1260837300 Q * bzed Remote host closed the connection 1260837614 J * bzed ~bzed@devel.recluse.de 1260838292 Q * BenG Quit: I Leave 1260839206 Q * bonbons Quit: Leaving 1260841678 Q * PowerKe Ping timeout: 480 seconds 1260841705 Q * ghislain synthon.oftc.net larich.oftc.net 1260841705 Q * DreamerC synthon.oftc.net larich.oftc.net 1260841705 Q * sardyno synthon.oftc.net larich.oftc.net 1260841705 Q * kjj synthon.oftc.net larich.oftc.net 1260841705 Q * tam synthon.oftc.net larich.oftc.net 1260841705 Q * evilhackerdude synthon.oftc.net larich.oftc.net 1260841705 Q * faheem synthon.oftc.net larich.oftc.net 1260841705 Q * karasz synthon.oftc.net larich.oftc.net 1260841705 Q * micah synthon.oftc.net larich.oftc.net 1260841819 J * ghislain ~AQUEOS@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1260841819 J * DreamerC ~DreamerC@122-116-181-118.HINET-IP.hinet.net 1260841819 J * sardyno ~me@pool-173-75-5-88.pitbpa.fios.verizon.net 1260841819 J * kjj ~kjj@pool-74-107-128-126.ptldor.fios.verizon.net 1260841819 J * evilhackerdude ~stephan@78.46.203.42 1260841819 J * micah ~micah@micah.riseup.net 1260841819 J * karasz ~karasz@shell.opensde.net 1260841819 J * faheem ~faheem@rrcs-70-63-128-198.midsouth.biz.rr.com 1260841819 J * tam ~tam@gw.nettam.com 1260841825 Q * sardyno Max SendQ exceeded 1260841867 J * sardyno ~me@pool-173-75-5-88.pitbpa.fios.verizon.net 1260842250 Q * tam synthon.oftc.net larich.oftc.net 1260842250 Q * evilhackerdude synthon.oftc.net larich.oftc.net 1260842250 Q * kjj synthon.oftc.net larich.oftc.net 1260842250 Q * ghislain synthon.oftc.net larich.oftc.net 1260842250 Q * faheem synthon.oftc.net larich.oftc.net 1260842250 Q * karasz synthon.oftc.net larich.oftc.net 1260842250 Q * micah synthon.oftc.net larich.oftc.net 1260842250 Q * DreamerC synthon.oftc.net larich.oftc.net 1260842432 J * ghislain ~AQUEOS@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1260842432 J * DreamerC ~DreamerC@122-116-181-118.HINET-IP.hinet.net 1260842432 J * kjj ~kjj@pool-74-107-128-126.ptldor.fios.verizon.net 1260842432 J * evilhackerdude ~stephan@78.46.203.42 1260842432 J * micah ~micah@micah.riseup.net 1260842432 J * karasz ~karasz@shell.opensde.net 1260842432 J * faheem ~faheem@rrcs-70-63-128-198.midsouth.biz.rr.com 1260842432 J * tam ~tam@gw.nettam.com 1260842594 J * PowerKe ~tom@d5153A2D7.access.telenet.be 1260842965 Q * tam resistance.oftc.net larich.oftc.net 1260842965 Q * evilhackerdude resistance.oftc.net larich.oftc.net 1260842965 Q * kjj resistance.oftc.net larich.oftc.net 1260842965 Q * ghislain resistance.oftc.net larich.oftc.net 1260842965 Q * faheem resistance.oftc.net larich.oftc.net 1260842965 Q * karasz resistance.oftc.net larich.oftc.net 1260842965 Q * micah resistance.oftc.net larich.oftc.net 1260842965 Q * DreamerC resistance.oftc.net larich.oftc.net 1260843109 J * tam ~tam@gw.nettam.com 1260843249 J * ghislain ~AQUEOS@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1260843249 J * DreamerC ~DreamerC@122-116-181-118.HINET-IP.hinet.net 1260843249 J * kjj ~kjj@pool-74-107-128-126.ptldor.fios.verizon.net 1260843249 J * evilhackerdude ~stephan@78.46.203.42 1260843249 J * micah ~micah@micah.riseup.net 1260843249 J * karasz ~karasz@shell.opensde.net 1260843249 J * faheem ~faheem@rrcs-70-63-128-198.midsouth.biz.rr.com 1260843886 Q * evilhackerdude synthon.oftc.net larich.oftc.net 1260843886 Q * kjj synthon.oftc.net larich.oftc.net 1260843886 Q * ghislain synthon.oftc.net larich.oftc.net 1260843886 Q * faheem synthon.oftc.net larich.oftc.net 1260843886 Q * karasz synthon.oftc.net larich.oftc.net 1260843886 Q * micah synthon.oftc.net larich.oftc.net 1260843886 Q * DreamerC synthon.oftc.net larich.oftc.net 1260843999 J * ghislain ~AQUEOS@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1260843999 