Re: Firewall blocking my new Debian 11 server ports 80 and 443

[Charles Kroeger]

> Maybe I should remove all firewall progs and start from zero.

I would suggest you install Shorewall. it is not the pain in the arse that's
been the theme of this thread so far.

Re: declarative (config file) way idea of handling the OS by way of the old system

[Emanuel Berg]

Mike Kupfer wrote:

>> Have a look at this blog post and program:
>> 
>>   Managing OpenBSD installed packages declaratively
>>   
>> https://dataswamp.org/~solene/2022-05-05-openbsd-declarative-packages-with-pkgset.html
>>
>> [...] Anyone has that for Debian and Debian-like systems?
>
> I have half of that, sort of. A static file has 1 package
> name per line, and each line has a usage tag like "base",
> "dev", or "emacs-build", and distro tags, like "deb10" or
> "f25". I run a script, telling it the usage and distro, and
> it spits out a list of packages. I usually redirect the list
> to a file, review and maybe edit it, and do something like
> "apt install $(cat tmp/pkgs)".
>
> I don't have the half that deletes unwanted packages, but
> that's not functionality I feel a need for.

Indeed, sounds like you have the essential half ...

-- 
underground experts united
https://dataswamp.org/~incal

Re: declarative (config file) way idea of handling the OS by way of the old system

[Mike Kupfer]

Emanuel Berg wrote:

> Have a look at this blog post and program:
> 
>   Managing OpenBSD installed packages declaratively
>   
> https://dataswamp.org/~solene/2022-05-05-openbsd-declarative-packages-with-pkgset.html
[...]
> Anyone has that for Debian and Debian-like systems?

I have half of that, sort of.  A static file has 1 package name per
line, and each line has a usage tag like "base", "dev", or
"emacs-build", and distro tags, like "deb10" or "f25".  I run a script,
telling it the usage and distro, and it spits out a list of packages.  I
usually redirect the list to a file, review and maybe edit it, and do
something like "apt install $(cat tmp/pkgs)".

I don't have the half that deletes unwanted packages, but that's not
functionality I feel a need for.

regards,
mike

Re: declarative (config file) way idea of handling the OS by way of the old system

[Emanuel Berg]

> Anyone has that for Debian and Debian-like systems?

Or, to be exact, systems that use APT.

-- 
underground experts united
https://dataswamp.org/~incal

declarative (config file) way idea of handling the OS by way of the old system

[Emanuel Berg]

Have a look at this blog post and program:

  Managing OpenBSD installed packages declaratively
  
https://dataswamp.org/~solene/2022-05-05-openbsd-declarative-packages-with-pkgset.html

That's sure one idea, to have a config file (that's the
"declarative" part) and then a script that converts that into
commands of/to the traditional package manager to setup the
system in accordance ...

Anyone has that for Debian and Debian-like systems?

-- 
underground experts united
https://dataswamp.org/~incal

perl listgarden module

[Russell L. Harris]

I am attempting to run the ListGarden RSS generator on Debian 11.
Perl 5 (version 32) needs the ListGarden module.  Meta::cpan does not
recognize the module name.

I am trying to implement a RSS (or Atom) feed on an blog I am
generating with make4ht.

RLH

--
He turneth rivers into a wilderness, and the watersprings into dry
ground; a fruitful land into barrenness, for the wickedness of them
that dwell therein. - Psalm 107:33-34

Re: REvisiting "Tool for investigating dependency chains?"

[David]

On Mon, 30 May 2022 at 01:28, Richard Owlett  wrote:

> berenger.mo...@neutralite.org responded with a discussion about using
> aptitude's visual mode.
>
> That has multiple problems:
>1. My original goal description was inadequate.
>2. My target environment has changed.
>3. From his description I don't completely grok how to use aptitude's
>   visual mode. The man page is not helpful as it is not intended to
>   be a tutorial but more a reference work to refresh the memory of
>   one already familiar with a specific tool. I searched for a
>   tutorial covering the visual mode. *BUT* the ones I found only
>   mentioned it in passing and all examples were pure command line.

https://lists.debian.org/debian-user/2020/09/msg00296.html

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[Timothy M Butterworth]

On Sun, May 29, 2022 at 8:13 PM Greg Wooledge  wrote:

> On Sun, May 29, 2022 at 11:50:44PM +, Lee wrote:
> > On 5/29/22, Greg Wooledge  wrote:
> > > Second, I cannot ping this IP address, nor can I telnet to port 80 of
> it.
> >
> > For whatever it's worth..
> >
> > Pinging 69.30.225.10 with 32 bytes of data:
> > Reply from 69.30.225.10: bytes=32 time=43ms TTL=53
> > Reply from 69.30.225.10: bytes=32 time=42ms TTL=53
> > Reply from 69.30.225.10: bytes=32 time=43ms TTL=53
> > Reply from 69.30.225.10: bytes=32 time=42ms TTL=53
>
> Yes, it's working from here now, too.  Changes definitely happened
> on the OP's server's side.
>
> I did a TCPTraceRoute to your server on port 80 it makes it across all
hops but says the port is closed on the server.

tcptraceroute 69.30.225.10
Selected device wlo1, address 192.168.105.250, port 38109 for outgoing
packets
Tracing the path to 69.30.225.10 on TCP port 80 (http), 30 hops max
1  192.168.105.156  7.422 ms  3.828 ms  3.985 ms
2  17.sub-66-174-63.myvzw.com (66.174.63.17)  340.678 ms  692.027 ms
 185.134 ms
3  194.sub-69-83-70.myvzw.com (69.83.70.194)  107.194 ms  596.305 ms
 257.465 ms
4  * * *
5  242.sub-69-83-70.myvzw.com (69.83.70.242)  556.143 ms  57.157 ms  47.478
ms
6  * * *
7  * * *
8  * * *
9  153.sub-69-83-66.myvzw.com (69.83.66.153)  184.145 ms  61.027 ms  48.539
ms
10  * * *
11  * * *
12  * be3083.ccr41.dca01.atlas.cogentco.com (154.54.30.53) 445.471 ms
 97.201 ms
13  be2891.ccr21.cle04.atlas.cogentco.com (154.54.82.249)  106.103 ms * *
14  * * *
15  * * be2831.ccr21.mci01.atlas.cogentco.com (154.54.42.165) 96.672 ms
16  be2546.rcr01.b073673-0.mci01.atlas.cogentco.com (154.54.30.242)  97.542
ms  89.655 ms *
17  * * *
18  * * *
19  100ge13-1.edge-a.clay.as33387.net (69.30.209.195)  725.149 ms  578.818
ms  414.786 ms
20  * * *
21  * * *
22  * server.pcstar1.com (69.30.225.10) [closed] 379.939 ms  413.809 ms

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[IL Ka]

>
>
> ssh gives me a login prompt
>
>
Btw, I highly recommend:
* Block SSH access from any IP except one you are going to use to manage
this server
* If you have dynamic IP, you can add all your ISP network, or, at least,
your country: (list can be downloaded here
 
https://blog.ip2location.com/knowledge-base/how-to-block-ip-addresses-from-a-country-using-ipset/

)
* Deny password access and use keys only (use EdDSA, not RSA if possible).
Passwords should never be used
* Disable root access
* Get rid of SHA-1 and other weak things:
https://sshcheck.com/server/69.30.225.10/

You have your ssh server opened to the whole world and there are zillions
of bots trying to guess your password now.

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[Greg Wooledge]

On Sun, May 29, 2022 at 11:50:44PM +, Lee wrote:
> On 5/29/22, Greg Wooledge  wrote:
> > Second, I cannot ping this IP address, nor can I telnet to port 80 of it.
> 
> For whatever it's worth..
> 
> Pinging 69.30.225.10 with 32 bytes of data:
> Reply from 69.30.225.10: bytes=32 time=43ms TTL=53
> Reply from 69.30.225.10: bytes=32 time=42ms TTL=53
> Reply from 69.30.225.10: bytes=32 time=43ms TTL=53
> Reply from 69.30.225.10: bytes=32 time=42ms TTL=53

Yes, it's working from here now, too.  Changes definitely happened
on the OP's server's side.

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[Lee]

On 5/29/22, Greg Wooledge  wrote:
> On Sun, May 29, 2022 at 03:39:05PM -0500, Tom Browder wrote:
>> I have not intentionally hidden anything, Greg--I just never saw the need
>> for
>> mentioning it given the dialogue--x.y.z.w is just shorthand. If you
>> must know the exact IP address, it is 69.30.225.10.
>
> OK.  Now we can actually start helping.
>
> First of all, this is a regular old routable IPv4 address.  It's not one
> of the non-routables, like 192.168.* or 10.*.  This is good.  It
> eliminates a whole class of problems like "My machine's IP address says
> 192.168.1.2 but I can't reach it from outside my network", all of which
> were still on the table until now.
>
> Second, I cannot ping this IP address, nor can I telnet to port 80 of it.

