1279765496 Q * MeCooL Ping timeout: 480 seconds
1279767319 J * balbir_ ~balbir@122.172.14.61
1279767667 J * SauLus_ ~SauLus@d074010.adsl.hansenet.de
1279767704 M * Bertl_oO off to bed now ... have a good one everyone!
1279767709 N * Bertl_oO Bertl_zZ
1279768077 Q * SauLus Ping timeout: 480 seconds
1279768077 N * SauLus_ SauLus
1279768491 Q * derjohn_mob Ping timeout: 480 seconds
1279778283 J * ncopa ~ncopa@180.40.189.109.customer.cdi.no
1279779229 J * ntrs ~ntrs@77.29.112.133
1279780285 J * mtg ~mtg@vollkornmail.dbk-nb.de
1279780402 Q * Mr_Smoke Read error: No route to host
1279780405 J * Mr_Smoke ~smokey@layla.lecoyote.org
1279780412 J * ntrs_ ~ntrs@77.29.113.178
1279780639 J * ghislain ~AQUEOS@adsl2.aqueos.com
1279780842 Q * ntrs Ping timeout: 480 seconds
1279780922 J * ghislain1 ~AQUEOS@adsl2.aqueos.com
1279781122 Q * ghislain Ping timeout: 480 seconds
1279782053 N * yang_ yang
1279782612 J * BenG ~bengreen@cpc6-aztw22-2-0-cust100.aztw.cable.virginmedia.com
1279785784 J * petzsch ~markus@dslb-094-222-074-149.pools.arcor-ip.net
1279785883 Q * ntrs_ Ping timeout: 480 seconds
1279787107 Q * petzsch Quit: Leaving.
1279788639 J * petzsch ~markus@dslb-094-222-074-149.pools.arcor-ip.net
1279789322 J * kir ~kir@swsoft-msk-nat.sw.ru
1279789359 J * kir1 ~kir@swsoft-msk-nat.sw.ru
1279789379 Q * BenG Remote host closed the connection
1279789637 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net
1279789650 J * thierryp ~thierry@zankai.inria.fr
1279789927 J * BenG ~bengreen@cpc6-aztw22-2-0-cust100.aztw.cable.virginmedia.com
1279790693 J * derjohn_mob ~aj@213.238.45.2
1279791514 Q * BenG Quit: I Leave
1279791713 J * VirMan 5bda4f82@ircip1.mibbit.com
1279791774 M * VirMan hi. does anybody know if some more organized stable release of vserver would come? - old stable is not supported by current udev anymore..
1279792561 M * fLoo it is stable
1279792567 M * fLoo what system are u looking for ?
1279792660 M * fLoo and please provide vserver-info output
1279793074 M * fLoo .. ?
1279793563 P * kir1 Leaving.
1279793575 Q * kir Quit: Leaving.
1279796083 Q * VirMan Quit: http://www.mibbit.com ajax IRC Client
1279798395 J * barismetin ~barismeti@zanzibar.inria.fr
1279800416 J * Pazzo ~ugelt@reserved-225136.rol.raiffeisen.net
1279803383 J * ntrs ~ntrs@77.29.115.116
1279805087 J * drkvg ~abc@silentio.us
1279806149 J * virman 5055ea65@ircip1.mibbit.com
1279806160 M * virman was dropped :)
1279806233 M * virman i asked because  i'm using kernel 2.6.33-vs2.3.0.36.30.4-gentoo #4 SMP Mon Ju
1279806246 M * virman and so far , it's not marked as stable
1279806316 M * ard marked for stable usually means that somebody says: "Works for me!" :-)
1279806346 M * virman and for stability : if i enable ip special casing , everything that uses localhost sockets is dead.
1279806353 M * virman well it works generally
1279806361 M * ard never use that
1279806373 M * virman but sometimes i got werid thread races
1279806386 M * virman server with little software load gets 14 busy..
1279806408 M * virman well - it happened while using ip casing
1279806412 M * ard single ip casing just does not work together with auto loopback and other stuff
1279806420 M * virman hm.
1279806454 N * Bertl_zZ Bertl
1279806457 M * ard you can better have auto loopback stuff and be able to have multiple ip's. Most software works nicer that way :-)