J * DreamerC ~DreamerC@122-116-181-118.HINET-IP.hinet.net 1260843999 J * kjj ~kjj@pool-74-107-128-126.ptldor.fios.verizon.net 1260843999 J * evilhackerdude ~stephan@78.46.203.42 1260843999 J * micah ~micah@micah.riseup.net 1260843999 J * karasz ~karasz@shell.opensde.net 1260843999 J * faheem ~faheem@rrcs-70-63-128-198.midsouth.biz.rr.com 1260844038 Q * micah Remote host closed the connection 1260844040 J * micah ~micah@micah.riseup.net 1260844107 Q * hparker Quit: Quit 1260844503 Q * yang Ping timeout: 480 seconds 1260844816 Q * FloodServ synthon.oftc.net services.oftc.net 1260844881 J * FloodServ services@services.oftc.net 1260845846 M * Bertl off to bed now ... have a good one everyone! 1260845855 N * Bertl Bertl_zZ 1260846093 P * jpic 1260846726 Q * faheem Server closed connection 1260846737 J * faheem ~faheem@rrcs-70-63-128-198.midsouth.biz.rr.com 1260848214 Q * karasz Server closed connection 1260848216 J * karasz ~karasz@shell.opensde.net 1260848331 Q * imcsk8 Quit: Leaving 1260849633 J * saulus_ ~saulus@d003045.adsl.hansenet.de 1260849853 J * hparker ~hparker@linux.homershut.net 1260850043 Q * SauLus Ping timeout: 480 seconds 1260850049 N * saulus_ SauLus 1260850498 J * ghislain1 ~AQUEOS@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1260850571 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1260850577 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1260850614 Q * evilhackerdude Server closed connection 1260850615 J * evilhackerdude ~stephan@78.46.203.42 1260850786 Q * ghislain Ping timeout: 480 seconds 1260851893 J * jrklein ~jrklein@2001:0:53aa:64c:0:7dac:b4d8:690 1260854288 Q * FireEgl Remote host closed the connection 1260855105 J * FireEgl FireEgl@173-16-9-10.client.mchsi.com 1260855942 Q * kjj Server closed connection 1260857256 J * kjj ~kjj@pool-74-107-128-126.ptldor.fios.verizon.net 1260857545 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1260858532 J * yang yang@yang.netrep.oftc.net 1260859206 Q * DreamerC Server closed connection 1260859218 J * DreamerC ~DreamerC@122-116-181-118.HINET-IP.hinet.net 1260860633 Q * nenolod Quit: Leaving 1260861061 J * geb ~geb@earth.gebura.eu.org 1260861514 Q * thierryp Remote host closed the connection 1260862016 J * sharkjaw ~gab@64.28.12.166 1260862068 Q * derjohn_mob Ping timeout: 480 seconds 1260862771 Q * FaUl Read error: Connection reset by peer 1260862999 J * FaUl immo@shell.chaostreff-dortmund.de 1260863849 Q * DreamerC Quit: leaving 1260863865 J * DreamerC ~DreamerC@122-116-181-118.HINET-IP.hinet.net 1260864401 Q * balbir Ping timeout: 480 seconds 1260865295 J * thierryp ~thierry@zankai.inria.fr 1260866048 Q * FaUl Ping timeout: 480 seconds 1260866325 J * FaUl immo@shell.chaostreff-dortmund.de 1260867771 J * davidkarban ~david@80.250.18.198 1260868593 J * kir ~kir@swsoft-msk-nat.sw.ru 1260868747 J * yarihm ~yarihm@80-219-169-125.dclient.hispeed.ch 1260868797 J * nenolod ~nenolod@petrie.dereferenced.org 1260868827 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1260869291 J * derjohn_mob ~aj@80.85.196.112 1260870859 N * Bertl_zZ Bertl_oO 1260871862 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net 1260874456 Q * ensc|w Ping timeout: 480 seconds 1260875937 T * * http://linux-vserver.org/ |stable 2.2.0.7, devel 2.3.0.36.26, grsec 2.3.0.36.26|util-vserver-0.30.216-pre2864| He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we forget about the minute. 