For whatever it's worth..

Pinging 69.30.225.10 with 32 bytes of data:
Reply from 69.30.225.10: bytes=32 time=43ms TTL=53
Reply from 69.30.225.10: bytes=32 time=42ms TTL=53
Reply from 69.30.225.10: bytes=32 time=43ms TTL=53
Reply from 69.30.225.10: bytes=32 time=42ms TTL=53

I had wireshark running while trying to telnet there and I get a RST ~
45ms after sending the SYN

ssh gives me a login prompt

Lee

Re: I am stuck with this while installing devian on my IMac early 2006

[Keith Bainbridge]

On May 29, 2022, at 2:30 PM, Nusrath Moin  wrote:

Whenever i login after installing debian on my imac early 2006 it shows 
"debian gnu/linux comes with absolutely no warranty, to the extent 
permitted by applicable law"



That message is normal when you log in to a terminal. I think OSx showed 
the same, but it's too long ago. Apple decided that my similar aged 
macbook wasn't good enough any more in 2011. That machine worked well on 
linux until 2016.


--
All the best

Keith Bainbridge

keithrbaugro...@gmail.com

Re: I am stuck with this while installing devian on my IMac early 2006

[Timothy Butterworth]

On May 29, 2022, at 2:30 PM, Nusrath Moin  wrote:

>
>
>Whenever i login after installing debian on my imac early 2006 it shows 
>"debian gnu/linux comes with absolutely no warranty, to the extent permitted 
>by applicable law" on some command screen and i am stuck what should i do 
>please tell me i am unable to use my imac 
>
What version of the installer did you use. If you want to troubleshoot then 
download the live DVD image. If you need non-free firmware then download the 
non-free live DVD installer.

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[Tom Browder]

On Sun, May 29, 2022 at 15:55 Greg Wooledge  wrote:
...

Thanks, Greg. It looks like my server was blocked from ports 80 and 443
upstream from it (as you and others suspected), so I asked my provider to
reinstall the OS and ensure it has public access to ports 80 and 443.

Best regards,

-Tom

Re: I am stuck with this while installing devian on my IMac early 2006

[Dan Ritter]

Nusrath Moin wrote: 
> Whenever i login after installing debian on my imac early 2006 it shows
> "debian gnu/linux comes with absolutely no warranty, to the extent
> permitted by applicable law" on some command screen and i am stuck what
> should i do please tell me i am unable to use my imac

If it is showing a 
login:
prompt then it is working properly. Is it?

What did you expect to see?

-dsr-

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[Greg Wooledge]

On Sun, May 29, 2022 at 03:39:05PM -0500, Tom Browder wrote:
> I have not intentionally hidden anything, Greg--I just never saw the need for
> mentioning it given the dialogue--x.y.z.w is just shorthand. If you
> must know the exact IP address, it is 69.30.225.10.

OK.  Now we can actually start helping.

First of all, this is a regular old routable IPv4 address.  It's not one
of the non-routables, like 192.168.* or 10.*.  This is good.  It
eliminates a whole class of problems like "My machine's IP address says
192.168.1.2 but I can't reach it from outside my network", all of which
were still on the table until now.

Second, I cannot ping this IP address, nor can I telnet to port 80 of it.
(Nor port 22.)

I don't get an error, though -- just a hang/timeout.

If you can ping this, or ssh to it, or reach it on ANY port at all,
from the public Internet, then that's a huge red flag pointing to a
firewall that filters incoming connections based on source IP.  Such
a firewall could be on the host itself, or on a router which protects
the host.

If you can't do any of those things, then we don't get as much information
out of it.  It could simply be the wrong IP address for all we know
at that point.  Or it could be a misconfigured firewall, or the machine
could be crashed, or the network cable fell out, or any number of other
issues.

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[Tom Browder]

On Sun, May 29, 2022 at 2:21 PM Greg Wooledge  wrote:
>
> > > > btw, are you able to ping server?
> > >
> > > Yes.
> >
> > It is always better to show the command and the output instead of saying
> > yes/no! :)
>
> Except it should be abundantly clear by now that you're dealing with
> someone who believes that they must hide every single detail from
> the ones who would offer help.

