Re: [arch-general] nftables partially broken after kernel update to 4.16.9
On Tue, May 22, 2018 at 10:43:36AM +0100, Ralph Corderoy wrote: > https://www.archlinux.org/packages/extra/x86_64/nftables/ says > Flagged out-of-date on 2018-05-11 > Version 1:0.8.5-1 in testing > so perhaps that new version would help? I'm happy to report that after updating to the latest version of linux kernel and nftables, the problem is resolved. Regards.
Re: [arch-general] nftables partially broken after kernel update to 4.16.9
On Tue, May 22, 2018 at 08:58:47AM +0200, David Runge wrote: > Does only the nft command fail, or does it work, when it's in a > configuration file? Only the nft command fails, it seems. I guess I'll wait for the latest in the test repo and see what happens. Regards.
[arch-general] nftables partially broken after kernel update to 4.16.9
Hi all,
I just updated one of my computer to 4.16.9. After update, the following
nft commands will not work:
nft add table ip nat <--- this one works without error
nft add chain ip nat prerouting { type nat hook prerouting priority 0
\; }
^
This will give me the following error message:
Could not process rule: Device or resource busy.
However, the default simple firewall still works. I have another
computer that is still on 4.16.8, and the example above works; further,
switching back to a lts kernel (4.14.41) also works.
Any help is appreciated. Thanks.
Re: [arch-general] mdmonitor.service failed to start
> But the new problem is: Why this service automatically start? I never > manually enabled mdmonitor, and I cannot find its link in > /etc/systemd/system/ . OK, it seems that the unit is somehow a dependence for some other units: $ systemctl is-enabled mdmonitor static And I just masked that service to force prevent it from auto start. Problem 'solved'. Regards.
Re: [arch-general] mdmonitor.service failed to start
Ah, I found the problem: I never configured an email address in /etc/mdadm.conf But the new problem is: Why this service automatically start? I never manually enabled mdmonitor, and I cannot find its link in /etc/systemd/system/ . Regards.
Re: [arch-general] mdmonitor.service failed to start
On Mon, Jun 23, 2014 at 09:57:46AM -0500, Sander Jansen wrote: > I don't think the service failed to start, The ExecStartPre starts with an > -, so it's allowed to fail to start that script, but unit isn't considered > failed: > > mdmonitor.service - MD array monitor >Loaded: loaded (/usr/lib/systemd/system/mdmonitor.service; static) >Active: active (running) since Wed 2014-06-18 13:43:41 CDT; 4 days ago > Process: 266 ExecStartPre=/usr/lib/systemd/scripts/mdadm_env.sh > (code=exited, status=203/EXEC) > > I think systemd is just overeagerly reporting errors here. Then again, > mdadm is a bit weird here, since it only installs mdadm_env.sh on SUSE > systems, yet didn't bother shipping a different service file for it. It appears that the main process actually failed: Process: 234 ExecStart=/sbin/mdadm --monitor $MDADM_MONITOR_ARGS (code=exited, status=1/FAILURE) Process: 228 ExecStartPre=/usr/lib/systemd/scripts/mdadm_env.sh (code=exited, status=203/EXEC) Main PID: 234 (code=exited, status=1/FAILURE) However, I grep'ed all log files, and I did not find anything contains 'mdadm' Regards.
[arch-general] mdmonitor.service failed to start
Hi, I noticed that my mdmonitor.service failed to start with the following error message: Failed at step EXEC spawning /usr/lib/systemd/scripts/mdadm_env.sh: No such file or directory My mdadm package version is 3.3.1-2. Should I create such a script on my own? Regards.
Re: [arch-general] systemd start a daemon after the Internet connection is established
On Sun, Sep 08, 2013 at 07:27:34PM +0200, Lukas Jirkovsky wrote: > On 8 September 2013 18:37, Bill Sun wrote: > > When the server is connected to the Internet, this service file can > > launch the proxy successfully, but it doesn't work on system startup, > > supposedly due to the lack of an connection with Internet access. So I > > need systemd to make sure the connect has been established before it > > launch this daemon. > > > > Regards. > > Try network-online.target instead of network.target. No. It still doesn't work. I don't use NetworkManger, so my assumption is that the network-online.target does not exist at all. (Seems that `systemctl list-units` confirms that.) I use dhcpcd@%i to get an ip address from my router. Though the dhcpcd does start before my proxy daemon, the proxy daemon fails before the dhcpcd get an address. So how to write another systemd unit to make sure the Internet connect is established? (maybe a bash script with ping, then checking the exit code? But how to write that systemd unit?) Regards.