1260875937 T * Bertl - 1260875972 Q * geb Ping timeout: 480 seconds 1260875982 J * geb ~geb@earth.gebura.eu.org 1260876031 J * swen ~quassel@217.72.66.253 1260876090 M * swen hi all 1260876110 M * swen i have trouble setting up koala guest in vserver 1260876253 M * swen omg! 1260876258 M * swen nevermind 1260876271 M * swen I've just pinpointed the problem 1260876294 J * fosco fosco@marx.wirefull.org 1260876305 M * swen (echo plain > style) 1260877869 Q * ard Ping timeout: 480 seconds 1260878861 Q * yarihm Quit: This computer has gone to sleep 1260879183 Q * larsivi_ Ping timeout: 480 seconds 1260880227 J * Yepsen ~yepsen@ip-95-222-78-232.unitymediagroup.de 1260881002 Q * sharkjaw Quit: Leaving 1260881842 J * ensc|w ~ensc@www.sigma-chemnitz.de 1260883702 Q * vServer_User Ping timeout: 480 seconds 1260883755 J * vServer_User ~vServer_U@host90-152-15-246.ipv4.regusnet.com 1260884355 Q * vServer_User Remote host closed the connection 1260884370 J * vServer_User ~vServer_U@host90-152-15-246.ipv4.regusnet.com 1260884893 J * hparker ~hparker@linux.homershut.net 1260884900 Q * hparker Remote host closed the connection 1260884944 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1260884970 Q * vServer_User Remote host closed the connection 1260884984 J * vServer_User ~vServer_U@host90-152-15-246.ipv4.regusnet.com 1260885584 Q * vServer_User Remote host closed the connection 1260885598 J * vServer_User ~vServer_U@host90-152-15-246.ipv4.regusnet.com 1260886346 Q * hparker Remote host closed the connection 1260886678 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1260887145 N * Bertl_oO Bertl_zZ 1260890177 M * mrjack re 1260891370 J * yarihm ~yarihm@office-zrh.youngsolutions.ch 1260891589 Q * yarihm 1260892271 Q * jrklein Quit: jrklein 1260892782 J * balbir_ ~balbir@59.94.244.12 1260893542 Q * davidkarban Quit: Ex-Chat 1260893621 Q * balbir_ Ping timeout: 480 seconds 1260893911 J * jrklein ~jrklein@2001:0:53aa:64c:0:acb8:b948:7b5d 1260894153 Q * geb Ping timeout: 480 seconds 1260894421 J * imcsk8 ~ichavero@148.229.1.11 1260894444 J * dowdle ~dowdle@scott.coe.montana.edu 1260894568 J * jrklein_ ~jrklein@2001:0:53aa:64c:0:a8e4:b948:7b5d 1260894754 Q * jrklein Ping timeout: 480 seconds 1260895012 J * jrklein ~jrklein@2001:0:53aa:64c:0:a6ad:b948:7b5d 1260895049 Q * jrklein_ Ping timeout: 480 seconds 1260895251 J * balbir_ ~balbir@59.94.244.12 1260895513 Q * kir Quit: Leaving. 1260895734 Q * jrklein Ping timeout: 480 seconds 1260895762 J * jrklein ~jrklein@2001:0:53aa:64c:0:a344:b948:7b5d 1260895911 Q * balbir_ Ping timeout: 480 seconds 1260896364 Q * jrklein Ping timeout: 480 seconds 1260896364 M * thierryp daniel_hozac: ping 1260896385 M * thierryp I'm done with my f12 setup 1260896401 M * thierryp any plan to support f12 in util-vserver natively ? 1260896457 M * thierryp I've published the yum repos with kernel.vs , util-vserver and yum for a plain fedora box if that's of interest 1260896475 M * thierryp http://build.onelab.eu/vserver/f12/ 1260896838 M * harry i hope the kernel patch i put online works properly 1260896846 M * harry didn't get the chance to test it... 1260897183 J * jrklein ~jrklein@2001:0:53aa:64c:0:6396:b4d8:690 1260897483 Q * dowdle Remote host closed the connection 1260897491 J * dowdle ~dowdle@scott.coe.montana.edu 1260897852 Q * thierryp Ping timeout: 480 seconds 1260897997 Q * Yepsen Ping timeout: 480 seconds 1260898086 M * ghislain1 hello, i have a little memory hole here, what is the differences between ulimit and rlimit ? 1260898170 M * ghislain1 when i google them i just find very similar thing 1260898422 J * thierryp ~thierry@zankai.inria.fr 1260898496 M * ghislain1 seems rlimit is the same but for 2.6 1260898557 J * niki ~niki@0x5553169c.adsl.cybercity.dk 1260898796 N * Bertl_zZ Bertl 1260898801 M * Bertl back now ... 