I have not intentionally hidden anything, Greg--I just never saw the need for
mentioning it given the dialogue--x.y.z.w is just shorthand. If you
must know the exact IP address, it is 69.30.225.10. (And you could have
asked for it at any time--I don't remember anyone asking for it--but I will
do so the next time I ask for this kind of help again.)

GIven all the advice, I'm leaning towards the popular hypothesis that
my provider has somehow locked out the two ports in question (a first
for them). The machine is now inaccessible, and I have asked them to
reinstall Debian 11 on it and ENSURE that ports 80 and 443 are
accessible from the internet.

Thanks for all the help, and I consider this thread closed.

-Tom

OBS sur Debian pas de visuel pour la capture d'écran

[firenze . rt]

Bonjour à tous,

Je voudrais utiliser OBS sur Debian pour faire des tutoriels vidéos.

Mais quand je veux filmer tout ce qui ce passe sur mon écran (Capture 
d'écran XSHM), je n'ai rien en aperçu à part mon curseur qui se balade 
sur fond noir. J'utilise le serveur graphique Wayland, j'ignore si ça a 
un impact sur OBS.


J'ajouterai aussi que je ne peux pas configurer d'encodage matériel, 
même avec tous les pilotes graphiques propriétaires AMD installés.


Étant donné que l'équipe d'OBS ne supporte pas officiellement Debian, 
vers qui se tourner pour signaler les bogues sur la version Debian d'OBS ?


Si quelqu'un dans la liste utilise OBS sous Debian, quelle est la marche 
à suivre pour le faire dans les meilleures conditions ? Faut-il se 
résoudre à passer par la case Flatpak ?


Par avance, merci pour vos réponses.

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[Greg Wooledge]

> > > btw, are you able to ping server?
> > 
> > Yes.
> 
> It is always better to show the command and the output instead of saying
> yes/no! :)

Except it should be abundantly clear by now that you're dealing with
someone who believes that they must hide every single detail from
the ones who would offer help.

Never mind that the details are REQUIRED to diagnose the problem.

What's important is that their WEB SERVER which is by definition supposed
to be AVAILABLE TO THE ENTIRE WORLD must remain secret and hidden from
the people trying to help.

Have fun continuing to try pulling teeth on this.

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[IL Ka]

>
>
> I must say, I can not realy understand how you can ping and not
> telnet/access your web server.
>
>
Some router between OP and his server has something like

-I FORWARD -j REJECT --reject-with icmp-host-unreachable

I am stuck with this while installing devian on my IMac early 2006

[Nusrath Moin]

Whenever i login after installing debian on my imac early 2006 it shows
"debian gnu/linux comes with absolutely no warranty, to the extent
permitted by applicable law" on some command screen and i am stuck what
should i do please tell me i am unable to use my imac

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[john doe]

On 5/29/2022 7:20 PM, Tom Browder wrote:

On Sun, May 29, 2022 at 11:39 IL Ka  wrote:


btw, are you able to ping server?



Yes.



It is always better to show the command and the output instead of saying
yes/no! :)

I must say, I can not realy understand how you can ping and not
telnet/access your web server.

--
John Doe

Re: grep: show matching line from pattern file

[Jim Popovitch]

