[00:32] Doener (~doener@p5082D80D.dip.t-dialin.net) left irc: Quit: Leaving [00:48] talon (talon@host-63-149-223-100.irwinresearch.com) joined #vserver. [01:20] serving (~serving@213.186.188.205) joined #vserver. [01:21] Nick change: Bertl_oO -> Bertl [01:21] have a good night, I'm off to bed ... [01:21] Nick change: Bertl -> Bertl_zZ [01:29] Doener (~doener@p5082D80D.dip.t-dialin.net) joined #vserver. [01:49] rmoriz (rmoriz@rmoriz.cpan.de) joined #vserver. [01:49] hi [01:49] hi rmoriz [01:49] is there a way to add more IPs to a running vserver without rebooting it? [01:57] rmoriz (rmoriz@rmoriz.cpan.de) left irc: Quit: leaving [03:46] ExpiryJames (~james@h24-71-63-164.ok.shawcable.net) left irc: Remote host closed the connection [04:24] noel- (~noel@p50859A97.dip.t-dialin.net) joined #vserver. [04:32] noel_ (~noel@pD9FFA50C.dip.t-dialin.net) left irc: Ping timeout: 504 seconds [04:37] Nick change: cdub -> cgone [06:45] johnny (~johnny@ip68-10-185-29.hr.hr.cox.net) joined #vserver. [07:11] Doener_zZz (~doener@pD9588458.dip.t-dialin.net) joined #vserver. [07:18] Doener (~doener@p5082D80D.dip.t-dialin.net) left irc: Ping timeout: 488 seconds [07:35] edison (~alex@MTL-ppp-147913.qc.sympatico.ca) joined #vserver. [07:52] edison (~alex@MTL-ppp-147913.qc.sympatico.ca) left irc: Quit: Leaving [07:52] edison (~alex@MTL-ppp-147913.qc.sympatico.ca) joined #vserver. [07:53] edison (~alex@MTL-ppp-147913.qc.sympatico.ca) left irc: Client Quit [09:09] :) [10:22] kestrel (athomas@home.swapoff.org) left irc: Ping timeout: 488 seconds [11:59] ydupont (~ydupont@lamier.cri.univ-nantes.fr) joined #vserver. [12:28] virtuoso (~shisha@ip114-115.adsl.wplus.ru) left irc: Read error: Connection reset by peer [12:28] mhepp (~mhepp@r72s22p13.home.nbox.cz) joined #vserver. [12:40] virtuoso (~shisha@ip114-115.adsl.wplus.ru) joined #vserver. [12:58] johnny (~johnny@ip68-10-185-29.hr.hr.cox.net) left irc: Ping timeout: 501 seconds [13:05] AHTOH (~Anton@212.1.230.115) joined #vserver. [13:09] AHTOH (~Anton@212.1.230.115) left #vserver. [13:38] Nick change: Bertl_zZ -> Bertl [13:39] AHTOH (~Anton@212.1.230.115) joined #vserver. [13:39] trying 1.3.7... [13:39] hey anton, great! [13:40] it works [13:41] sounds good ... has a new network source selection ... [13:41] what does it meand [13:42] well, udp (un)/connected and tcp have now the same 'improved' selection scheme ... [13:43] will test [13:43] i got an tirc there running now try to move dns there [13:43] and it uses the barrier stuff ... [13:43] irc [13:44] so chattr +t doesn't make it secure, but --barrier will ... [13:44] btw i dont use any init scripts from utilities but ise some lines into rc.local -- what do you think about it? [13:44] /usr/src/vproc-0.01/vproc -e /proc/* /proc/*/* [13:44] /usr/local/sbin/vserver irc start [13:44] /usr/local/sbin/vserver dns start [13:45] well, guess that works too ... if that is your preference ... [13:45] the advantage of a runlevel script is, that you can handle startup _and_ shutdown in a simple way ... [13:56] virtuoso (~shisha@ip114-115.adsl.wplus.ru) left irc: Quit: leaving [14:01] virtuoso (~shisha@ip114-115.adsl.wplus.ru) joined #vserver. [14:04] Nick change: virtuoso -> as [14:04] hi as! [14:04] Nick change: as -> virtuoso [14:05] Bertl: hi [14:11] can i use alpha-utilities for using apt with -run-winth stable-utilities-vservers [14:12] probably, but better ask enrico ...# [14:19] ok [14:20] hmm dont you know how to generate new config dir for existing versver [14:22] enrico was talking about some conversion tool, but I guess that isn't written yet ... [14:24] virtuoso (~shisha@ip114-115.adsl.wplus.ru) left irc: Quit: leaving [14:25] virtuoso (~shisha@ip114-115.adsl.wplus.ru) joined #vserver. [14:25] oops i got the same problem with ssh now [14:25] dont understand what have changed [14:26] what is the 'same' problem? [14:26] nice needed at time a do ssh if sshd started from init script [14:28] serving (~serving@213.186.188.205) left irc: Read error: Connection reset by peer [14:30] okay, away for a hour or so .. [14:30] Nick change: Bertl -> Bertl_oO [14:44] AHTOH (~Anton@212.1.230.115) left #vserver (Client exiting). [15:18] Nick change: Bertl_oO -> Bertl [15:21] kestrel (athomas@home.swapoff.org) joined #vserver. [15:22] hi alec! [15:22] hey herbert, how are you? [15:23] fine thanks, and you? what brings you here? [15:23] habit [15:24] and vserver is cool [15:24] good answer ;) [15:24] after all this time, vserver is still cool ... [15:24] hehe [15:24] it's true [15:27] ah, another freevps advertisement on the ml [15:28] hmm, well if they need to advertise that much ;) [15:29] Action: kestrel nods [15:30] It's sad, because I think Alex could add much to this project .. but what shall I do about it ... [15:31] (same goes for say by the way, good kernel hacker, it seems) [15:31] i have thought the same thing. he's not interested in contributing back to vserver? [15:32] well, you read the mail exchange with Igor? [15:32] I guess they have no choice there ... [15:34] reading it now.. [15:41] well, it wasn't overwhelmingly positive [15:42] but hopefully you guys can work together for the 2.6 version [15:42] pool your powers for good, not evil :) [15:56] did you read the conditions for a common 2.6 branch? [15:57] okay, have to leave for an hour or two ... cu later ... [15:57] Nick change: Bertl -> Bertl_oO [15:58] the only condition i could see was that he wanted to make it commercial grade, which is reasonable [15:58] johnny (~johnny@ip68-10-185-29.hr.hr.cox.net) joined #vserver. [16:21] serving (~serving@213.186.188.205) joined #vserver. [16:28] kestrel: i thought thats what everyones goal was. (making vserver commercial grade) [16:29] id say its getting close already. [16:29] same, but herbert was speaking of conditions and that was all i could see [16:29] Action: kestrel shrugs [16:30] i dont know much about the whole freevps conflict. i can barely understand anything alex says. [16:31] heh [16:32] me either, but his boss igor was quite fluent in english [16:33] will have to look at the ml archives again. [16:33] been too busy playing with quota stuff. [16:43] i think ive gotten all the kernel realted problems taken care of (although i didnt write teh quota test stuff yet..) but quotacheck seems to be very slightly broken for ufs filesystems and im trying to verify and hopefully fix that. [16:44] cant say i find the quotatools source easy to follow though :\ [17:00] Nick change: Bertl_oO -> Bertl [17:01] hi bill! [17:02] hi, sorry i wasnt around yesterday. [17:02] had networking troubbles. and by the time i got on you were long gone. [17:04] np [17:04] kestrel, talon: to make that clean once again (regarding FreeVPS) [17:05] I'm the last person not interested in cooperating or even common development (either in 2.4 or in 2.6 linux vserver development) [17:07] but for me the essential point is, that linux-vserver must not be dictated by the commercial plans/ideas of one company ... It's a community project after all ... [17:07] the points from Igor: [17:07] a) There are enough interest in merging (aka finding compromises when necessary) [17:07] b) FreeVPS design strategies are ok for linux-vserver developers [17:08] c) We can come up with a set of common goals, tasks and with a way to work together. [17:10] and my answers to that are in the mailing list archive http://archives.linux-vserver.org/200401/0257.html [17:10] and take special care what the reply to that reply was ... [17:11] http://archives.linux-vserver.org/200401/0259.html [17:18] reading the start of thread down. [17:19] yep, i read all of that [17:20] so please let me know what you think of it? [17:20] re: 2.4 freeze i wouldnt mind a freeze as long as the current stable branch and addons still get bugfixes. perhaps another stable release using the current dev stuff for 2.4 or merging the more useufl features of the dev stuff for 2.4 would be nice also. [17:20] as far as what 2.6 tree to use im not familiar with SE. [17:20] so i dont know what to say about that one yet. [17:22] ...