 480 seconds 1260739074 J * geb ~geb@earth.gebura.eu.org 1260743995 Q * thierryp Remote host closed the connection 1260744057 J * yarihm ~yarihm@80-219-169-125.dclient.hispeed.ch 1260744115 Q * yarihm 1260745354 M * vServer_User hi guys 1260745365 M * vServer_User how can you tell if a cpuset is working in a guest 1260745369 M * vServer_User as "top" will show all 4 cores 1260745377 M * vServer_User but it should be limited to 1 1260745401 M * vServer_User cat /proc/virtual/*/sched also shows 4 cores (is that correct?) 1260745416 N * _are__ _are_ 1260745430 Q * bonbons Quit: Leaving 1260745438 M * vServer_User nm, i think i've answered my own question 1260745452 M * vServer_User it shows 4 cores, but 3 of them have little to no activity 1260745557 Q * docelic Ping timeout: 480 seconds 1260746457 Q * geb Ping timeout: 480 seconds 1260747336 J * mrjack mrjack@office.smart-weblications.net 1260747336 M * mrjack hi 1260747465 M * mrjack has anyone ever succeeded in running lvs on a vserver hostsystem and use vservers as "realservers" for a ldirector-lb? 1260747661 M * Bertl as there is no virtual networking, there is no real point in doing so 1260747679 M * smash Bertl: is there any more documentation on iptables? 1260747687 M * Bertl mrjack: but running LVS on the host is no problem 1260747696 M * smash the issue I am suffering from is that packets that go to a node do not enter PREROUTING 1260747714 M * smash even if I dont have any rules at all and use a default policy of drop, the packets will still arrive at their destination within the node 1260747717 M * mrjack Bertl: i have the problem that ipvsadm says connections to vservers on the same hosts are local thus not beeing masqd nor routed 1260747739 M * Bertl smash: that sounds unusual, kernel/patch version? 1260747744 M * smash 2.6.32 1260747745 M * smash .36 1260747758 M * mrjack Bertl: the point is having two or more host-servers, running www[1-4] on 4 physical machines, each with lvs and heartbeat to do the failover + loadbalancing 1260747778 Q * dna_ Quit: Verlassend 1260747793 M * Bertl smash: and what connections are we talking about? (and which table to do you look at)? 1260747814 M * smash Bertl: like .. if I try an iptables -t nat -A PREROUTING -d node_ip -j ACCEPT the packet counter doe snot increase although the packets are delivered 1260747820 M * smash udp 1260747831 M * smash and I am looking at nat with the standard verbose level and listing 1260747925 M * smash now the weird part is .. I can redirect packets in PREROUTING using DNAT, so they somehow have to pass it .. but as I said even if I set default policy for prerouting to drop they will still arrive .. 1260747948 M * smash theres only two reasons I can think of that cause such behavior a) a flaw in the vs patch b) changes are not taking effect immediately 1260747986 M * Bertl as we do not touch the networking in this regard, I doubt a) unless it is a mainline bug 1260748002 M * Bertl b) sounds at least unusual too, let me test with a simple setup 1260748053 M * smash I will also test it again (I am testing for like 24h now, but I stopped this morning) 1260748120 Q * cuba33ci Remote host closed the connection 1260748218 M * smash right now I am able to reproduce it 1260748279 M * smash I have 3 rules in place of PREROUTING the last one will redirect ALL incomding udp traffic (destination of the node) to another port 1260748282 M * smash it doesnt match even once 1260748292 M * smash and the client trying to reach the application times out 1260748457 M * smash the 3 rules are: 1) a string match based on baseword1 2) a string match based on bareword2 3) redirect all other udp traffic .. the first two do match .. the 3rd one doesnt .. if I sniff incoming at the host itself the properties of the package are correct .. it just doesnt get redirected and the verbose counter stays at 0 1260748534 M * smash this is just one of several variants where that problem occurs .. yesterday for instance I set prerouting to policy drop and used an greedy match on ALL packets (no matter what protocol) with the destination of the node .. the counter stayed at 0 as well but the packets were routed