On Sat, 2022-05-28 at 17:11 -0400, Greg Wooledge wrote:
> On Sat, May 28, 2022 at 04:02:39PM -0400, The Wanderer wrote:
> > On 2022-05-28 at 15:40, Jim Popovitch wrote:
> > > I have a file of regex patterns and I use grep like so:
> > > 
> > >    ~$ grep -f patterns.txt /var/log/syslog 
> > > 
> > > What I'd like to get is a listing of all lines, specifically the line
> > > numbers of the regexps in patterns.txt, that match entries in
> > > /var/log/syslog.   Is there a way to do this?
> > 
> > I don't know of a standardized way to do that (if anyone else wants to
> > suggest one, I'm open to learn), but of course it *can* be done, via
> > scripting. Off the top of my head, I came up with the following
> > 
> > for line in $(seq 1 $(wc -l patterns.txt | cut -d ' ' -f 1)) ; do
> >   if grep $(head -n $line patterns.txt | tail -n 1) /var/log/syslog >
> > /dev/null ; then
> > echo $line ;
> >   fi
> > done
> 
> The quoting here is... completely absent (and that's extremely bad), but
> also importantly, one would ideally like to avoid running grep a thousand
> times, especially if the target logfile is large.
> 
> I believe this is the kind of job for which perl is well-suited.  I'm not
> great at perl, but I'll give it a shot.
> 
> Here's a version with some extra information as output, so I can verify
> that it's doing something reasonably close to correct:
> 
> 
> #!/usr/bin/perl
> use strict; use warnings;
> 
> my @patlist;
> open PATS, " chomp(@patlist = );
> close PATS;
> 
> while (<>) {
> chomp;
> for (my $i = 0; $i <= $#patlist; $i++) {
>   print "$i|$patlist[$i]|$_\n" if /$patlist[$i]/;
> }
> }
> 
> 
> Now, to test it, we need a patterns.txt file:
> 
> 
> unicorn:~$ cat patterns.txt 
> PATH
> HOME|~
> a...e
> 
> 
> And an input (log) file:
> 
> 
> unicorn:~$ cat file
> zebra
> Home, home on the range.
> Oops, I meant HOME on the range.
> 
> applesauce
> 
> 
> And here's what it does:
> 
> 
> unicorn:~$ ./foo file
> 1|HOME|~|Oops, I meant HOME on the range.
> 2|a...e|applesauce
> 
> 
> Pattern numbers 1 and 2 (the second and third, since it starts at 0) were
> matched, so we have a line for each of those.
> 
> If that's kinda what you wanted, then you can adjust this to do precisely
> what you wanted.  It shouldn't take a lot of work, I hope.  Well, I guess
> that depends on what you really want.
> 
> Bash is not well-suited to this task, and even if we were to take The
> Wanderer's script and fix all the issues in it, it would still be a
> vastly inferior solution.  Some tools are just not meant for some jobs.
> 

Thanks Greg, that is exactly what I needed, and double thanks for the
details in explaining it, etc. 

-Jim P.

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[Tom Browder]

On Sun, May 29, 2022 at 11:39 IL Ka  wrote:

> btw, are you able to ping server?
>

Yes.

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[tomas]

On Sun, May 29, 2022 at 05:41:59AM -0500, Tom Browder wrote:
> On Sat, May 28, 2022 at 20:06 IL Ka  wrote:
> ...
> 
> 3. You should also check that Apache is running and listening to this port,
> > use ``ss -lt``.
> > For this command you _may_ use sudo to get process names (``sudo ss
> > -ltp``). Read ``ss --help``
> >
> > If you were able to connect on this host, then try to connect to this
> > machine from outside using public IP
> >
> 
> I can ssh in to the remote host. Then I tried telnet to port 80 on the same
> host from the outside with the public IP and got no good response:
> 
> $ telnet x.y.z.w 80
> Trying x.y.z.w...
> telnet: Unable to connect to remote host: No route to host

I may be off, but I think a firewall shouldn't do that [1]. It can
lead to a "connection refused", which amounts to replying with a RST,
which corresponds to the REJECT treatment, and it can just not answer,
which leads to a timeout, corresponding to DROP.

What you are seeing is some router in the middle telling you it
doesn't know which way this x.y.z.w is (with an ICMP "Destination
unreachable"). Of course this can happen at your workstation, but
then it'd be quite probable you can't access x.y.z.w with ssh
either.

Firewalls can be configured to lie [2] in this way, alas. It very
much looks like your provider has a firewall between your rental
host and the rest of the world.

But take all that with a grain of salt or two.
Cheers

[1] and I believe your Linux firewall won't do that by default.
   You'd have to tell it so.
[2] Now destination port unreachable would be less of a lie,
   no?
-- 
t


signature.asc
Description: PGP signature

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[IL Ka]

btw, are you able to ping server?

On Sun, May 29, 2022 at 7:26 PM Tom Browder  wrote:

> On Sun, May 29, 2022 at 10:33 AM IL Ka  wrote:
> >
> >
> >> When running those, I'm told neither the arptablrs nor the ebtables are
> registered (not installed). Should I install them?
> >
> > No.
> >
> > So, you now have legacy (classic) iptables, right?
>
> Yes.
>
> > What is the output of ``iptables -L -v -n``
>
> Chain INPUT (policy ACCEPT 279 packets, 36670 bytes)
>  pkts bytes target prot opt in out source
> destination
>  1387  150K f2b-sshd   tcp  --  *  *   0.0.0.0/0
> 0.0.0.0/0multiport dports 22
>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target prot opt in out source
> destination
>
> Chain OUTPUT (policy ACCEPT 260 packets, 35768 bytes)
>  pkts bytes target prot opt in out source
> destination
>
> Chain f2b-sshd (1 references)
>  pkts bytes target prot opt in out source
> destination
>22  1768 REJECT all  --  *  *   43.154.179.253
> 0.0.0.0/0reject-with icmp-port-unreachable
>  1069  126K RETURN all  --  *  *   0.0.0.0/0
> 0.0.0.0/0
>
> > and ``iptables -S`` ?
>
> -P INPUT ACCEPT
> -P FORWARD ACCEPT
> -P OUTPUT ACCEPT
> -N f2b-sshd
> -A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
> -A f2b-sshd -s 61.177.173.50/32 -j REJECT --reject-with
> icmp-port-unreachable
> -A f2b-sshd -s 61.177.173.7/32 -j REJECT --reject-with
> icmp-port-unreachable
> -A f2b-sshd -s 43.154.179.253/32 -j REJECT --reject-with
> icmp-port-unreachable
> -A f2b-sshd -j RETURN
>

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[IL Ka]

>
>
> > and ``iptables -S`` ?
>
> -P INPUT ACCEPT
> -P FORWARD ACCEPT
> -P OUTPUT ACCEPT
> -N f2b-sshd
> -A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
> -A f2b-sshd -s 61.177.173.50/32 -j REJECT --reject-with
> icmp-port-unreachable
> -A f2b-sshd -s 61.177.173.7/32 -j REJECT --reject-with
> icmp-port-unreachable
> -A f2b-sshd -s 43.154.179.253/32 -j REJECT --reject-with
> icmp-port-unreachable
> -A f2b-sshd -j RETURN
>

I do not see any rule that returns "no route to host".

You can use ``tcmpdump`` to see who is answering "no route to host" for
your "telnet [ip] 80" session.
I am pretty sure this is not your firewall problem

Re: File corruption after transmission over GMail using mutt + msmtp

[Marcelo Laia]

On 22/05/22 at 03:30, Marcelo Laia wrote:
> On 21/05/22 at 04:09, Marcelo Laia wrote:
> > Nowadays, email recipients had give me feedback that attached files that
> > I sent was corrupted. I use Mutt + msmtp + offlineimap and OAuth GMail
> > app implementation.
> 
> After more tests, I found that if I use the mutt native smtp, attach is
> properly transmitted. I could open it very well!
> 
> So, I think there is a problem with msmtp or its configuration.

No. Isn't msmtp problems.
 
> This is only changes I do to get all works very well!

I did more tests and found:

If I send a message using 

tee >(lbdb-fetchaddr -a)|/usr/bin/msmtp -a gmail $@

the attached file with embedded image got corrupted

The same result is got with 

tee >(lbdb-fetchaddr -a -c utf8)

If I send a message using 

/usr/bin/msmtp -a gmail $@

the attached file with embedded image got loaded correctly.

Have you some clue, here?

Thank you so much!

-- 
Marcelo

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[Tom Browder]

On Sun, May 29, 2022 at 10:33 AM IL Ka  wrote:
>
>
>> When running those, I'm told neither the arptablrs nor the ebtables are 
>> registered (not installed). Should I install them?
>
> No.
>
> So, you now have legacy (classic) iptables, right?

Yes.

> What is the output of ``iptables -L -v -n``

Chain INPUT (policy ACCEPT 279 packets, 36670 bytes)
 pkts bytes target prot opt in out source
destination
 1387  150K f2b-sshd   tcp  --  *  *   0.0.0.0/0
0.0.0.0/0multiport dports 22

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target prot opt in out source
destination

Chain OUTPUT (policy ACCEPT 260 packets, 35768 bytes)
 pkts bytes target prot opt in out source
destination

Chain f2b-sshd (1 references)
 pkts bytes target prot opt in out source
destination
   22  1768 REJECT all  --  *  *   43.154.179.253
0.0.0.0/0reject-with icmp-port-unreachable
 1069  126K RETURN all  --  *  *   0.0.0.0/0
0.0.0.0/0

> and ``iptables -S`` ?

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N f2b-sshd
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A f2b-sshd -s 61.177.173.50/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 61.177.173.7/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 43.154.179.253/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -j RETURN

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[IL Ka]

> When running those, I'm told neither the arptablrs nor the ebtables are
> registered (not installed). Should I install them?
>
No.

So, you now have legacy (classic) iptables, right?
What is the output of ``iptables -L -v -n`` and ``iptables -S`` ?

REvisiting "Tool for investigating dependency chains?"