*brm*... [17:22] are we selling out to psoft? [17:23] Action: click smacks bertl with a rotten cod if that's the case ;] [17:23] ah, nvmd [17:23] forgot the reply [17:23] do I look like this? 8-) [17:24] no, fortunately :) [17:24] hm..... freeVPS + vserver... [17:24] this could be interesting [17:29] Bertl: i see nothgin wrong with merging certian functionaliyt in from freevps as long as liek you said the licenseing is free and co-operatin can be done in a productvie and well defined manner. [17:32] Action: kestrel agrees... [17:35] collaborating can only help both, as long as the ground rules are adhered to [17:35] Action: kestrel shrugs [17:36] but really, the final decision is yours herbert :) [17:36] i know a lot of open soruce projects seem to be hostile to any commercial co-operation at all . adn sometimes aganst all reason aganst anyoen using their code for commercial use at all. commercial use i thuink can only help vserver as long as all development isnt dictated by one company. but rather companys providing input and guidance inthe direction of a project as just another member of the community. [17:37] as I said, I'm not hostile against commercial participation, and especially not against the FreeVPS, I'm willing to cooperate and I'm willing to help .. but I have my problem with b) as I wrote ... [17:39] no problem with point b. [17:40] but it seems that Igor, who is the (monetary?) power behind FreeVPS, isn't interested if we do not blindly accept their Design Strategies ... [17:40] only response you could have on that point. [17:40] they have to be willing to work with vserver on deciding design stratigies obviously. [17:41] not just our stuff is godo enough for anybody. [17:41] ben (ben@bengrimm-host229.dsl.visi.com) joined #vserver. [17:42] Bertl: just so im clear i never said i had the impression you were aganst co-operatin with the vps people. [17:43] hi ben! [17:43] Hi - probably a different ben ;-) [17:44] talon: and if I didn't misinterpret his reply to that, he isn't that interested in cooperation anymore ... [17:44] Bertl: still reading through the thread. [17:44] ben: are you that different from the usual ben today? [17:45] Bertl: lol - just maybe not the ben you were expecting [17:45] hmm, which ben did I expect? [17:46] Bertl: perhaps not - maybe you were expecting no ben at all [17:46] would that be a good reason not to say 'hi' to ben, if he appears totally unexpected? 8-) [17:46] yep, it sure would [17:47] thanks for the warm welcome [17:47] hmm, would you expect me _not_ to say 'hi' to you? [17:47] you're welcome! [17:47] some people don't you know =) [17:48] ahh, I see, you normally visit 'other', maybe 'colder' channels ... [17:48] yep - at least when looking for help [17:48] because I have an ulterior motive for coming here [17:49] vservers... [17:49] hmm, you are looking for help, that is something completely different! go away! we will not help you! 8_) [17:49] hehe [17:49] okay, what is you issue with vserver? [17:49] Bertl: i have to say the vserver development community seems to be quite a bit mroe open and friendly that a lot of otehr open source communitys ive seen. [17:50] the people make the mood ;) [17:50] no issue yet, just wondering what the best kernel/patch set is to use for a cluster of production boxes [17:51] depends on what you want .. [17:51] I'm going to set up two pairs of servers that will replicate to each other using drbd [17:55] btw, what does the J stand for in your middle name? [17:57] Jesus! [17:57] hi mids! [17:57] howdy! [18:00] ben: hmm, well currently I would suggest to go with 1.3.7, because this is a prerelease for 1.4 and should be both stable and featurerich ... [18:01] for sure it isn't tested as well as vs1.26 but it should be fine though ... [18:01] Bertl: ok - I was leaning toward that [18:01] how about the kernel? [18:02] currently I tend to 2.4.25 as they _again_ fixed some things ... [18:02] they've been doing that lately [18:03] any allowable patchsets besides vserver? [18:04] or better - any recommended patchsets? [18:05] ac? [18:05] not really, there was a 1.3.5 version vor ck, but as ck wasn't updated, there is none for 1.3.7 atm [18:06] I'm gonna miss that o(1) scheduler [18:07] ck's up to 2.4.24 again [18:07] yeah 2.4.24 but 1.3.7 is for 2.4.25-rc1 atm [18:08] sure [18:08] maybe I can hack the patches together, but then that's trusting my ability to do that with servers that I don't want to crash [18:08] would be interesting to update ck1 to 2.4.25-pre1, but I guess Con will release his version soon after the 2.4.25 release [18:10] I'm sure [18:11] Bertl: you think you could email me teh quota system overview and