1293494579 Q * dowdle Remote host closed the connection
1293496026 J * Romster ~romster@202.168.100.149.dynamic.rev.eftel.com
1293496614 Q * hparker Remote host closed the connection
1293496617 J * hparker ~hparker@2001:470:1f0f:32c:6025:d7ff:fee8:da40
1293497988 Q * manana Remote host closed the connection
1293498051 Q * hparker Quit: Quit
1293499738 J * hparker ~hparker@2001:470:1f0f:32c:a4bf:c4ff:fe7f:d7f
1293501253 Q * Piet Ping timeout: 480 seconds
1293501979 J * Piet ~Piet__@04ZAABRE2.tor-irc.dnsbl.oftc.net
1293503579 Q * hparker Quit: Quit
1293505306 Q * Piet Quit: Piet
1293506762 J * MeCooL mecool@94.129.148.162
1293511359 Q * MeCooL Quit: mIRC mecool Full Protection
1293512747 J * hparker ~hparker@2001:470:1f0f:32c:beae:c5ff:fe01:b610
1293515364 M * Bertl off to bed now ... have a good one everyone!
1293515369 N * Bertl Bertl_zZ
1293515406 J * MeCooL mecool@94.128.16.76
1293516851 Q * hparker Quit: Quit
1293517646 J * hparker ~hparker@2001:470:1f0f:32c:beae:c5ff:fe01:b610
1293517849 Q * hparker 
1293518241 J * manana ~mayday090@84.17.25.149
1293518309 J * hparker ~hparker@2001:470:1f0f:32c:a0f3:59ff:fe14:540f
1293525098 Q * mikezzz Quit: leaving
1293526365 J * mikez mike@no.phear.eu
1293527140 J * BenG ~bengreen@cpc2-aztw22-2-0-cust83.aztw.cable.virginmedia.com
1293527398 Q * ncopa Quit: Leaving
1293527514 Q * BenG Quit: I Leave
1293528130 J * ncopa ~ncopa@3.203.202.84.customer.cdi.no
1293529083 J * derjohn_mob ~aj@196-68-72-193.adsl.switzerland.net
1293529674 Q * MeCooL Ping timeout: 480 seconds
1293530283 J * lamvak ~lamvak@ip189-104.ghnet.pl
1293530293 M * lamvak hi
1293530423 M * _are__ Hi lamvak
1293530436 M * lamvak i'm no networking guru, and i'm certainly new to vserver; there's something i don't understand from the files on the net ( http://linux-vserver.org/RestrictingVserverNetworkingTips#Tips_on_Restricting_Vserver_Guest_Network_Access , but also other places)
1293530457 M * lamvak if i need a system with a vserver guest
1293530529 M * lamvak that the guest can reach out to the internet - e.g. not only listen on dummy0, so that i can nat fwd connections from the outside to the server, but also say ping outside address from the guest
1293530560 M * lamvak do i really need to assign the interface and ip which is "the real" interface and the external ip?
1293530608 M * Mr_Smoke You want NAT ?
1293530620 M * lamvak yes
1293530626 M * _are__ I personally never used 'dummy' interfaces, I use ethX, brX or lo and use iptables/nat to get the packets the right way