[Richard Owlett]

In my original post [1] I said:

I'm in the process of doing some idiosyncratic minimalistic installs using 
the "--no-install-recommends" option of apt-get.


What I would like to do is enter the package name. The tool's response would
be a list of the recommended packages and their associated description from
packages.gz. At the moment the referenced repository would be a distribution 
DVD.


berenger.mo...@neutralite.org responded with a discussion about using 
aptitude's visual mode.


That has multiple problems:
  1. My original goal description was inadequate.
  2. My target environment has changed.
  3. From his description I don't completely grok how to use aptitude's
 visual mode. The man page is not helpful as it is not intended to
 be a tutorial but more a reference work to refresh the memory of
 one already familiar with a specific tool. I searched for a
 tutorial covering the visual mode. *BUT* the ones I found only
 mentioned it in passing and all examples were pure command line.

Clarifications:
  1. What I'm looking for would essentially depict the gemological
 relations resulting from
   apt-get install --no-install-recommends mate-desktop-environment
 [Something resembling a hierarchical directory tree desired.]
  2. The tool would be run under Debian 9.13 with MATE DE.
 The data would be from the then current repository of Debian
 stable.
  3. I'd like a pointer to a tutorial showing the actual usage of
 aptitude's visual mode.
 Entering just "aptitude" in MATES terminal gives a BLACK screen.
 Entering "aptitude /" in MATES terminal gives an error scree ending
 "This aptitude does not have Super Cow Powers."

TIA

[1] https://lists.debian.org/debian-user/2013/10/msg00365.html

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[Tom Browder]

On Sun, May 29, 2022 at 09:51 IL Ka  wrote:

>
>>> Do I have to switch all four *legacy *tables?
>>
>
> yes
>

When running those, I'm told neither the arptablrs nor the ebtables are
registered (not installed). Should I install them?

>

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[IL Ka]

>
>
>> Do I have to switch all four *legacy *tables?
>

yes

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[Tom Browder]

On Sat, May 28, 2022 at 17:24 IL Ka  wrote:

> ...

I am not familiar with nft, bit you can switch to iptables using
>> ``update-alternatives``
>>
>
> # update-alternatives --set iptables /usr/sbin/iptables-legacy
> # update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
> # update-alternatives --set arptables /usr/sbin/arptables-legacy
> # update-alternatives --set ebtables /usr/sbin/ebtables-legacy
>

Do I have to switch all four *legacy *tables?

-Tom

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[Erwan David]

Le 29/05/2022 à 13:22, Tom Browder a écrit :

On Sun, May 29, 2022 at 05:41 Tom Browder  wrote:

Does anyone have a good reason for me to NOT install and enable UFW?

-Tom


 good reason would be that thtere is obviously already something on 
your server magaing the firewalling. Having 2 different systems will 
lead to inconsistency and erratic behiaviour. First thing is to identify 
what is putting the rules you showed us. (rules that do not block ports 
80 and 443)

Re: grep: show matching line from pattern file

[David Wright]

On Sun 29 May 2022 at 15:02:35 (+0200), Jörg-Volker Peetz wrote:
> Jim Popovitch wrote on 28/05/2022 21:40:
> > Not exactly Debian specific, but hoping that someone here can help.
> > 
> > I have a file of regex patterns and I use grep like so:
> > 
> > ~$ grep -f patterns.txt /var/log/syslog
> > 
> > What I'd like to get is a listing of all lines, specifically the line
> > numbers of the regexps in patterns.txt, that match entries in
> > /var/log/syslog.   Is there a way to do this?
> 
> How about this:
> 
> $ grep -of patterns.txt /var/log/syslog.1 | grep -n -f - patterns.txt

That will only work for literal patterns, not regex ones.

Cheers,
David.

Re: grep: show matching line from pattern file

[Jörg-Volker Peetz]

Jim Popovitch wrote on 28/05/2022 21:40:

Not exactly Debian specific, but hoping that someone here can help.

I have a file of regex patterns and I use grep like so:

~$ grep -f patterns.txt /var/log/syslog

What I'd like to get is a listing of all lines, specifically the line
numbers of the regexps in patterns.txt, that match entries in
/var/log/syslog.   Is there a way to do this?

-Jim P.


How about this:

$ grep -of patterns.txt /var/log/syslog.1 | grep -n -f - patterns.txt

Regards,
Jörg.