1260898834 M * Bertl ghislain1: ulimit is per 'user' limit inside a guest, rlimit is the total (sum) limit of a guest 1260898859 M * ghislain1 oh thanks bertl 1260898870 J * niki_ ~niki@0x5553169c.adsl.cybercity.dk 1260899191 Q * niki Ping timeout: 480 seconds 1260899398 Q * niki_ Ping timeout: 480 seconds 1260899771 J * niki ~niki@0x5553169c.adsl.cybercity.dk 1260900284 J * niki_ ~niki@0x5553169c.adsl.cybercity.dk 1260900401 Q * niki Ping timeout: 480 seconds 1260900444 N * niki_ niki 1260900580 M * Bertl off for now ... bbl 1260900585 N * Bertl Bertl_oO 1260900683 Q * thierryp Quit: ciao folks 1260900823 Q * derjohn_mob Ping timeout: 480 seconds 1260901151 J * kezar ~kezar@rb178-1-88-163-25-248.fbx.proxad.net 1260901153 M * kezar hi 1260902020 J * derjohn_mob ~aj@c175010.adsl.hansenet.de 1260902295 J * BenG ~bengreen@cpc2-aztw22-2-0-cust521.aztw.cable.virginmedia.com 1260902480 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1260902776 Q * nenolod Ping timeout: 480 seconds 1260902803 J * blues_ ~blues@acvz29.neoplus.adsl.tpnet.pl 1260902923 Q * blues Ping timeout: 480 seconds 1260903008 J * nenolod ~nenolod@67.202.104.35 1260903022 Q * gnuk Quit: NoFeature 1260903223 Q * cuba33ci Remote host closed the connection 1260903242 J * cuba33ci ~cuba33ci@118.160.168.140 1260904812 Q * cuba33ci Read error: Connection reset by peer 1260904830 J * cuba33ci ~cuba33ci@118-160-168-140.dynamic.hinet.net 1260906141 Q * cuba33ci Remote host closed the connection 1260906146 M * kezar any idea on how to use several postfix (one in each vserver) on the same machine? 1260906155 J * cuba33ci ~cuba33ci@118.160.168.140 1260906177 M * arekm kezar: exactly the same way as when on separate machines 1260906314 M * kezar I think I'm doing something wrong then, I set smtp_bind_address in my config file but it can't bind to the public address 1260906593 M * kezar hum there is an error even when the other postfix is stopped 1260906849 M * arekm don't run postfix on host 1260906852 M * arekm only in guests 1260906881 M * kezar i stopped it on the host to test, but it does not work much more 1260906926 M * kezar I think there is an error somewhere 1260906954 M * arekm /sbin/ip a from guest. Is that public address there? and what's the error anyway? 1260906969 N * Bertl_oO Bertl 1260906982 M * Bertl back now ... 1260906991 M * kezar ip addr does not show the public address 1260906999 M * Bertl kezar: kernel/patch/util-vserver version? 1260907009 M * kezar (the error from postfix is Cannot assign requested address) 1260907066 M * kezar 2.6.31.7/grsec/0.30.216-pre2855 1260907118 M * Bertl okay, what is the guest config regarding interfaces (i.e. could you upload the contents of your interfaces dir for both guests, feel free to anonymize the IPs) 1260907128 M * Bertl (please use paste.linux-vserver.org for everything longer than 3 lines) 1260907243 M * kezar only one guest for now, lo 127.0.0.1 and dummy0 192.168.0.2 1260907298 M * Bertl why do you assign lo to the guest? 1260907328 M * kezar I read on a wiki it could help for some apps, don't know if it's still useful 1260907347 M * Bertl on the contrary it hurts applications as you see 1260907359 M * Bertl if you remember where you saw that, please let us know 1260907369 M * Bertl what you actually want to do is the following: 1260907388 M * Bertl make a single entry, e.g. '0', put the following files/content there 1260907429 M * Bertl dev/eth0 (if you really prefer, also dummy0), ip/192.168.0.2 and prefix/24 1260907436 Q * PowerKe Ping timeout: 480 seconds 1260907469 M * Bertl then, if your kernel has single IP special casing on (kernel config), also add (in the config root dir) nflags/~single_ip 1260907488 M * kezar http://linux-vserver.org/Problematic_Programs#127.0.0.1_issues 1260907498 M * Bertl stop the guest first, or remove the previous entries manually 1260907517 M * kezar it's what I already have in my interfaces directory 1260907535 M * kezar I'll remove the lo interface first and try again 1260908311 M * kezar still the same error 1260908611 M * Bertl did you set the nflag? 