1293530654 N * _are__ _are_
1293530673 M * Mr_Smoke You don't need dummy0 for that
1293530690 M * lamvak let's say i would like the guest *not* to be able to see packets that are not meant for it
1293530691 M * Mr_Smoke Just assign whatever RFC 1918 address to the guest interface
1293530701 M * Mr_Smoke Add a matching address (same subnet) to the host,
1293530701 J * petzsch ~markus@ip-80-226-15-173.vodafone-net.de
1293530708 M * Mr_Smoke set up your NAT, and voila
1293530724 M * Mr_Smoke lamvak: unless you give the guest NET RAW capability, it won't anyway
1293530729 M * Mr_Smoke AFAICR
1293530747 M * lamvak aha! thanks for the hint, Mr_Smoke
1293530781 M * Mr_Smoke lamvak: when you says "not to be able to see packets"
1293530785 M * Mr_Smoke You mean sniffing, right ?
1293530791 M * lamvak so what i should do is add two addresses to my eth0 (external link)
1293530806 M * lamvak yes, that's what i had in mind anyways
1293530835 M * Mr_Smoke ok
1293530932 M * Mr_Smoke lamvak: tcpdump: eth0: You don't have permission to capture on that device (socket: Operation not permitted)
1293530942 M * Mr_Smoke That's from a guest, typical config, without capabilities
1293530948 M * Mr_Smoke as root, of course
1293530960 M * lamvak great!
1293530963 M * Chlorek not good?
1293531044 M * Chlorek it's ~NET_RAW bcap
1293531052 M * Mr_Smoke So even if you give root to a malicious user, you're safe enough
1293531058 M * Mr_Smoke Yeah, NET_RAW
1293531064 M * lamvak Mr_Smoke, but just to make sure i got it correctly - i have an outgoing link on eth0 at a.b.c.d, then i have to make some other subnet for eth0 and assign one addres for host and one for guest, right? or do i have to assign an a.b.c.e (assuming left 24bit mask)
1293531093 M * Chlorek ~NET_RAW
1293531096 M * Mr_Smoke lamvak: depends what you want to do
1293531109 M * Chlorek set it without ~ allows to capture net devices
1293531117 M * Mr_Smoke Oh really
1293531121 M * Mr_Smoke :)
1293531135 M * lamvak so both ways can work? what's the difference then?
1293531137 M * Mr_Smoke It's not set as a default 
1293531150 M * Mr_Smoke lamvak: depends what you have available
1293531166 M * Mr_Smoke eg I have a /28, so I can hand out a public IP adress to about 14 guests
1293531181 M * Mr_Smoke On another machine, I had much fewer, so I NAT'ed
1293531257 M * Chlorek lamvak: it's not solution
1293531273 M * Chlorek tcpdump -i any will show you host's traffic
1293531273 M * lamvak so i can either grow up the network, adding addresses in the original network, or NAT with a subnet just on the same outgoing interface, right?
1293531279 M * lamvak Chlorek, why's that?
1293531327 M * Mr_Smoke Chlorek: it will only do that IF the guest has NET_RAW, right ?
1293531329 M * lamvak Chlorek you mean that a root inside a guest will have a way around to sniff?
1293531339 M * Chlorek Mr_Smoke: yep
1293531343 M * Mr_Smoke Ok.
1293531351 M * Mr_Smoke lamvak: it has, if you allow it to do so
1293531354 M * lamvak well, then i think it's sufficient for me
1293531356 M * Chlorek lamvak: ofc.
1293531374 M * Mr_Smoke But NET_RAW is not granted as a default
1293531378 M * lamvak if i can block it setting this cap. off then it's ok for me
1293531454 M * Mr_Smoke lamvak: just to make things clear : NET_RAW *allows* sniffing. Do *dont* set it or explicitly set its contrary, ie ~NET_RAW
1293531555 M * lamvak Mr_Smoke, right! ~NET_RAW; i think i need to consider first a solution with NAT; this *should* work almost anywhere, right? and i'm doing this on my laptop which changes network time to time as i walk it
1293531630 M * Mr_Smoke Hm yeah in that case NAT might be better indeed
1293531640 M * lamvak but then, i assign to the interface (in other words "network card") being used, but add two addresses with a "fresh" subnet (e.g. not adjecent atm) and assign one of them to the guest and leave one to the host, right?
1293531672 J * petzsch1 ~markus@ip-80-226-234-106.vodafone-net.de
1293531712 M * lamvak but if i do this on the same interface that is used, then i don't need any fancy wireless bridging?