1279806466 M * Bertl morning folks!
1279806470 M * ard Hi
1279806475 M * virman  so if i write module for virtual devices ,some of developers may put it into kernel.. :)
1279806481 M * virman hi :)
1279806511 M * virman but  some users like to mess with config, if some vserver will bind 0.0.0.0 then all would have blocked port
1279806519 M * virman apache for ex
1279806578 M * virman well generally is any roadmap ? :)
1279806584 M * virman what to do next
1279806587 M * virman when and etc :)
1279806619 M * ard no...
1279806640 M * ard if you have multiple ip, auto loopback, binding to 0.0.0.0 will work
1279806660 M * Bertl virman: next we port to the upcoming kernel(s), then we try to get it out of experimental, lateron maybe into stable :)
1279806700 M * virman well - we (me and my brother) were trying to write something to support virtual device
1279806713 A * ard declares his vserver setup stable
1279806714 M * virman to have access to iptables and etc on vhost
1279806718 M * ard and therefore it is :-)
1279806741 M * Bertl virman: well, that is already in mainline and usable for Linux-VServer 
1279806780 M * Bertl (it is called network namespaces)
1279806787 M * virman hm
1279806788 M * ard if you want iptables to only be able to change networking for a vserver, you should consider giving it a network namespace
1279806839 M * ard a network namespace is a complete isolated ipstack with iptables and other stuff
1279806844 M * virman so i'll search info on that.
1279806866 M * ard I was busy describing that, and then I got tired :-)
1279806982 M * ard I use this to create a seperate network namespace per vlan, in which multiple vservers can reside...
1279806984 M * ard http://paste.linux-vserver.org/16172
1279806985 M * virman so there is no doc's at all or little ? :)
1279807007 M * ard the biggest doc is #vserver, Bertl and daniel_hozac are walking manpages
1279807030 M * ard the second doc is the files in /usr/lib/util-vserver/ :-)
1279807052 M * ard and for starters: http://www.nongnu.org/util-vserver/doc/conf/configuration.html
1279807070 M * ard that one is the reference
1279807107 M * Bertl don't forget the source ....
1279807114 M * ard :-)
1279807192 M * virman :)
1279807239 M * virman well i used to host jvm's with tomcat and else
1279807300 M * virman so i wrote several scripts and made panel for managing and statistics and etc
1279807321 M * virman one thing i couldn't do was iptables and complete sealing network for vserver :)
1279807397 M * virman one bad thing is that emerge -uDav world downgrades util-vserver and makes some problems - that's why i asked about stable :)
1279807424 M * virman but it generally works fine for me :)
1279807533 M * ard for vserver only server I use iptables on the host to filter traffic
1279807560 M * ard if you have a big server, you might want to try to seperate the vservers into vlans, and let a firewall do the work
1279807601 M * virman well - i left users with freedom to use it to whatever they want to :) and some of them want iptables :)
1279807639 M * virman for ex. if host with 8 gb ram hosts about 25 vserver guests , then it maybe annoying to wach it more closely
1279807643 M * ard In any case I would seperate clients always in seperate DMZ's :-)
1279807656 M * virman well they all get one public ip
1279807700 M * ard Ah, heh, we have a /20 so that's not a problem, and we have a very good content serving infra structure
1279807731 M * virman hm
1279807741 M * virman so you doing it with separate routers?
1279807745 M * ard It's always nice to work at an ISP :-)
1279807754 M * ard no, with linux based firewalls
1279807770 M * virman well - aother machines (whatever they're carrying )
1279807792 M * ard correct
1279807818 M * virman so best solution is to write scripts and panel for users to manage those firewalls and that would be it.. ?
1279807822 M * ard but the hardware is the same kind of server
1279807854 M * ard well, you could put the firewall on the same hardware with a second ethernet, and let it firewall that traffic :-)
1279807890 M * virman best solution for me is to give users iptables and let them play :P
1279807891 M * ard In my case users are too dumb to manage firewalls, so they have to request and explain. Usually we come up with a better solution ;-).