1260908618 M * kezar yes 1260908639 M * Bertl what does 'ip a ls' show inside the guest? 1260908680 M * kezar lo and dummy0, no public ip 1260908709 M * Bertl dummy0 has the specified ip, yes? 1260908713 M * kezar yes 1260908730 M * Bertl do you have postfix running on the host too? 1260908735 M * kezar I stopped it 1260908750 M * Bertl and no other guest is active, yes? 1260908765 Q * cuba33ci Remote host closed the connection 1260908767 M * kezar this one is the only one for the moment yes 1260908784 M * Bertl okay, and you restarted it after adding the ~single_ip to nflags 1260908791 J * cuba33ci ~cuba33ci@118.160.168.140 1260908801 M * kezar several times 1260908805 M * Bertl and your postfix gives address not available? 1260908829 M * kezar yep, I can ping it but postfix does not want to bind 1260908845 M * Bertl start it with 'strace -fF' and upload the output 1260908861 M * Bertl I'm pretty sure it is a configuration issue (postfix config) 1260908909 M * kezar certainly 1260908932 M * kezar damn I don't have strace :) brand new guest 1260909220 J * PowerKe ~tom@d5153A2D7.access.telenet.be 1260909421 M * kezar hum some errors in the stack trace 1260909520 M * kezar http://dl.free.fr/ppkn2e0nv (1.4MB) 1260909569 M * Bertl no idea where to click there :) 1260909584 M * kezar uh 1260909592 M * kezar it opens the file directly here 1260909606 M * Bertl it gives me a french page 1260909618 M * kezar I'm french :) 1260909630 M * Bertl good for you, I'm not :) 1260909655 M * kezar maybe they limit the access to french ips, I was not aware of that 1260909664 M * kezar I'll upload it somewhere else sorry 1260909669 M * Bertl np 1260909688 Q * weasel Ping timeout: 600 seconds 1260909796 M * kezar http://www.mediafire.com/?fzzmnedfemw 1260909848 M * Bertl works 1260909899 J * weasel ~weasel@weasel.noc.oftc.net 1260910066 M * Bertl I don't see any failing bind() in that strace 1260910182 M * kezar yeah in fact it writes an error in the log file only when it tries to send and email, I should have sent something :/ 1260910200 M * Bertl okay, then let's do that :) 1260910563 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1260910773 M * kezar http://www.mediafire.com/?d0ntemoymgm 1260910882 M * Bertl 11481 bind(12, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("xxx.xxx.xxx.xxx")}, 16) = -1 EADDRNOTAVAIL (Cannot assign requested address) 1260910890 M * Bertl did you anonymize that one? 1260910929 M * kezar yup 1260910955 M * Bertl okay, you have just 192.168.0.2 assigned to the guest, but it tries to bind to a different ip? 1260910987 M * kezar I set it to the public ip, I should set it to the guest private ip ? 1260911003 M * Bertl if you want to use the public IP, you also have to give it to the guest 1260911016 M * Bertl otherwise apps inside the guest will not be able to bind to 1260911031 M * Bertl if you have only a single public IP and want to use it for several guests 1260911043 M * kezar it's what I try to do 1260911045 M * Bertl then bind to the private IP and use S/DNAT to map the public one 1260911065 M * kezar ok, the doc I read was not very clear on that point 1260911106 M * Bertl well, Linux-VServer networking is rather simple and straight forward, just forget what you learned about virtual machines and such 1260911125 M * Bertl Linux-VServer networking happens on the host, the guest(s) use IP isolation 1260911147 M * Bertl i.e. you assign a subset of host IPs to each guest, and that guest is then limited to those addresses 1260911156 M * kezar I didn't learned many things, in fact it's the first I use (on a server) 1260911174 M * Bertl (i.e. 0.0.0.0 is mapped to the set of IPs, and binding to IPs outside that set is not permitted) 1260911256 M * _Shiva__ Bertl: speaking of binding to IPs - just to clarify: bind 0.0.0.0 w/i a guest binds to public IPs only but binding explicitly to 127.0.0.1 w/i the guest bind to the guest's lback? (<- CONFIG_VSERVER_AUTO_LBACK=y) 1260911308 M * Bertl lback is part of the set 1260911359 M * Bertl i.e. binding to 0.0.0.0 and 127.0.0.1 should not be possible 1260911397 M * _Shiva__ hmm .. then strange things(tm) ar [still] happening with bind9/named w/i a guest.. ;-) 1260911426 M * Bertl what's your setup? 