1293531715 M * Mr_Smoke lamvak: just use any RFC1918 address that suits you and leave it like that permantently
1293531784 M * lamvak Mr_Smoke: ok; but it's the way: two addresses on the outgoing interface, one given to the guest?
1293531838 M * Mr_Smoke the interface doesn't matter, if you're doing NAT
1293531867 M * Mr_Smoke it remains local
1293531868 M * Chlorek what kind of nat?
1293531874 M * Chlorek masq or snat?
1293531955 M * lamvak i pref. dnat when i open my http server to the outside
1293531982 M * Chlorek ech
1293531983 M * Chlorek ok, nvm
1293532026 Q * petzsch Ping timeout: 480 seconds
1293532402 Q * petzsch1 Ping timeout: 480 seconds
1293532527 J * petzsch ~markus@ip-80-226-200-130.vodafone-net.de
1293533179 Q * petzsch Quit: Leaving.
1293533566 M * lamvak Mr_Smoke: thanks! seems to be working finally; i can use the outside world from the guest
1293533707 M * Mr_Smoke :)
1293536752 J * UFOczek ~xyc@CMPC-089-239-104-198.CNet.Gawex.PL
1293536798 M * UFOczek # vserver Lenny start
1293536822 M * UFOczek  /usr/local/lib/util-vserver/vserver.functions: line 1521: /dev/cgroup/Lenny/cpuset.shares: Permission denied
1293536879 M * UFOczek (chmod is fine ;))
1293537324 M * UFOczek oops.. should be cpu.shares...
1293537620 P * click [IRSSI]
1293538672 J * petzsch ~markus@ip-80-226-202-201.vodafone-net.de
1293538800 Q * ensc|w Remote host closed the connection
1293538881 Q * petzsch Read error: Connection reset by peer
1293539192 J * click click@ti0127a340-0656.bb.online.no
1293539960 J * Piet ~Piet__@04ZAABRND.tor-irc.dnsbl.oftc.net
1293540200 Q * hparker Quit: Quit
1293540529 Q * lamvak Ping timeout: 480 seconds
1293540654 J * lamvak ~lamvak@ip189-104.ghnet.pl
1293541879 J * petzsch ~markus@ip-80-226-192-167.vodafone-net.de
1293542055 P * lamvak 
1293542860 J * petzsch1 ~markus@ip-80-226-236-69.vodafone-net.de
1293542954 J * petzsch2 ~markus@ip-80-226-202-190.vodafone-net.de
1293543047 Q * petzsch2 
1293543142 Q * petzsch Ping timeout: 480 seconds
1293543345 Q * petzsch1 Ping timeout: 480 seconds
1293544224 J * petzsch ~markus@ip-80-226-193-30.vodafone-net.de
1293544493 Q * petzsch 
1293544854 J * petzsch ~markus@ip-80-226-234-47.vodafone-net.de
1293544884 P * kir Leaving.
1293545667 J * itess ~kvirc@212.117.177.141
1293545701 Q * petzsch Quit: Leaving.
1293545741 M * itess hi. i have a question. how can i easy migrate one vserver from one host to another?
1293545819 M * itess i looked thru docs and faqs but didnt find an answer. 
1293545862 M * jeroen_ see http://linux-vserver.org/Building_Guest_Systems#Building_guests_using_the_rsync_build_method
1293546032 M * itess ok thanks i overlooked that. next question is about failover sync of two vservers on different hosts. is there some recomendation?
1293546172 M * itess does different vservers have to have different contexts?
1293546190 M * Chlorek it's annoying if you don't have rsyncd
1293546217 M * Chlorek just tar the /vservers/guest dir and /etc/vservers/guest
1293546229 M * Chlorek copy and extract on another host
1293546248 M * Chlorek you can change context by hand if you need it
1293546275 M * itess but do i need to change it?
1293546284 M * Chlorek I don't know
1293546318 M * itess how can i know that?
1293546362 M * Chlorek if you have there context with this number, yes
1293546376 M * Chlorek you must change 
1293546489 M * itess thanks
1293546536 M * itess can i use rsync on host systems to sync guests?
1293546554 M * Chlorek ofc.
1293546556 M * PowerKe Chlorek: you don't need rsyncd to sync between to hosts, you can use rsync over ssh as well
1293546565 M * PowerKe *two
1293546568 M * Chlorek i mean i think so... ;)
1293546608 M * itess but rsync knows nothing about context?
1293546662 M * Chlorek PowerKe: right, I had not thought about it
1293546816 M * Chlorek itess: you can go into the /vservers/guest dir, tar like tar cfv guest.tar `echo *` and build the same system on new host using this template
