1380170538 J * thierryp ~thierry@home.parmentelat.net
1380171501 Q * thierryp Ping timeout: 480 seconds
1380172301 M * Bertl off to bed now ... have a good one everyone!
1380172307 N * Bertl Bertl_zZ
1380173737 J * thierryp ~thierry@home.parmentelat.net
1380174220 Q * thierryp Ping timeout: 480 seconds
1380177672 Q * distemper Ping timeout: 480 seconds
1380177694 J * Ghislain ~aqueos@adsl1.aqueos.com
1380177728 J * distemper ~user@2001:4dd0:ff00:9484:3f2f:58c8:2997:3dd2
1380179846 J * thierryp ~thierry@zebra.inria.fr
1380181393 J * thierryp_ ~thierry@zebra.inria.fr
1380181393 Q * thierryp Read error: Connection reset by peer
1380182166 Q * jrayhawk Ping timeout: 480 seconds
1380183119 J * beng_ ~BenG@cpc35-aztw23-2-0-cust207.18-1.cable.virginmedia.com
1380183475 N * l0kit Guest359
1380183483 J * l0kit ~1oxT@0001b54e.user.oftc.net
1380183871 Q * Guest359 Ping timeout: 480 seconds
1380185455 J * jrayhawk ~jrayhawk@nursie.omgwallhack.org
1380187728 Q * jrayhawk Read error: Operation timed out
1380188079 J * jrayhawk ~jrayhawk@nursie.omgwallhack.org
1380189316 P * mfn WeeChat 0.3.2
1380192787 Q * ircuser-1 Read error: Operation timed out
1380192848 N * Bertl_zZ Bertl
1380192852 M * Bertl morning folks!
1380194056 Q * Aiken Remote host closed the connection
1380195697 J * ircuser-1 ~ircuser-1@35.222-62-69.ftth.swbr.surewest.net
1380196032 Q * thierryp_ Remote host closed the connection
1380197687 Q * beng_ Quit: I Leave
1380200729 J * beng_ ~BenG@cpc35-aztw23-2-0-cust207.18-1.cable.virginmedia.com
1380203474 M * _br_ Does anyone know how I can grant IP forward rights to a vserver cage?
1380203511 M * _br_ I'm having a ssh running inside vserver and want to allow socks proxy, but ssh log tells me "refused local port forward: originator ::1 port 49719, target www.google.com port 80"
1380203539 M * _br_ and echo 1 > /proc/sys/net/ipv4/ip_forward is not allowed in that cage
1380203565 M * Bertl first, we call it 'guest' not 'cage'
1380203592 M * Bertl second, there is no 'forwarding' in a guest, because the networking (unless you use network namespaces) happens on the host
1380203644 M * Bertl and finally, the ssh message sounds more like an user error and probably has nothing to do with the guest setup
1380203647 M * _br_ Hm, guest sorry.
1380203662 M * _br_ User error? Hm, I see.
1380203670 M * _br_ Thats helpful, thanks bertl.
1380203685 M * Bertl what is your ssh command line?
1380203704 M * Bertl and what IPs are configured in your guest?
1380203736 M * _br_ Locally the guest runs on 10.0.0.42, and e.g. ping to outside works properly.
1380203770 M * Bertl so there is a nat rule on the host, mapping the guest IP to the public IP, yes?
1380203773 M * _br_ ssh I'm using is ssh -D8080 -p 42022 -C2qTnNv -X root@example.com
1380203778 M * _br_ yep
1380203815 M * Bertl an you want to 'forward' a connection going to your local port 8080 to www.google.com port 80 for example?
1380203858 M * _br_ well, basically I just want to allow someone to use local ip to access other websites.
1380203868 M * _br_ local as in static ip of server
1380203897 M * Bertl so you want to forward a port on the guest IP to another port on a remote server, yes?
1380203927 M * _br_ Sure, just a simple proxy functionality.
1380203931 M * Bertl which means, that you need some kind of DNAT on the host, otherwise incoming traffic will only hit the public IP which doesn't help you
1380203945 M * _br_ If I do that on the host it works, but not for the vserver hinting at probably a misconfiguration on my side.
1380203970 M * _br_ Exactly, actually I already have rules for that in iptables.
1380203997 M * Bertl first, try specifying the guest ip for binds
1380204009 M * Bertl e.g. -D10.0.0.42:8080
1380204045 M * _br_ good point, let me try
1380204135 M * _br_ Cannot assign requested address, hm
1380204168 M * Bertl so does 10.0.0.42 really show up inside the guest?
1380204321 M * _br_ hm, sorry, missed the -p, same error as before.
1380204330 M * _br_ ssh debug tells me client side "bind: Cannot assign requested address"
1380204342 M * _br_ guest ip shows ip fine with ifconfig
1380204347 M * _br_ inside guest
1380204467 M * _br_ Ok, its working now.
1380204470 M * _br_ ssh -D0.0.0.0:8080 -C2qTnNv -p42022 -X root@example.com
1380204502 M * _br_ Hm, but why? Did I misconfigure /etc/hosts ? He tried to bind to LOCALHOST by default
1380204513 M * Bertl well, sounds strange that it works with * but not with the actual IP
1380204547 M * Bertl can you run sshd in debug mode (maybe on a different port) and upload the output of both forwards?
1380204565 M * Bertl also, what kernel/patch/util-vserver version do you use?
1380204614 M * _br_ Host runs on Debian standard kernel (bit old) 2.6.32-5-vserver-amd64
1380204795 M * _br_ maybe not helpful if the kernel version is so old I guess for vserver-dev.
1380204818 M * _br_ Let me update the kernel and analyze whats going on here, but I suspect its just a misconfig on my side.