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[IL Ka]

>
>
>
> Good to know. But does fail2ban require ipset?
>
No, but having several thousand rules is not convenient, so I prefer ipset


> They never have before in over 15 years, and, before I got this server
> started, its mate was serving fine. But if the ufw doesn't work, I'll ask
> them.
>

I'd start by switching to legacy iptables and running ``iptables -L -v
-n``.

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[Tom Browder]

On Sun, May 29, 2022 at 07:06 IL Ka  wrote:

> Does anyone have a good reason for me to NOT install and enable UFW?
>>
>
> ufw can't be used with ipset AFAIK, and I use ipset for many reasons
> (fail2ban, block access outside of my country etc).
> But If you only SSH your host from one static IP, you probably do not need
> fail2ban at all.
>

Good to know. But does fail2ban require ipset?

Anyway, I am not sure that port 80 is blocked by your firewall and not your
> hosting firewall
>

They never have before in over 15 years, and, before I got this server
started, its mate was serving fine. But if the ufw doesn't work, I'll ask
them.

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[IL Ka]

>
>
>
> Does anyone have a good reason for me to NOT install and enable UFW?
>
>
ufw can't be used with ipset AFAIK, and I use ipset for many reasons
(fail2ban, block access outside of my country etc).
But If you only SSH your host from one static IP, you probably do not need
fail2ban at all.

Anyway, I am not sure that port 80 is blocked by your firewall and not your
hosting firewall

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[IL Ka]

>
> $ telnet x.y.z.w 80
> Trying x.y.z.w...
> telnet: Unable to connect to remote host: No route to host
>
But you can ssh to this host, right?

Well, that means the firewall blocks your request and sends the ICMP
message "no route to host".

Switch to the legacy iptables using ``update-alternatives`` and check
``iptables -L -v -n`` again.
If no rule blocks this port, ask your hosting company.



>
>
>
>

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[Tom Browder]

On Sun, May 29, 2022 at 05:41 Tom Browder  wrote:

Does anyone have a good reason for me to NOT install and enable UFW?

-Tom

Re: duvida atualização instalador

[Diego Rabatone Oliveira]

Oi Vitor, esse esquema que você pensou não vai funcionar pq o "disco"
(pendrive) de instalação tem seu sistema de arquivos "read only", como se
fosse um CD ou DVD. Então o que você precisaria seria uma imagem atualizada
mesmo (tipo daily build).

Ao iniciar "do pendrive" qualquer operação que você faça será em memória,
sem persistência.

Em sáb., 28 de mai. de 2022 20:37, Vitor Hugo 
escreveu:

> Entendo, porem se tiver muitas instalações um USB atualizado ajudaria um
> pouco.
>
> Em 28/05/2022 06:30, debian.jb...@simplelogin.co escreveu:
> > Olá Vitor,
> >
> > Se não lembro mal (a minha última instalação do Debian foi há 2 meses)
> > não precisas de usar o apt no USB se tens conexão à internet. Há um
> > paso da inatalação no que o próprio instalador pesquisa pacotes mais
> > recentes nos repositorios e faz o upgrade se os atopar.
> >
> > Saudações,
> >
> >
> > Roberto Mallo
> > Audio Engineer & Musician
> >
> >
> >
> >
> >
> >
> >  Mensagem original 
> > A 27/05/2022, 17:11, Vitor Hugo - vitorhugo60 at hotmail.com <
> > jisohsjvvkdmbthckvy...@simplelogin.co > escreveu:
> >
> >
> > Boa tarde,
> >
> > Estou com uma duvida se eu fizer um USB de instalação da media do
> > Debian
> > e aplicar um "apt-get upgrade" os pacotes do USB de instalação serão
> > atualizados?
> >
> > Assim na próxima instalação ou antes da instalação executar a
> > atualização dos pacotes antes de instalar o sistema as versões mais
> > novas serão instaladas automaticamente?
> >
> > Obrigado.
> >
>
>

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[Tom Browder]

On Sat, May 28, 2022 at 20:06 IL Ka  wrote:
...

3. You should also check that Apache is running and listening to this port,
> use ``ss -lt``.
> For this command you _may_ use sudo to get process names (``sudo ss
> -ltp``). Read ``ss --help``
>
> If you were able to connect on this host, then try to connect to this
> machine from outside using public IP
>

I can ssh in to the remote host. Then I tried telnet to port 80 on the same
host from the outside with the public IP and got no good response:

$ telnet x.y.z.w 80
Trying x.y.z.w...
telnet: Unable to connect to remote host: No route to host

-Tom