test descriptions? probably easier for me to follow that way. than to try to extract it out of an irc log later. [18:11] so 1.3.7 is a pre-release - but not a release candidate [18:12] well, I left my options open, but I guess the 1.3.8 might be the last before 1.4 [18:12] what will i see in 1.4 ? [18:12] the same as in 1.3.7 minus some 'critical' parts (if anything is removed at all) [18:12] is it basicly like 1.26 with the proc securiyt stuff? [18:13] vs1.26 has proc security stuff ;) [18:13] as far as user visible stuff. [18:13] new in 1.3.x over vs1.26 is: [18:13] Bertl: heh, just not everythgin disabled like 1.3.x im guessing. [18:13] - enhanced network source selection [18:13] - BARRIER and IUNLINK enhancements [18:14] - vkill and advanced kernel API [18:14] cool. sounds like what im likely to be using once i have evetything working. [18:14] - uptime virtualization [18:15] - complete uts_name virtualization [18:15] - memory accounting and limits [18:15] - next generation procfs info [18:16] so Bertl, am I overly ambitious by thinking I can get all of this configured by Sunday? [18:17] depends on what you want. id say as long as you dont need to do anythign like per context disk quota or disk limits it should be easy. [18:17] nope, no need for that [18:17] just security contexts [18:17] and the virtualization [18:18] well, should be done in a few hours .. maybe the failover will take a little longer ... [18:18] the documentation is a bit much to sort through since it not organized. but it took me about a day or two to get a basic setup going after goign through variosu documents. [18:18] yeah, I'll have to integrate the drbd patches, heartbeat, etc... [18:19] I've been reading the docs, and yes, they are messy... but that's a Wiki for ya [18:19] probably would have gotten it doen faster if i wasnt focusing too much on trying to understand how everything worked. [18:20] context quotas were the only thing i found confusing at all. [18:22] for the most part it still seems straight forward [18:22] well, context quota is not that easy, and it is messy ... [18:24] I think it would have to be [18:24] without modifying the filesystems themselves [18:24] or did you do that? [18:25] the filesystems, no, everything else, yes ;) [18:26] nah, it isn't that intrusive, but it required some changes to the way quota works ... [18:30] i also found some bugs in it when i first started using it :) [18:30] you did? 8-) [18:32] Bertl: im currently paying with figuring out why quotacheck does what it does. but after im done with that im still interested in doing a quota test script. [18:35] no problem with that, maybe you should contact honza ... [18:36] as there have been some requests for q0.13 on vs1.26, I adapted the q0.13 to that too, but it still needs some testing ... [18:36] Bertl: i probably will once i have a better idea of what quotacheck is doing. [18:37] since im going to need to send a patch someplace. or at least a good description of whats going on. [18:39] ExpiryJames (~james@h24-71-63-164.ok.shawcable.net) joined #vserver. [18:39] hi ExpiryJames! [18:46] Bertl: my suspicion is its counting the .. entry in directorys. [18:47] probably ... but a 'quick' browsing of the source code should reveal that, right? [18:49] i didnt find much clear in the source. still trying to figure the source out. [18:55] im setting up another vmware with a vanilla 2.4.23 kernel and an empty fs to test the bahvior mroe closely on. [18:56] should be an easy source code change if i can figure it out. worse case i will run it under gdb to see what its doing. [18:57] static loff_t getqsize(char *fname, struct stat *st) [18:59] while ((de = readdir(dp)) != (struct dirent *)NULL) { [18:59] if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, "..")) [18:59] continue; [18:59] so it doesn't account . and .. [18:59] (in scan_dir(char *pathname)) [19:01] what about the FL_DEBUG ? [19:01] this seems to produce messages like: [19:01] tAdding %s size %d ino %d links %d\n" [19:01] i did the debug flag. [19:02] but now that you have me a pointer to where it actually scans directorys i have a place ot start. [19:19] ydupont (~ydupont@lamier.cri.univ-nantes.fr) left irc: Quit: Leaving [19:52] vmware = good