1380204828 M * _br_ Thank you very much for your help Bertl, appreciate your time on this.
1380205460 M * Bertl you're welcome!
1380205714 M * Bertl off for now ... bbl
1380205719 N * Bertl Bertl_oO
1380206094 M * AlexanderS _br_: the problem might be simple that ::1 (localhost for ipv6) is not available in a vserver because localhost remapping is afaik only implemented for ipv4
1380206373 M * AlexanderS anyone has a fix for the missing /proc/net contents in network namespaces beside compiling a own kernel and applying this patch? http://www.paul.sladen.org/vserver/archives/201305/0003.html
1380206418 M * _br_ AlexanderS: Very good point, sounds possible. The /etc/hosts has a mapping for that though in the guest. hmm.
1380206514 M * _br_ Hm, missing /proc/net entries, never encountered that
1380206555 M * AlexanderS _br_: thats only happening when using network namespaces and linux-vserver...
1380206583 M * _br_ Beats me, I'm sure the local experts know more about this...
1380211604 J * thierryp ~thierry@LNeuilly-152-21-8-169.w193-253.abo.wanadoo.fr
1380212028 Q * thierryp Remote host closed the connection
1380212536 J * bonbons ~bonbons@2001:a18:20f:4601:4421:a56:c670:fbb7
1380212614 J * thierryp ~thierry@LNeuilly-152-21-8-169.w193-253.abo.wanadoo.fr
1380212671 J * Ghislain1 ~aqueos@adsl1.aqueos.com
1380212672 Q * Ghislain Read error: Connection reset by peer
1380213798 Q * thierryp Remote host closed the connection
1380213842 Q * imcsk8 resistance.oftc.net weber.oftc.net
1380213842 Q * swenTjuln resistance.oftc.net weber.oftc.net
1380213842 Q * wmp resistance.oftc.net weber.oftc.net
1380213842 Q * PowerKe_ resistance.oftc.net weber.oftc.net
1380213842 Q * _nono_ resistance.oftc.net weber.oftc.net
1380213842 Q * jrklein resistance.oftc.net weber.oftc.net
1380213842 Q * Defaultti resistance.oftc.net weber.oftc.net
1380213842 Q * AndrewLee resistance.oftc.net weber.oftc.net
1380213928 J * PowerKe_ ~tom@94-227-30-112.access.telenet.be
1380213928 J * jrklein ~osx@proxy.dnihost.net
1380213928 J * wmp ~wmp@2001:41d0:1:8616::1
1380213928 J * imcsk8 ~ichavero@148.229.1.11
1380213928 J * _nono_ ~gomes@licencieux.ircam.fr
1380213928 J * Defaultti defaultti@lakka.kapsi.fi
1380213928 J * swenTjuln ~Marko@195.95.173.243
1380213928 J * AndrewLee ~andrew@n201.enc.hlc.edu.tw
1380218030 J * thierryp ~thierry@LNeuilly-152-21-8-169.w193-253.abo.wanadoo.fr
1380218510 Q * thierryp Ping timeout: 480 seconds
1380219219 Q * beng_ Quit: I Leave
1380223410 J * hijacker_ ~hijacker@cable-84-43-134-121.mnet.bg
1380224056 J * _BWare_ ~itsme@31.25.99.5
1380224060 Q * BWare Read error: Connection reset by peer
1380224308 Q * hijacker_ Quit: Leaving
1380224616 J * Aiken ~Aiken@2001:44b8:2168:1000:21f:d0ff:fed6:d63f
1380226512 J * thierryp ~thierry@LNeuilly-152-21-8-169.w193-253.abo.wanadoo.fr
1380226756 Q * thierryp Remote host closed the connection
1380227482 J * thierryp ~thierry@LNeuilly-152-21-8-169.w193-253.abo.wanadoo.fr
1380228753 Q * bonbons Quit: Leaving
1380232119 Q * thierryp Remote host closed the connection
1380232212 J * thierryp ~thierry@LNeuilly-152-21-8-169.w193-253.abo.wanadoo.fr
1380232227 Q * thierryp Remote host closed the connection
1380233645 J * transaci1 ~transacid@transacid.de
1380233645 Q * transacid Remote host closed the connection
1380233759 J * thierryp ~thierry@LNeuilly-152-21-8-169.w193-253.abo.wanadoo.fr
1380234635 Q * thierryp Remote host closed the connection
1380238869 J * thierryp ~thierry@LNeuilly-152-21-8-169.w193-253.abo.wanadoo.fr
1380239156 Q * ensc|w Remote host closed the connection
1380239168 J * ensc|w ~ensc@www.sigma-chemnitz.de
1380239352 Q * thierryp Ping timeout: 480 seconds