[arch-general] systemd start a daemon after the Internet connection is established
Hi, I have a web proxy that can only initiate itself online, otherwise it would exit with an error. To daemonize that proxy, I wrote the following systemd service file: [Unit] Description=A Proxy Server After=network.target [Service] Type=simple ExecStart=/srv/proxy/aproxy/bin/main [Install] WantedBy=multi-user.target When the server is connected to the Internet, this service file can launch the proxy successfully, but it doesn't work on system startup, supposedly due to the lack of an connection with Internet access. So I need systemd to make sure the connect has been established before it launch this daemon. Regards.
[arch-general] BAT1: Unable to dock after suspend to RAM
Hi,
I noticed there's alway an 'Unable to dock' error message after suspend
to RAM:
PM: Saving platform NVS memory
Disabling non-boot CPUs ...
smpboot: CPU 1 is now offline
smpboot: CPU 2 is now offline
smpboot: CPU 3 is now offline
Extended CMOS year: 2000
ACPI: Low-level resume complete
PM: Restoring platform NVS memory
Extended CMOS year: 2000
Enabling non-boot CPUs ...
smpboot: Booting Node 0 Processor 1 APIC 0x1
Disabled fast string operations
CPU1 is up
smpboot: Booting Node 0 Processor 2 APIC 0x2
Disabled fast string operations
CPU2 is up
smpboot: Booting Node 0 Processor 3 APIC 0x3
Disabled fast string operations
CPU3 is up
ACPI: Waking up from system sleep state S3
ACPI: \_SB_.PCI0.LPC_.EC__.BAT1: docking
ACPI: \_SB_.PCI0.LPC_.EC__.BAT1: Unable to dock!
System info:
ThinkPad X220, Linux 3.8.6 (ARCH), systemd 201-1, 1.4.1-5
I have tried to set Handle{SuspendKey,HibernateKey,LidSwitch} all to
ignore, but I still get the same error message. Any other solution to
make that message disappear?
Regards.
Re: [arch-general] Forward all PPTP VPN packets to another proxy?
On Sat, Mar 23, 2013 at 08:30:10PM +0800, Hexchain Tong wrote: > On Sat, Mar 23, 2013 at 2:39 PM, Bill Sun wrote: > > > > I'm thinking about running a http server that handles all the > > authentication for Server 2 (such as dante?), then forward all packets > > to that server (running in Server 1). But I don't know how to write > > corresponding iptables rules. So how to write such rules? > > You need to setup another proxy on Server 1. Take squid for example, > in squid.conf, set upstream server using cache_peer and authentication > parameters (please refer to squid manual because I don't know how to > do it :-P ), and set a port that handles intercepted traffic (or it > won't work!): > > http_port intercept > > and insert the following iptables rule: > > iptables -t nat -A PREROUTING -s -p tcp --dport 80 > -j REDIRECT --to-port Great! It works! But I need to add an additional iptables rule: iptables -t nat -A POSTROUTING -j ACCEPT Regards.
[arch-general] Forward all PPTP VPN packets to another proxy?
Hi,
Currently I have a arch linux server running PPTP VPN (for iOS devices
only), and I forward all PPTP VPN packets to local eth0:
iptables -A POSTROUTING -s -o eth0 -j MASQUERADE
Now I got a external proxy, and I want all the traffic currently through
the PPTP VPN then through that extenal proxy (it's a http proxy, and
requires authentication). If my description is confusing, please consult
this chart:
iOS --> Server 1 (PPTP VPN) --> Server 2 (http proxy, authentication
required) --> Web
Server {1,2} both have dedicated external IP address. I have root
permission for Server 1, and nothing for Server 2 (except for the http
proxy account).
I'm thinking about running a http server that handles all the
authentication for Server 2 (such as dante?), then forward all packets
to that server (running in Server 1). But I don't know how to write
corresponding iptables rules. So how to write such rules?
Regards.
Re: [arch-general] rEFInd 0.6.4 + linux 3.7.2-1 fail to boot
On Mon, Jan 14, 2013 at 11:33:56PM -0200, André Vitor de Lima Matos wrote: > > Em 14-01-2013 18:39, Dave Reisner escreveu: > > Oh the irony... Please subscribe to arch-dev-public if you're going to > > continue to use the testing repository: > > > > https://mailman.archlinux.org/pipermail/arch-dev-public/2013-January/024260.html > Hi, Dave. Thanks for the fast reply. > If you are talking about file-5.12 problem, as I said, initrd (a.k.a. > initramfs) was built properly, since I had downgraded to file 5.11 > previously. And I'm subscribed and following discussions in > arch-dev-public. My problem persist, preventing me from upgrade to linux > 3.7.2. Any ideas? Just a thought: Did you forget to copy the generated kernel image of the 3.7.2 to the EFI partition? Regards.
Re: [arch-general] VPS can't access after update filesystem?
