1350779097 M * Bertl_oO off to bed now ... have a good one everyone!
1350779101 N * Bertl_oO Bertl_zZ
1350791738 J * fisted ~fisted@xdsl-84-44-221-44.netcologne.de
1350792154 Q * fisted_ Ping timeout: 480 seconds
1350800381 J * clopez ~clopez@88.16.60.213.dynamic.mundo-r.com
1350802775 Q * ensc|w Remote host closed the connection
1350802784 J * ensc|w ~ensc@www.sigma-chemnitz.de
1350806934 Q * clopez Ping timeout: 480 seconds
1350807014 J * BenG ~bengreen@cpc4-aztw24-2-0-cust228.aztw.cable.virginmedia.com
1350808317 Q * BenG Quit: I Leave
1350809115 J * bonbons ~bonbons@2001:960:7ab:0:6d85:c5e6:1675:2895
1350812916 N * Bertl_zZ Bertl
1350812922 M * Bertl morning folks!
1350815223 J * isAAAc ~isaaac@2a01:6600:8081:3701:d824:9cff:fec2:fff5
1350816514 M * geos_one good morning
1350816661 M * isAAAc hi geos_one
1350819476 Q * ircuser-1 Ping timeout: 480 seconds
1350820024 J * wombat ~chatzilla@c-24-34-74-228.hsd1.ma.comcast.net
1350820119 N * wombat wombat555
1350820214 M * wombat555 I'm trying to get "Networking vserver guests" from http://linux-vserver.org/Networking_vserver_guests working.  Have gone through the steps, but can't ping the outside from within the guest.  I want to have one public IP, and use the host as a router to route connections to each guest.  Any suggestions how to troubleshoot this?
1350820251 M * Bertl there is no 'routing' between host and guests unless you use network namespaces
1350820280 M * wombat555 OK - so if that post the wrong one to use?
1350820283 M * Bertl but what you normally do with network isolation is to give a private IP to each guest and use S/DNAT to map certain ports to the guests
1350820307 M * Bertl and basically use masquerading for the outbound connections
1350820349 M * Bertl note that 'ping' is a horrible way to test (because it doesn't use tcp/udp, although it will work if done properly 
1350820454 M * wombat555 Hear on you ping, though the post suggests you should be able to do it.  I think the post is about S/DNAT...it uses dummy interfaces, has iptables routing from the "public ip" to the guest ips, and has you set up iptables to map ports from the outside to the vserver guest...
1350820471 M * Bertl regarding the post, it's a wiki, and folks change it often ... obviously the last person changing the last two sections had the same misconception that the host is a router
1350820545 M * Bertl note that you can't actually 'use' the dummy interface, but you can bind the IPs to it (as to any other interface)
1350820600 M * wombat555 Oh...am numbie on this....is there a post you can suggest to use?  Search terms (e.g., maybe "Bind IPs")?
1350821054 M * Bertl anything titled 'Linux Networking' should do
1350821068 M * Bertl i.e. it doesn't differ from a host without the Linux-VServer patch
1350821095 M * Bertl but basically the iptables lines given on the wiki are fine, just the nomenclature is misleading
1350821131 M * wombat555 Thanks!  Will give it a try, post back...
1350821199 M * Bertl if you are using a firewall, make sure to do the necessary changes via the firewall scripts
1350821248 M * Bertl otherwise you will have problems with either packets not going in/out as expected (because they are blocked via the firewall) or security issues (because you circumvent the firewall)
1350821524 M * wombat555 OK thanks Bertl!
1350821557 M * Bertl you're welcome! feel free to hang around!
1350821592 M * wombat555 Alright!
1350830493 J * sannes ~ace@cm-84.211.87.28.getinternet.no
1350833023 J * disposable disposable@shell.websupport.sk
1350834599 M * sannes ehm, how do I turn on vserver debug messages in dmesg? Is it enough to compile with VSERVER_DEBUG ?