1293546870 M * UFOczek im having trouble with cgroups, i can't limit cpu resource... both of them eats my cpu at all
1293546876 M * Chlorek many ways
1293546905 M * itess yes, i understand this. thanks. but i need not only to copy but also to sync guests
1293547522 M * Chlorek UFOczek: by number of cores?
1293547704 M * UFOczek Chlorek: two virtual systems, i wanted to give them just one core of host machine, 20% and 80% (just for test)
1293547710 M * UFOczek http://linux-vserver.org/util-vserver:Cgroups
1293547934 M * Chlorek uhm
1293547947 M * Chlorek I can't help you in this case, I have never do that
1293547954 M * Chlorek only by number of cores
1293547956 M * UFOczek 1) cpu.shares: 512 2) cpu.shares: 2560
1293547978 M * UFOczek memory limit works fine, but not cpu 
1293547998 J * g_en___ ~glen@scratchy.delfi.ee
1293548001 N * g_en___ glen
1293548026 M * glen hi. i relocated /var where vservers were running, now i longer can enter them
1293548046 M * glen i mean i made new /var copied everything there cp cp -a, umounted old var and mounted new /var
1293548079 M * glen vserver-stat shows them running ok, but vserver enter fails
1293548189 M * glen 'vserver ... suexec' is supported for running vservers only; aborting...
1293548229 M * Chlorek try using exec su -
1293548269 M * glen that worked
1293548390 M * Chlorek right
1293548434 M * Chlorek once I had the same problem but I don't remember solution
1293548446 M * Chlorek but it was trivial
1293548515 M * glen but why the desync state? i.e what file i lost that nothing present?
1293548604 M * Chlorek something with shell
1293548620 M * glen the other vserver i have there is broken too
1293548725 M * Chlorek maybe check /etc/vservers/gest/shell
1293548879 M * glen but if i started vserver again after it being killed, i can enter via normal means
1293548913 M * glen so i have right now one vserver recovered, and the other still in old state, both lack /etc/vservers/<guest>/shell
1293549021 N * Bertl_zZ Bertl
1293549044 M * Bertl morning folks!
1293549171 M * Chlorek glen: Bertl will help you - he is cappo di tutti capi ;)
1293549216 M * glen Bertl: do you need some extra info?
1293549244 M * Bertl reading up now ...
1293549532 M * UFOczek hello Bertl
1293549554 M * UFOczek can't figure out why cpu limiting doesnt work :(
1293549582 N * UFOczek ufoczek_aw
1293549760 M * Bertl itess: if you assign the same context id (number) to two guests, they will share the same guests, they will practically become one (i.e. processes and spaces will be the same), that's basically how you enter a guest
1293549778 M * Bertl glen: you probably accidentially removed the /var/run/vservers stuff
1293549814 M * Bertl ufoczek_aw: what kind of cpu limits do you expect? I hope you're aware that the mainline limits currently available are no hard limits?
1293549916 M * glen Bertl: stuff? there's just 1 file per vserver, and those files were copied back
1293549949 M * glen Bertl: and that file seems to be still ok, (ctx_id inside file)
1293549961 M * glen but can't enter vserver
1293549987 M * glen the files are not regular? something vserver specific with the files? some xattr? or sth?
1293550016 M * Bertl nope, nothing special there, try to run the enter with --debug and upload the output
1293550030 M * Bertl i.e. vserver --debug <guest> enter
1293550047 Q * derjohn_mob Ping timeout: 480 seconds
1293550058 M * glen http://pastebin.com/A6f5MK0K
1293550136 M * Chlorek from 198
1293550141 M * Chlorek I told you...
1293550166 M * Bertl what does 'ls -la /etc/vservers/portal/run' give?
1293550173 M * glen 17:29:22 root[load: 0.40]@tilsit /var/log# ls -la /etc/vservers/portal/run
1293550174 M * glen lrwxrwxrwx 1 root root 24 2009-07-10 11:46 /etc/vservers/portal/run -> /var/run/vservers/portal
1293550193 M * glen and cat tells 1281
1293550257 M * glen Chlorek: ? line 198? /bin/bash is fine there too:
1293550258 M * glen 17:29:47 root[load: 0.56]@tilsit /var/log# l /etc/vservers/portal/vdir//bin/bash
1293550261 M * glen -rwxr-xr-x 1 root root 472K 2009-01-13 22:22 /etc/vservers/portal/vdir//bin/bash*
1293550320 M * Bertl you changed the disk layout while the guest were running and they were not restarted since, yes?
1293550336 M * glen yes
1293550348 M * glen but i changed /var on host
1293550351 M * Bertl and you also removed the files from the old place, yes?
1293550360 M * glen yes, i did
1293550394 M * Bertl well, I presume that is your problem, as the guest namespaces will still contain the old mounts (unless you did the change in each maintainance guest namespace as well)
1293550413 M * Bertl you can verify that with vnamespace
1293550434 M * glen okay. that explains why i can't do vserver enter, yet it remains uknown why today ip config was lost (the /var change was done last week)