On Sun, Jun 17, 2012 at 09:19:43PM +0800, Bill Sun wrote: > Problem solved. Thanks. I probably should put a more comprehensive solution here. I consulted the 'Xen' [1] entry in archwiki, and add: MODULES="xen-blkfront xen-fbfront xenfs xen-netfront xen-kbdfront" to '/etc/mkinitcpio.conf' then regenerated the initramfs image. Problem solved. [1]: https://wiki.archlinux.org/index.php/Xen Regards.
Re: [arch-general] VPS can't access after update filesystem?
On Wed, Jun 13, 2012 at 04:29:44PM -0700, Kevin Arthur wrote: > Looks like your initramfs got borked when you updated the kernel. Make > sure to read the recent news article [1] about systemd-tools replacing > udev (and maybe the last question in the troubleshooting section of the > pacman wiki page [2]), and be sure to run this after updating (but > before rebooting): > > # mkinitcpio -p linux > > [1] http://www.archlinux.org/news/systemd-tools-replaces-udev/ > [2] https://wiki.archlinux.org/index.php/Pacman#Troubleshooting > Problem solved. Thanks.
Re: [arch-general] VPS can't access after update filesystem?
I got the error message: ERROR: device '/dev/xvda1' not found. Skipping fsck. ERROR: Unable to find root device '/dev/xvda1'. You are being dropped to a recovery shell Type 'exit' to try and continue booting sh: can't access tty; job control turned off Regards
Re: [arch-general] VPS can't access after update filesystem?
On Tue, Jun 12, 2012 at 05:43:52PM +0200, Tom Gundersen wrote: > Did you follow the instructions in the news item? > > One thing to try would be "pacman -Syu --ignore filesystem", reboot Can't do that. Because 'kernel26-lts' needed to be replaced by 'linux- lts', if I don't update 'filesystem', then pacman won't update anything due to some dependency errors. I updated 'pacman' first, then force updated 'filesystem', and reboot. VPS worked fine. After a system update (pacman -Syu), the VPS is dead, again. > and check if your server still works, and only then upgrade > filesestem. At least that will tell you what the culprit is. > > -t
[arch-general] VPS can't access after update filesystem?
Hi, I rent a VPS from a not-so-famous provider, and they use XEN. After I updated my system on Jun 10 (I update my system every Sundays), My VPS seems dead. I can't ssh to it, I can't ping to it, I can't do anything to it. I don't get any error message from the SolusVM control panel---it says: 'online' The service of my provider is not that good, so I really don't get any useful info from them. I re-installed the OS (they provide Archlinux-2011.7-x86-64), and the VPS is accessible again. But after I update that new system, The VPS stopped working, same as above. All I know is that update includes 'filesystem' package. So I suspect the updated 'filesystem' package is the culprit. Maybe the 'init' process encountered some errors. No error log (probably won't get anything anyway), so... Again, VPS provider info: Supervisor (is that right?): XEN Control panel: SolusVM System: Archlinux-2011.7-x86-64 Regards.
Re: [arch-general] Is fcitx must executed under a chinese locale?
On Tue, May 15, 2012 at 09:22:41PM -0400, adrian sun wrote: > Yaaa, thanks i solved this problem. Just specified xim for english locale > under gtk module file. Hmm...Maybe you don't have to manually edit /etc/gtk-2.0/gtk.immodules, specifying xim for english locale. You just need to install fcitx- gtk2/3, AND add the following line to your .xinitrc: export GTK_IM_MODULE=fcitx It seems that the Archwiki fcitx entry (Simplified Chinese version) is out-of-date. You could consult the English version. Cheers.
Re: [arch-general] Is fcitx must executed under a chinese locale?
On Tue, May 15, 2012 at 12:36:42AM -0400, adrian sun wrote: > Oh. Thanks! > I also check some wikis, I don't know why only firefox and chromium cannot > use fcitx. All other applications works well with fcitx. > Install 'fcitx-gtk2' and/or 'fcitx-gtk3'. Cheers.
Re: [arch-general] Google Voice through iptables?
On Thu, Apr 26, 2012 at 10:28:00AM -0500, Leonid Isaev wrote: > On Thu, 26 Apr 2012 10:56:47 +0800 > Bill Sun wrote: > > So... does your GV work now? Yes! (Oops, I forgot to mention that...) Thanks.
Re: [arch-general] Google Voice through iptables?
On Wed, Apr 25, 2012 at 12:35:46PM -0500, Leonid Isaev wrote: > Assuming you are running a desktop machine, why would you want to DROP by > default all outgoing traffic? AFAICT google voice app makes you browser > establish some UDP connecyions + https. So here are few observations regarding > your ruleset: > 1. Default policy for OUTPUT should be ACCEPT and all following OUTPUT > rules should be removed. Also, default DROP policy for INPUT is just impolite > -- use REJECT instead. > 2. Unless you have a good understanding of ICMP (which is way more than ping), > all icmp should be allowed (please don't tell me about pings of death or DoS > because of ping floods). Good points. I've made changes regarding to your instruction. > 3. You really have to start differentiating between NEW and other connections. >
[arch-general] Google Voice through iptables?