1350835530 M * sannes so that what I put in vxdprintk actually turns up in dmesg
1350835939 Q * fisted Ping timeout: 480 seconds
1350837752 J * fisted ~fisted@p57A564EF.dip.t-dialin.net
1350837752 Q * fisted Remote host closed the connection
1350837837 J * fisted ~fisted@p57A564EF.dip.t-dialin.net
1350838932 M * Bertl sannes: usually. there is a separate option for the pts lookups
1350838948 M * Bertl off for now ... bbl
1350838955 N * Bertl Bertl_oO
1350839090 M * sannes huh?
1350839119 M * sannes Bertl_oO: I must admit I don't know what you are talking about :P
1350839201 M * sannes Bertl_oO: I'm trying to make the vxprintk actually end up in dmesg so I can figure out why a system call is not working, tried echo 8 > /proc/sys/kernel/printk .. but since that is not working I'm just putting in printk(KERN_EMERG "my message")
1350839361 Q * fisted Ping timeout: 480 seconds
1350840544 Q * isAAAc Ping timeout: 480 seconds
1350845178 J * ircuser-1 ~ircuser-1@35.222-62-69.ftth.swbr.surewest.net
1350845833 Q * nkukard Ping timeout: 480 seconds
1350846064 N * Bertl_oO Bertl
1350846067 M * Bertl back now ...
1350846164 M * Bertl sannes: ah, yes, CONFIG_VSERVER_DEBUG should suffice
1350846194 M * Bertl but note that vxdprintk(c,f,x...) has a condition as first argument
1350846206 M * Bertl i.e. it just prints stuff if (c) is true
1350846417 J * nkukard ~nkukard@41-133-237-213.dsl.mweb.co.za
1350846471 M * sannes ah
1350847086 J * fisted ~fisted@xdsl-78-35-80-37.netcologne.de
1350847290 M * sannes hm, I'm trying to figure out why unshare is not working, but returning successful ..
1350847320 M * Bertl how do you know it is not working?
1350847426 M * daniel_hozac and what are you unsharing?
1350847527 M * sannes unshare -m
1350847574 M * sannes unshare -m /bin/bash and then unmounting something and exit .. and the mount is unmounted outside the unshared namespace ..
1350847610 M * sannes works outside vserver
1350847658 M * Bertl works fine here
1350847672 M * Bertl (although I tried with a mount not unmount)
1350847686 M * sannes say: mkdir abcd ; touch abcd/abcd ; mkdir 1234 ; mount -o bind abcd 1234 ; unshare -m /bin/bash, and then run umount 1234 exit shell and see that 1234 is unmounted ..
1350847708 M * daniel_hozac underneath a guest dir?
1350847714 M * sannes inside a guest
1350847715 M * daniel_hozac because those are shared
1350847745 M * Bertl so stuff propagates
1350847779 M * sannes but, the point of namespaces and unsharing is that it should not propagate?
1350847816 M * sannes that is the way it works on the host atleast
1350847862 M * Bertl well, yes and no, it is how shared subtrees work
1350847870 M * Bertl on host or guest doesn't matter
1350847912 M * Bertl http://www.mjmwired.net/kernel/Documentation/filesystems/sharedsubtree.txt
1350847935 J * clopez ~clopez@88.16.60.213.dynamic.mundo-r.com
1350848009 M * sannes reading that now, but should it not work the same within a guest as the host? or is doing it inside a guest defaulting to something else?
1350848043 M * Bertl well, by default, a guest cannot mount/unmount
1350848083 M * daniel_hozac shared subtrees are used for the administrative namespace.
1350848088 M * Bertl it might be possible in the future to configure shared vs slave mount on guest creation
1350848109 M * Bertl where the slave mounts should suffice for the administrative purpose
1350848114 M * sannes yes, but if you give that ccapabilities needed bind mounts works fine, and if you enable umask newns and fs ..
1350848146 M * sannes I'm just surprised unshare -m did not do what I expected it to do
1350848146 M * Bertl an if you do the proper (re)mounts first, then it will behave as on the host :)
1350848164 M * Bertl well, it did exactly what you wanted it to do
1350848245 M * sannes not exactly, *I* wanted the processes startet with unshare -m /bin/bash to not meddel with the mount namespace in the other processes ..