testbase [19:52] :) [19:52] I just mocked up a fedora install :/ [19:52] lol'ers [19:52] hehe ... why not use QEMU? [19:52] nah, already got a working vmw [19:52] :) [19:52] lszy me [19:52] lazy [20:25] loger joined #vserver. [20:25] Cmaj (~cmaj@3ffe:bc0:5f3:1:9999:911:c3d3:5431) joined #vserver. [20:30] well i need ann answer can i compile my kernel in a vserver with gcc 3.3 debian(testing) and run my kernel in debian/woody after [20:30] guess so .. why not? [20:32] hey was not sure so i can take full optimisation for my cpu ..but if i import something else then like software could it conflict since its not same library . [20:33] the kernel does not use _any_ libraries ... [20:33] ok :) in fact it was my question ..thx [20:38] Cmaj: im not sure but depending on what kernel you build you may need to build new version of modutils etc. [20:38] debian has a script for building full kernel packages containing all of htat i think though. [20:39] but i dont htink that applies for 2.4.x kernels. [20:39] as far as modutils goes. [20:46] noel- (~noel@p50859A97.dip.t-dialin.net) left irc: Remote host closed the connection [20:58] welll yes i use modules oh well im late thx [21:00] _shur1 (~shushushu@vserver.electronicbox.net) left irc: Ping timeout: 483 seconds [21:44] ok i think i found it. [21:44] if you comment out if (i_nlink != 1 && need_remember) [21:45] in line 202 of checkquota.c [21:45] it seems ot give the same results as using an ext2 fs. [21:45] careful, need remember means that there might be 'other' links ... [21:45] test with hard links on the filesystem, that should now give surprising values ... [21:46] but I guess you are on the right track, I would add a check for IS_DIR there ... and ignore dirs with nlink > 1 ;) [21:47] i dont think im done yet by a long shot. [21:47] but i think the && need_remember bit is it. i dont think its ever called with need_remember on a ufs fs. [21:47] im going to test that with a few debug printfs though. [21:48] okay, thanks, I'm moving now from one place to the other, will be back in about 1-2 hours ... [21:52] Nick change: Bertl -> Bertl_oO [21:57] seems to work ok with hard links on the fs [22:00] mhepp (~mhepp@r72s22p13.home.nbox.cz) left irc: Remote host closed the connection [22:00] Action: talon digs a little deeper. [22:01] i have a feeling it add_to_quota shoudl always be called with need_remember on a non direct access fs. [22:03] hmm no thats not right. [22:04] its not always called with it set to 0. [22:08] hmm i may be right. [22:08] with the direct access method it looks like this. [22:08] root@darkstar:/usr/src/vserver/quota-tools# ./quotacheck -au [22:08] need_remember = 0 i_uid = 0 i_num = 2 i_nlink = 4 [22:08] need_remember = 0 i_uid = 0 i_num = 11 i_nlink = 2 [22:08] need_remember = 0 i_uid = 0 i_num = 12 i_nlink = 2 [22:08] need_remember = 0 i_uid = 0 i_num = 14 i_nlink = 1 [22:08] need_remember = 0 i_uid = 1000 i_num = 4033 i_nlink = 2 [22:08] need_remember = 0 i_uid = 1000 i_num = 4034 i_nlink = 4 [22:08] need_remember = 0 i_uid = 1000 i_num = 4035 i_nlink = 1 [22:09] with fs type ufs in mtab it looks like this. [22:09] root@darkstar:/usr/src/vserver/quota-tools# ./quotacheck -au [22:09] need_remember = 0 i_uid = 0 i_num = 2 i_nlink = 4 [22:09] need_remember = 0 i_uid = 0 i_num = 11 i_nlink = 2 [22:09] need_remember = 0 i_uid = 1000 i_num = 4033 i_nlink = 2 [22:09] need_remember = 1 i_uid = 0 i_num = 12 i_nlink = 2 [22:09] need_remember = 1 i_uid = 0 i_num = 13 i_nlink = 1 [22:09] need_remember = 0 i_uid = 1000 i_num = 4033 i_nlink = 2 [22:09] need_remember = 1 i_uid = 1000 i_num = 4034 i_nlink = 4 [22:09] Last message repeated 3 time(s). [22:09] need_remember = 1 i_uid = 1000 i_num = 4035 i_nlink = 1 [22:09] need_remember = 1 i_uid = 0 i_num = 12 i_nlink = 2 [22:09] need_remember = 0 i_uid = 0 i_num = 11 i_nlink = 2 [22:11] im guessing the few places where its calling add_to_quota with need_remember = 0 with i_nlink > 1 are not right. but since most people use the direct fs access method this was overlooked in scan_dir [22:14] yeah it looks like its needed whenever the entry is not a dir. [22:17] Action: talon fires up cscope [22:22] some of those idnoes called with 0 arent directorys. [22:24] any word on vserver