1293550456 M * Bertl what kind of 'ip config'?
1293550471 M * glen "ip addr show" returned only localhost in guest
1293550521 M * Bertl 'ip a s' never returns 'localhost' for me :)
1293550536 M * Bertl you mean, all you saw was 'lo' yes?
1293550540 M * glen nah, that was symbolic sentence :)
1293550550 M * glen yes, i saw only interface lo with 127 ip
1293550572 M * Bertl that just means that the IP(s) assigned to the guest were removed from the host
1293550602 M * glen altho, pff, exec su.. does that make ip config visible?
1293550604 M * Bertl this in turn can easily happen if you do not have 'promote secondaries' enabled and remove a primary in the same network
1293550639 M * glen ah, no, i tested on the "fixed" vserver, vserver ldap exec su - ... i can see the actual ip config, not just lo
1293550671 M * Bertl and when do you see 'just lo'?
1293550705 M * glen that was before i stopped that broken vserver that got broken due /var relocate on host
1293550732 M * Bertl well, the restart most likely (unless configured with nodev) added back the IP address
1293550750 M * glen yep
1293550763 M * Bertl upload the output of 'ip a l' on the host (you can msg me in private) and I can most likely tell you which address was affected
1293550797 M * glen currently ip config is recovered, is it still worth to paste you?
1293550801 M * Chlorek hm, without loopback device?
1293550803 M * Chlorek great idea
1293550808 M * Chlorek how switch it off?
1293550836 M * Bertl glen: well, it will probably have the same problem as before the 'accident' :)
1293550860 M * Bertl Chlorek: well, that would disable your networking abilities completely :)
1293550881 M * Chlorek then it worst idea :/
1293550912 M * glen if nobody touches networking on host, then guest interfaces should not be affected
1293551036 M * Bertl http://linux-vserver.org/Frequently_Asked_Questions#If_I_shut_down_my_vserver_guest.2C_the_whole_Internet_interface_ethX_on_the_host_is_shut_down.__What_happened.3F
1293551050 M * Bertl (that's a mainline 'feature' btw :)
1293551343 M * glen Bertl: i think my cause of ldap vserver lost ip was that there was some problem with vserver and sysadmin tried to vserver stop
1293551353 M * glen but that removed ip's but failed to complete the rest
1293551623 J * derjohn_mob ~aj@196-68-72-193.adsl.switzerland.net
1293551804 J * alpha_one_x86 ~kvirc@95.17.30.185
1293551910 M * alpha_one_x86 Hello, I have iptabel rules: -A OUTPUT -s 127.0.0.1 -j ACCEPT to connect into guest from 127.0.0.1 to 127.0.0.1:9555, but connection timeout while I not put: -A OUTPUT -p tcp -m tcp --dport 9555 -j ACCEPT 
1293552109 Q * derjohn_mob Ping timeout: 480 seconds
1293552178 M * alpha_one_x86 why? how do it correctly?
1293552182 M * Bertl alpha_one_x86: you sure that it is 127.0.0.1?
1293552252 M * nkukard_ hrmmm, Bertl do you know if the yum patch is still needed or where I can get an updated one for latest version of yum?
1293552294 M * Bertl did you check the latest patch in the latest util-vserver prerelease?
1293552308 M * Bertl (AFAIK it is still required)
1293552347 M * alpha_one_x86 yes, netstat -nap| grep LISTEN -> serveur on 127.0.0.1:9555 and client (telnet or other) connect on 127.0.0.1:9555
1293552372 M * nkukard_ Bertl, 0.30.216-pre2926  <= correct?
1293552403 M * Bertl alpha_one_x86: check with tcpdump on the host (with your second iptables rule in place)
1293552430 M * Bertl nkukard_: yep, as linked on our main wiki page :)
1293552454 M * nkukard_ I"m checking the contrib dir, the changelog talks of 3.2.22 but I cannot even find that in the contrib dir