1260911498 M * _Shiva__ "rndc" wants to connect to 127.0.0.1:953 per default - but it's not bound by named, which only has bound to the public ip 1260911535 M * _Shiva__ the nameserver process binds to all available IPs though.. 1260911536 M * Bertl kezar: kernel/patch/util-vserver version? and your interfaces dir? 1260911549 M * Bertl *_Shiva__ 1260911589 M * _Shiva__ but not on 0.0.0.0:53 but all available guest IPs ..:53 each 1260911636 M * _Shiva__ Bertl: 2.6.29.2-vs2.3.0.36.11 / 0.30.216-pre2855 1260911723 M * Bertl that's quite an old version 1260911738 M * _Shiva__ . o 0 ( I know .. quite old ;-) ) 1260911837 M * _Shiva__ Bertl: and openssh is binding only the public ip - not 127.0.0.1 .. and it's not restricted in sshd_config 1260911845 M * _Shiva__ i see that now.. 1260911871 M * _Shiva__ alas all processes bind to their v6-IP ;-) 1260911885 M * _Shiva__ that is ::: 1260911927 M * Bertl we had quite some ipv6 fixes since then, and ipv6/ipv4 binding is still not fixed 1260911994 M * _Shiva__ actually - I can live with that behaviour ;-) tuning rndc.conf to address the public IP helps.. and there's no other issue with the services either on the host nor the guest(s) 1260912098 M * _Shiva__ Bertl: and 2.6.32.1-vs2.3.0.36.27 is compiled and scheduled for the next (un)scheduled) reboot ;-) 1260912101 M * kezar http://paste.linux-vserver.org/14089 something wrong here ? I have a timeout in the guest 1260912187 M * Bertl not a good idea to mix MASQUERADE with S/DNAT 1260912335 M * kezar I'm testing different things, but nothing seems to work 1260912352 M * Bertl use SNAT for outgoing, and DNAT for incoming 1260912353 M * kezar ok I'm an idiot 1260912358 M * kezar net.ipv4.ip_forward=0 1260912364 M * Bertl ah :) 1260912365 M * _Shiva__ . o 0 ( lol ) ;-) 1260912398 M * kezar changed by my kernel update today :( 1260912445 Q * BenG Quit: I Leave 1260912556 M * kezar ok I'm an idiot² 1260912559 M * kezar I was in the guest 1260912563 M * kezar it's enabled 1260912636 J * yarihm ~yarihm@80-219-169-125.dclient.hispeed.ch 1260913083 Q * ghislain1 Quit: Leaving. 1260913305 M * Bertl kezar: problem resolved? 1260913328 M * Bertl if not, check with tcpdump -vvnei on the host 1260913342 M * Bertl timeouts usually relate to nameservice lookups 1260913380 M * kezar it seems it's good concerning ns, the guest finds the mx entry 1260913670 M * kezar but it still does not work 1260913680 M * Bertl what does not work? :) 1260913706 M * kezar nat, the guest can't send emails 1260913719 M * Bertl what did you configure? 1260913866 M * kezar I just try a sendmail to test 1260913876 M * kezar and it timeouts 1260913880 M * Bertl what's your S/DNAT rules? 1260914036 M * kezar I'm trying to serve http to test DNAT, it worked yesterday but it does not work anymore 1260914052 M * kezar -A PREROUTING ! -s 192.168.0.0/24 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.2:80 1260914115 M * Bertl looks good, make sure that no other rule interferes 1260914123 M * kezar I see my request in the iptables prerouting log, but then nothing 1260914666 M * kezar got something :) 1260914909 M * kezar it goes in but never goes out 1260914990 M * Bertl which means? 