for 2.6 ? [22:25] probably not for a while yet id imagine. except maybe experimental patches. [22:27] im not even really sure what the point is in not just cehcking to see if every inode has been seen before or not before it decides to upate the accounting. [22:27] performance maybe? [22:33] journaling etc [22:33] _shur1 (~shushushu@cpu183.adsl.qc.bellglobal.com) joined #vserver. [22:39] hmm ok. look like directorys are accounted twice. [22:47] which causes havoc. [22:48] its impossible for this to happen with teh direct fs scan. [23:08] http://talon.home.cosmic-cow.net/quotacheck.patch [23:17] norse (~norse@h118n2fls35o804.telia.com) joined #vserver. [23:17] hi norse [23:17] evening mate [23:22] alright, done with the final google run. is it cool to ask a question or is this strictly a dev channel? [23:23] ask ahaid! [23:23] ahead too [23:24] if someone who can help is available they will likely answer, otherwise you have to wait a few hours for everybody to wake up and read the backlog [23:24] cheers. alright, I've got the first vserver running perfectly, it's the networking I'm having trouble with. I can connect to the host from the vserver, I can connect to other physical boxes from it but I can't get anything to connect to it and I can't get the host to actually forward the vserver's connections to the network's physical internet-router. I'm to 90% sure this is an iptables issue but I wanted to check if I might have missed something [23:24] vserver-related. [23:26] heh, long message. anyway, I've got iproot="192.168.2.50" in leviathan.conf (leviathan is the vserver). I have previously used the same nat-script to forward uml-machines with it so it ought to work (tcpdump also confirms that the connection gets made and google returns but the vserver doesn't seem to accept it). [23:28] any hints or guides for me to rtfm? I've tried but I couldn't find anything that seemed to be related to this particular issue. [23:29] can you connect to the vserver from the host? [23:30] no, I'm fairly certain that sshd is running on it since I can do a /etc/init.d/ssh start (it's a debian-vserver) but I cannot connect to port 22 from the host (or any other host). [23:31] I can also ping the host from the vserver but I cannot ping the vserver from the host. [23:31] does it use ip aliases? [23:31] aye, it's setup as eth0:leviathan on the host [23:32] Nick change: Bertl_oO -> Bertl [23:32] help is near! [23:32] is it? [23:33] does ifconfig report any packages beeing lost or something? [23:33] s/packages/packets/ [23:33] I can't see anything, no errors, drops or anything [23:34] what vserver / kernel version do you use, and what additional patches? [23:35] vanilla 2.4.24 with the 1.26vs, no additional patches [23:36] Action: mids is a trainee tire1 vserver techsupport wannabe; aka say hi and keep you busy will someone who knows takes over :) [23:36] okay, short problem description? [23:37] vserver can connect to host but host cannot connect to vserver Bertl. the major thing is that I can't get the host to forward the vserver's connections, thus I cannot install anything on it. [23:37] forward? [23:38] forward as in iptables forward it [23:38] (what distro?) [23:39] norse: hmm, I almost thought you meant that [23:39] I will most definately not get offended if you tell me to rtfm something on this subject, I would have but I haven't been able to find anything that seems to be related to his. [23:39] s/his/this/ [23:39] mids, debian (woody) [23:39] (a quick workaround might be installing apt-proxy on the host) [23:39] thing is you are thinking in 'virtual' network and VMWARE/UML terms .. there is nothing to 'forward' between host and vservers ... [23:40] mids, aye but I'd like to get to the root of this. all of our wargames are down and people are bitching at me night and day :) [23:40] (understood :) [23:40] Bertl, hrm, nothing at all? so if the host's interface gets forwarded the vservers should be good to go? [23:41] the vservers interfaces are the host interfaces, so no forwarding possible .. [23:42] same goes for masquerading, masquerading a vserver interface on the host is not possible because, you just can't masquerade an alias on your host ;) [23:42] this is true, thus I must have