1293552489 M * Bertl I presume older patches still apply when there is no newer one
1293552525 M * Bertl off for now .. bbl
1293552530 N * Bertl Bertl_oO
1293552564 A * nkukard_ pokes DLange in the eye
1293552732 M * alpha_one_x86 Bertl_oO: it show communication from 127.0.0.1 to 127.0.0.1
1293552739 M * alpha_one_x86 I have try to:
1293552757 M * alpha_one_x86 -A OUTPUT -s 127.0.0.1 -j ACCEPT , -A OUTPUT -d 127.0.0.1 -j ACCEPT
1293552814 M * nkukard_ alpha_one_x86, can you try tcpdump the lo interface on the host system
1293552815 J * ghislain ~AQUEOS@adsl2.aqueos.com
1293552819 M * nkukard_ something like this ...
1293552821 M * alpha_one_x86 then 127.0.0.1 in this firewall seam be only for the host (then guest packet is without rules then drop)
1293552829 M * nkukard_   tcpdump -i lo -n -nn net 127.0.0.0/8
1293552836 M * nkukard_ tell me what it outputs, or pastebin it
1293552878 M * DLange nkukard_: I can see your tail :)
1293552889 A * nkukard_ hides it
1293552985 J * petzsch ~markus@ip-80-226-227-109.vodafone-net.de
1293553476 M * alpha_one_x86 17:24:44.284679 IP 127.156.64.1.42439 > 127.156.64.1.9312: S 754071656:754071656(0) win 32792 <mss 16396,sackOK,timestamp 53841407 0,nop,wscale 7> 17:24:44.284796 IP 127.156.64.1.9312 > 127.156.64.1.42439: R 0:0(0) ack 754071657 win 0 
1293555152 J * ensc|w ~ensc@www.sigma-chemnitz.de
1293555318 J * dowdle ~dowdle@scott.coe.montana.edu
1293556126 N * Bertl_oO Bertl
1293556144 M * Bertl back now ...
1293556189 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1293556529 M * Bertl alpha_one_x86: see, guest uses 127.x.y.1
1293556542 M * Bertl thus your 127.0.0.1 rules won't match
1293557007 M * nkukard_ Bertl, yea, there is no latest patch in the source, despite the changelog saying there was a commit for it, and the latest one in the tar.bz2 doesn't apply to latest yum
1293557036 M * nkukard_ alpha_one_x86, use  127.0.0.0/8  
1293557049 M * nkukard_  -s 127.0.0.0/8 -d 127.0.0.0/8
1293557063 M * Bertl or 127.x.y.1 where x.y is the context id
1293557074 M * Bertl (or the assigned lback address :)
1293557076 Q * petzsch Quit: Leaving.
1293557119 M * nkukard_ right :)
1293557154 J * petzsch ~markus@dslb-092-075-217-171.pools.arcor-ip.net
1293557909 N * ufoczek_aw ufoczek
1293557940 M * ufoczek Bertl: i was trying to set maximum 20% of cpu
1293558614 M * Bertl ufoczek: as I said, mainline does not provide hard limits (yet)
1293558629 M * Bertl i.e. you get 20% if the other guest uses up 80%
1293558664 M * Bertl or to put it differently, if both guests try to get 100%, one will get 20, the other 80
1293558848 Q * itess Quit: KVIrc 4.0.2 Insomnia http://www.kvirc.net/
1293559162 M * Chlorek Bertl: hop hop
1293559195 M * Chlorek can you tell me how can I isolate guest's loopback from other guestes and host?
1293559244 M * Chlorek I was trying all *LBACK* caps, and it doesn't work for me :(
1293559268 M * Bertl it is isolated (by using a separate IP for each guest for all modern kernels) but you can further refine that by iptables rules