1350848266 M * sannes but, I may not have done that correctly, ..
1350848280 M * Bertl well, that's not what you get, not on the host and not on the guest :)
1350848335 M * Bertl anyway, you might get what you want by adding a bunch of guest setup changes which convert shared mounts to slave mounts
1350848351 M * Bertl (or private mounts if necessary)
1350848400 M * sannes This is what I expect (and get on the host) http://pastebin.com/PNnrPWaS
1350848441 M * sannes That should not work on the host either?
1350848455 M * Bertl it depends on the existing host setup
1350848464 M * daniel_hozac not if the host is a shared subtree.
1350848468 M * Bertl if you do a shared rbind mount on the host, it won't work
1350848521 M * sannes aha:)
1350848541 M * sannes mount --make-private / then it will work? 
1350848631 M * sannes hm, so I should always make sure it is private first before messing with it :)
1350848757 M * Bertl a slave mount should work in your case as well
1350848950 M * sannes makes sense, thank you :)
1350848959 M * Bertl np
1350849109 M * sannes maybe stupid question, but does mount --make-slave alter the namespace or does it only affect it when cloning it? .. i.e. should I unshare before or after saying it a mountpoint is a slave?
1350849123 M * daniel_hozac doesn't matter
1350849152 M * Bertl I'd do the unshare first because of potential race conditions
1350849191 M * Bertl (note: that's handwaving, I have no evidence that it matters/changes anything)
1350849293 M * sannes I'll test it then :)
1350849357 M * daniel_hozac Bertl: do you see any reason to do shared by default?
1350849360 M * daniel_hozac as opposed to slave.
1350849375 M * Bertl no, actually I was going to suggest to switch to slave
1350849409 M * Bertl especially as the guest, by default, cannot do mounts anyways
1350849413 M * daniel_hozac right
1350852206 Q * bonbons Quit: Leaving
1350852314 J * isAAAc ~isaaac@2a01:e35:8a4f:f60:c646:19ff:fe58:33e4
1350853858 Q * sannes Remote host closed the connection
1350856293 Q * isAAAc Quit: Konversation terminated!
1350859659 Q * ensc Ping timeout: 480 seconds
1350860839 Q * clopez reticulum.oftc.net charon.oftc.net
1350860839 Q * disposable reticulum.oftc.net charon.oftc.net
1350860839 Q * ensc|w reticulum.oftc.net charon.oftc.net
1350860839 Q * imcsk8 reticulum.oftc.net charon.oftc.net
1350860839 Q * bzed reticulum.oftc.net charon.oftc.net
1350860839 Q * hijacker reticulum.oftc.net charon.oftc.net
1350860839 Q * _Shiva_ reticulum.oftc.net charon.oftc.net
1350860839 Q * HeL reticulum.oftc.net charon.oftc.net
1350860839 Q * DelTree reticulum.oftc.net charon.oftc.net
1350860839 Q * sladen reticulum.oftc.net charon.oftc.net
1350860839 Q * Bertl reticulum.oftc.net charon.oftc.net
1350860839 Q * tokkee reticulum.oftc.net charon.oftc.net
1350860874 J * clopez ~clopez@88.16.60.213.dynamic.mundo-r.com
1350860874 J * disposable disposable@shell.websupport.sk
1350860874 J * ensc|w ~ensc@www.sigma-chemnitz.de
1350860874 J * imcsk8 ~ichavero@148.229.1.11
1350860874 J * bzed ~bzed@bzed.netrep.oftc.net
1350860874 J * hijacker ~hijacker@213.91.163.5
1350860874 J * Bertl herbert@IRC.13thfloor.at
1350860874 J * _Shiva_ shiva@whatcha.looking.at
1350860874 J * tokkee tokkee@osprey.tokkee.org
1350860874 J * HeL ~HeL@46.4.254.205
1350860874 J * sladen ~paul@212.13.202.11
1350860874 J * DelTree ~deplagne@alcorak1.eric.deplagne.name
1350863801 Q * clopez Ping timeout: 480 seconds