fscked something else up [23:42] let's take a closer look at your setup, please explain me the details ... [23:43] roger, the host has eth0: 192.168.1.2. the vserver has iproot="192.168.2.50", iprootmask="255.255.255.0", iprootdev="eth0", s_caps="cap_net_raw" (only for testing purposes, of course). [23:44] okay ... [23:44] s_flags="lock nproc". my first guess was route add default gw 192.168.1.2 but I wasn't allowed to do that (which is a good thing if we get rooted, heh). [23:45] why would you want to add a route for an interface on the same host? [23:45] aye, that was when I was still thinking in the uml-way [23:45] okay, forget that for now ... [23:46] what do you want to get working with that setup? [23:46] I want the vserver to be able to make outbound connections so I can install some applications via apt, then I want port 22 open so players can connect to it (but at that point I will kill all outbound connections). [23:47] okay, outbound is non 192.168.x.x I guess? [23:47] aye [23:47] vang (~vang@80.86.109.254) joined #vserver. [23:47] you have a router for that? [23:47] hi vang! [23:47] Nick change: Doener_zZz -> Doener [23:47] hi all, my first time here [23:47] hi [23:48] hi Doener! [23:48] aye, the host itself forwards connections from the virtual networks and the host this vserver is running on just fine [23:48] you mean the host is the router for the outbound network? [23:48] err, "the router itself", the vserver's host isn't the physical router [23:49] eek, sorry mate, it's setup like this; Internet -> router -> dmz (the vserver's host is in the dmz) [23:49] okay, so you have a router, and the host with a vserver on it .. [23:49] i have a q. is any one running bind9 inside recent vserver? i' musing debian, paul sladen's bind packages (with nocapset) but still no luck. kernel 2.4.24, vserver 1.26 [23:49] aye, that's it [23:49] vang: yes I have, just a minute ... [23:50] norse: okay, and the router is capable of 'masquerading' or 'nating' any host in the 192.168.0.x network, or just psecific ips? [23:50] vang: only places I'm running it is on older patches... Haven't tried on the newer stuff [23:51] vang: if you do lsof | grep UDP and see where bind9 is listening [23:51] me too. i mean, i have a machine with old ctx series patches [23:51] the router accepts all outbound connections from the dmz. I previously killed the outbound connections from the umls on the uml's host. [23:51] vang: and then do a tcpdump -i eth0 or 'lo' and see what's happening to the packets--eg, are they getting re-written, it could be a UDP issue [23:52] (if you meant if it works, aye it works perfectly for everything except the vserver) [23:52] okay, so 192.168.2.50 will be allowed to go outside, and will be masqueraded or natted? [23:52] yes, though it appears twice in netstat -u: [23:52] udp 264 0 69.93.43.253:53 0.0.0.0:* 6305/named [23:52] udp 0 0 69.93.43.253:53 0.0.0.0:* 6305/named [23:52] Bertl, aye [23:52] Bertl: did you see my patch post above for quotacheck? that seems to fix things reliably without beaking anything else in quotacheck.c [23:52] it is a UDP issue, if i try connect tcp on 53 it works, connect udp hangs (tested with netcat) [23:52] talon: not yet, but for sure I'll look at it ... [23:52] norse: okay, let's verify that ... [23:53] norse: chbind --ip 192.168.2.50 ping 128.130.2.3 [23:53] on the vserver? [23:54] on the vserver host ... [23:54] mmkay, it's running [23:55] vang: okay, what do you get tcpdump, where at the packets going from /to? [23:56] just 1 sec. you ewant me to tun tcpdump inside vserver or in master? [23:56] norse: so that is working as expected, right? [23:56] vang: don't mind [23:56] Bertl, aye, 0% packet loss [23:56] good [23:57] bertl: you should get the same result from either if you're CAP_NET_RAW [23:57] norse: okay, next test: chbind --ip 192.168.2.50 telnet www.13thfloor.at 80 [23:58] doesn't seem to be able to get a response from the dns-server, "temporary failure in name resolution" [23:58] (is it a bridging issue?) [23:59] there is no bridging ... [23:59] my first guess would be, that your router is blocking anything except the ping ... [23:59] ah yes, heh, having a hard time dropping the old way, sorry mate [00:00] --- Thu Feb 12 2004