1260915047 M * kezar I see the request, it seems to go to the guest, but the guest does not answer and there is no trace of a response in the netfilter logs 1260915083 M * Bertl so, is something bound to the port inside the guest? 1260915099 M * Bertl maybe a firewall rule blocking the packet? 1260915197 M * kezar the host does not block the incoming request, and the guest does not answer 1260915227 M * kezar I'm cursed :) 1260915247 M * Bertl stop the service inside the guest, use netcat (nc) on the host to test your setup 1260915339 M * kezar it works from the host to the guest 1260915888 M * Bertl so what about the netcat? :) 1260915914 M * kezar the guest only gets local connections, there must be a routing problem 1260915931 M * Bertl there is no routing between guest and host 1260915945 M * kezar yep 1260915948 M * Bertl i.e. they are the same, network wise 1260916004 M * kezar that's why I say this, it works locally but not remotely, so there is something in my rules that prevent me from reaching the guest 1260916054 M * Bertl that's what I suspected in the first place, maybe turn off your firewalling/etc for a test and use just the S/DNAT? 1260916416 M * kezar I don't drop anything special, I log everything, I see incoming requests to the guest but no outgoing response 1260916432 M * Bertl did you run the netcat as advised? 1260916487 M * kezar from the host to the guest ? 1260916501 M * Bertl on the host, listening mode, guest IP 1260916670 M * kezar nothing :/ 1260916694 M * Bertl so, it's just your config then (networking, host side) 1260916713 M * Bertl i.e. no Linux-VServer involvement 1260916770 M * Bertl fix that, and the guest will work fine too 1260916796 M * kezar that's not what I meant ;) I know it's a network problem 1260916826 M * Bertl well, there are not so many network problems with 2 simple S/DNAT rules 1260916859 M * kezar but there is one at least :) 1260916893 M * Bertl can't help without more information :/ 1260916953 M * Bertl for example, output of 'iptables -vnL', 'iptables -t nat -vnL' and ''iptables -t mangle -vnL' 1260917080 M * kezar http://paste.linux-vserver.org/14090 here it is 1260917192 M * Bertl what's the second SNAT for? 1260917226 M * Bertl I'd also suggest to limit them to eth0 1260917242 M * Bertl (otherwise you will S/DNAT local traffic too) 1260917289 M * Bertl further, for the DNAT, it might make sense to specify -d xxx.xxx.xxx.xxx 1260917335 M * kezar I dropped the second SNAT, for the first one isn't it already limited since there is the ! -d ? 1260917407 M * Bertl yeah, the SNAT is fine, although I'd specify the interface, the DNAT is not restircted 1260917616 M * kezar http://paste.linux-vserver.org/14091 still does not work like this :/ 1260917999 M * Bertl how do you test? 1260918077 M * Bertl obviously the DNAT rule matches something (3 packets) 1260918082 M * kezar yep 1260918085 M * kezar I try to connect to port 80 for the moment, with a simplehttpserver on the guest 1260918089 M * kezar but no response 1260918132 M * Bertl forget the guest for now, keep testing on the host 1260918145 M * Bertl you should have netcat and telnet 1260918219 M * kezar I have them, but no response 1260918295 M * Bertl anything in dmesg or /var/log/messages? 1260918371 M * kezar excepted IPv6 addrconf: prefix with wrong length 56 (dunno the origin of this line, I disabled the ipv6 module) 1260918523 M * Bertl what does lsof -ni :80 show (on the host) 1260918553 M * Bertl hmm, you disabled the ipv6 module? 1260918691 M * kezar netcat 31600 root 3u IPv4 124958 0t0 TCP *:www (LISTEN) 1260918897 M * Bertl did you try disabling grsec? 1260918947 M * kezar not for the moment 1260918952 M * kezar i'll try 1260920169 M * Bertl off to bed now ... have a good one everyone! 1260920181 N * Bertl Bertl_zZ 1260921240 M * kezar good night 1260921247 M * kezar thanks for your help :)