1293559285 M * Bertl what kernel/patch version do you use?
1293559349 M * Chlorek 2.6.34 ant don't remember which patch exactly but suitable for this kernel
1293559362 M * ufoczek Bertl: ok, thanks :)
1293559367 M * Bertl Chlorek: well, that will definitely have lback isolation
1293559381 M * Chlorek I know...
1293559464 M * Bertl what does 'cat /proc/virtnet/<nid>/*' give?
1293559468 M * Bertl (please use paste.linux-vserver.org for everything longer than 3 lines)
1293559480 M * Chlorek ofc
1293559526 M * Chlorek http://pastebin.com/rCMkvEF3
1293559563 M * Bertl did you assign that 127.252.0.1 ip to your guest?
1293559580 M * Chlorek yes
1293559585 M * Chlorek it's wrong, right?
1293559601 M * Bertl yep, remove that, disable single_ip special casing with ~single_ip
1293559612 M * Bertl and you should be fine with the defaults
1293559740 M * Chlorek hm
1293560001 Q * petzsch Quit: Leaving.
1293560054 M * Chlorek hm hm
1293560070 M * Chlorek tcpdump -i any still shows host's traffic
1293560081 M * Bertl you cannot tcpdump in a guest
1293560104 M * Bertl (unless you give excessive capabilities :)
1293560217 M * Bertl and for the host it is expected that you tcpdump the guest traffic
1293560307 M * Chlorek that's the goal
1293560314 M * Chlorek enabling guest's traffic visibility for guest, but nothing more
1293560336 M * Bertl well, raw sockets allow to send and receive arbitrary data
1293560361 M * Chlorek :(
1293560366 M * Bertl so with an 'isolation technology' (which Linux-VServer uses by default) you won't be able to restrict that properly
1293560384 J * hparker ~hparker@2001:470:1f0f:32c:a0f3:59ff:fe14:540f
1293560408 M * Bertl but you can switch to network namespaces, which give you a separate network stack, and with routing you will be able to restrict traffic like on a real host
1293560456 M * Bertl (will reduce performance and complicate the setup but makes the experience 'more real')
1293560567 M * Chlorek NAMESPACE ccap?
1293560602 M * Bertl not that simple, yet
1293560627 M * Bertl network namespaces need manual setup for now, but util-vserver support is in the works AFAICT
1293560656 M * Bertl check the mailing list for details, a bunch of folks are already using them
1293560673 M * Chlorek any url/instruction for this? only mailing list?
1293560687 M * Bertl archives are online, so check there
1293560716 M * Chlorek ok, thx ;)
1293560811 Q * FireEgl Ping timeout: 480 seconds
1293562201 J * petzsch ~markus@dslb-092-075-217-171.pools.arcor-ip.net
1293563025 J * andrea ~andrea@service.cab.unipd.it
1293563483 J * FireEgl FireEgl@2001:470:e056:8:bcbb:3864:24c8:11bc
1293563820 M * andrea Hi, I'd like to use Xen+VServer in Debian lenny. Now I am using the distribution kernel, 2.6.26-2-xen-amd64, and in the Debian changelog they say it should support VServer by default but when I start /etc/init.d/util-vserver it complains "Linux-VServer capability not detected in kernel", that means /proc/self/vinfo doesn't exist.
1293563829 M * andrea The question is: Is the Xen+VServer support really compiled into the Debian Kernel or do I have to compile it myself? Does anybody do that the Debian way?
1293563941 J * MeCooL mecool@94.129.178.11
1293564061 M * andrea ok, see you later :)
1293564064 Q * andrea Quit: I'm gonna save Rose Tyler from the middle of the Dalek fleet, and then I'm gonna save the Earth
1293564080 M * nkukard_ Bertl, i've checked and double checked, it seems some of the patch files are missing from the util-vserver snapshot .tar.bz2
1293564465 M * Bertl best check with daniel_hozac 
1293564661 M * Bertl translocating .. bbl
1293564667 N * Bertl Bertl_oO
1293566573 Q * hparker Remote host closed the connection
1293567049 A * MeCooL :)
1293568382 Q * alpha_one_x86 Quit: KVIrc Equilibrium 4.1.1, revision: 5124, sources date: 20101020, built on: 2010-11-10 20:25:08 UTC http://www.kvirc.net/
1293570711 A * MeCooL È_È
1293572107 Q * petzsch Quit: Leaving.
1293572569 Q * bonbons Quit: Leaving
1293573543 N * Bertl_oO Bertl
1293573548 M * Bertl back now ...
1293573784 M * ufoczek hello again ;)
1293573931 J * hparker ~hparker@2001:470:1f0f:32c:3c36:8dff:fe1d:8210
1293575863 Q * Piet Ping timeout: 480 seconds
1293575956 J * Piet ~Piet__@04ZAABRX9.tor-irc.dnsbl.oftc.net
1293577227 J * petzsch ~markus@dslb-092-075-217-171.pools.arcor-ip.net
1293577279 Q * ensc|w Remote host closed the connection
1293577704 Q * ghislain Quit: Leaving.
1293578965 Q * FireEgl Remote host closed the connection
1293579325 J * CoWw__Cr__tmnCE ~gund@61.19.244.134
1293579325 P * CoWw__Cr__tmnCE 
1293579679 J * FireEgl ~FireEgl@173-25-19-139.client.mchsi.com
1293580465 J * ser ~ser@house.metalab.unc.edu