1279807922 M * Bertl virman: it's the easiest, not the most secure one
1279807922 M * virman that's true for most cases , and thy simply don't care about it.
1279807942 M * ard If you don't care about network performance you can make virtual bridges on the host, and have each vserver configure it's own iptables
1279807985 M * ard I would recommend against it, but having multiple machines means $$
1279808002 M * virman unfortunatelly i care :/ - but as you said there are some namespaces i can use and learn to implement - my idea was to make vserver as close to dedicated machine as possible
1279808029 M * ard we dedicate servers for firewalling. In case of emergency they can drop 600ksyn/s and still have spare time to do real work
1279808100 M * virman i ned to buy some bigger fridge for server room , so if i put three more boxes for firewall users it would force me to buy it even faster :P
1279808126 M * virman ok - thanks for advice :)
1279808129 M * ard 600ksyn/s means you have at least a 1Gig uplink
1279808149 M * virman i have 2 1gb fibres , but not that much traffic
1279808157 M * virman 2x1 gb
1279808175 M * ard in your case you must ask your provider to shut your ports in case you ever get DDOSsed :-)
1279808192 M * virman well
1279808202 M * virman they don't do that
1279808202 M * ard depends on duration and your traffic fees
1279808234 M * virman well i have BGP router , so they are not able to filter my traffic
1279808236 M * ard If my personal colospace ever get DDOS'ed I will just turn off the switch from remote.
1279808263 M * virman i never get dossed ever :)
1279808269 M * ard Ah, if you have BGP you can fix stuff the better way
1279808289 M * Chlorek daniel_hozac: do you still have patches to vs2.2?
1279808293 M * ard don't say that, even saying that is an invitation to... :-)
1279808293 M * Chlorek somewhere?
1279808298 M * daniel_hozac Chlorek: what?
1279808302 M * virman hehehe
1279808319 M * virman i assume here are no dos drivers:P
1279808358 M * Chlorek Patch11: linux-2.6-vserver-loginuid.patch
1279808358 M * Chlorek Patch12: patch-%{version}-vs%{vsversion}-ipv6.diff
1279808358 M * Chlorek Patch13: linux-2.6-vserver-devmap.patch
1279808426 A * ard is going to configure some more firewalls to do loadbalancing for outbound proxies... (because websites will be hacked, that's a fact of live. But they won't be able to fetch the remainder of the worms through the proxy)
1279808523 M * daniel_hozac Chlorek: no, i don't build 2.2.
1279808782 Q * virman Quit: http://www.mibbit.com ajax IRC Client
1279808802 Q * mtg Quit: Verlassend
1279809547 J * dowdle ~dowdle@scott.coe.montana.edu
1279810652 J * MeCooL mecool@94.129.137.56
1279812753 Q * ncopa Quit: Ex-Chat
1279814531 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1279814921 Q * barismetin Remote host closed the connection
1279815308 J * barismetin ~barismeti@zanzibar.inria.fr
1279816103 Q * barismetin Remote host closed the connection
1279816171 J * barismetin ~barismeti@zanzibar.inria.fr
1279818780 Q * thierryp Remote host closed the connection
1279819782 Q * barismetin Remote host closed the connection
1279820164 Q * MeCooL 
1279821815 Q * jrdnyquist Quit: Leaving
1279822055 Q * Pazzo Quit: Bye!
1279822726 J * jrdnyquist ~jrdnyquis@slayer.caro.net
1279822851 Q * gnuk Ping timeout: 480 seconds
1279822984 Q * MooingLemur Remote host closed the connection
1279823492 Q * ghislain1 Quit: Leaving.
1279823632 J * ntrs_ ~ntrs@77.28.169.210
1279823639 N * Bertl Bertl_oO
1279824057 Q * ntrs Ping timeout: 480 seconds
1279824350 J * MooingLemur ~troy@shells195.pinchaser.com
1279824488 Q * cuba33ci Remote host closed the connection
1279824562 J * cuba33ci ~cuba33ci@111-240-205-153.dynamic.hinet.net
1279825850 J * Rip ~wicer@116.205.121.186
1279825862 M * Rip halo~
1279825897 P * Rip 
1279831573 J * BenG ~bengreen@cpc6-aztw22-2-0-cust100.aztw.cable.virginmedia.com
1279831586 Q * BenG 
1279831698 J * dna ~dna@p54BCA2E4.dip0.t-ipconnect.de
1279832252 Q * jrklein Quit: jrklein
1279832467 Q * bonbons Quit: Leaving
1279833066 Q * dna Read error: Connection reset by peer
1279833127 J * dna ~dna@p54BCA2E4.dip0.t-ipconnect.de
1279834408 Q * petzsch Quit: Leaving.
1279837423 N * Bertl_oO Bertl
1279837918 Q * ntrs_ Ping timeout: 480 seconds
1279840675 Q * dna Quit: Verlassend
1279841058 Q * Snow-Man Ping timeout: 480 seconds
1279841260 J * Snow-Man ~sfrost@tamriel.snowman.net