Hi, I just tried to use google voice to contact someone, after 2 'dialing sounds', I couldn't hear anything. After I stopped iptables, I can make phone calls via google voice successfully. I searched the web, and found 2 possible solutions: [1] and [2]. Then I added iptables rules according to their instructions, but none of them worked. Also, I noticed that my browser just kept trying to receive/send data to relay.google.com (Waiting for relay.google.com) How to configure iptables so I can use google voice with iptables enabled? [1]: http://support.google.com/talk/bin/answer.py?hl=en&answer=27930 [2]: http://juberti.blogspot.com/2010/08/google-voice-and-video-enterprise.html (see attachment for my iptables.rules) Regards, Bill *filter -P INPUT DROP -P OUTPUT DROP -P FORWARD DROP -A INPUT -i lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A INPUT -p icmp --icmp-type echo-request -j ACCEPT -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT -A INPUT -p udp --sport 53 -j ACCEPT -A OUTPUT -p udp --dport 53 -j ACCEPT -A INPUT -p tcp --sport 22 -j ACCEPT -A OUTPUT -p tcp --dport 22 -j ACCEPT # ftp MUST die! -A INPUT -p tcp -m multiport --sports 20,21 -j ACCEPT -A OUTPUT -p tcp -m multiport --dports 20,21 -j ACCEPT -A INPUT -p tcp -m state --state ESTABLISHED --sport 1024: --dport 1024: -j ACCEPT -A OUTPUT -p tcp -m state --state ESTABLISHED,RELATED --sport 1024: --dport 1024: -j ACCEPT # HTTP & HTTPS -A INPUT -p tcp -m multiport --sports 80,443 -j ACCEPT -A OUTPUT -p tcp -m multiport --dports 80,443 -j ACCEPT # NTP -A INPUT -p udp --sport 123 -j ACCEPT -A OUTPUT -p udp --dport 123 -j ACCEPT # GIT -A INPUT -p tcp --sport 9418 -j ACCEPT -A OUTPUT -p tcp --dport 9418 -j ACCEPT # POP3/S -A INPUT -p tcp --sport 110 -j ACCEPT -A OUTPUT -p tcp --dport 110 -j ACCEPT -A INPUT -p tcp --sport 995 -j ACCEPT -A OUTPUT -p tcp --dport 995 -j ACCEPT # Gmail -A INPUT -p tcp --sport 587 -j ACCEPT -A OUTPUT -p tcp --dport 587 -j ACCEPT # Google Voice (not working) -A INPUT -p udp --sport 19295 -j ACCEPT -A OUTPUT -p udp --dport 19302 -j ACCEPT -A INPUT -p udp --sport 19295 -j ACCEPT -A OUTPUT -p udp --dport 19302 -j ACCEPT COMMIT
Re: [arch-general] How to set grub2 resolution to 1366x768
On Tue, Feb 21, 2012 at 10:02:37AM -0500, Calvin Morrison wrote: > > This whole thing is strange. I am running ubuntu/arch/win7 with grub2 and > everything works perfectly. I am running an X220 as well with the intel > sandy bridge. Is there a spot where this is set in my grub.cfg? If i could > pinpoint this I can paste it here. > Are you using `grub2-efi-*`? Currently I'm using `grub2-bios`. Maybe I can get correct resolution report if I switch to that `efi` version (though It does require some extra work) > Calvin
Re: [arch-general] How to set grub2 resolution to 1366x768
Hi, According your posts, should I file a bug report directly to lenovo? Regards, Bill
Re: [arch-general] How to set grub2 resolution to 1366x768
On Tue, Feb 21, 2012 at 05:51:29AM +0100, Ralf Mardorf wrote: > Did you check by running "sudo hwinfo --framebuffer" too? It shouldn't > differ, but perhaps there's something fishy with vbeinfo. I just checked `sudo hwinfo --framebuffer`, the attachment below is the result. Cheers, Bill 02: None 00.0: 11001 VESA Framebuffer [Created at bios.459] Unique ID: rdCR.ku_DuSHewh1 Hardware Class: framebuffer Model: "Intel(R)Sandybridge Mobile Graphics Controller" Vendor: "Intel Corporation" Device: "Intel(R)Sandybridge Mobile Graphics Controller" SubVendor: "Intel(R)Sandybridge Mobile Graphics Chipset Accelerated VGA BIOS" SubDevice: Revision: "Hardware Version 0.0" Memory Size: 63 MB + 960 kB Memory Range: 0xe000-0xe3fe (rw) Mode 0x0360: 768x480 (+768), 8 bits Mode 0x0361: 768x480 (+1536), 16 bits Mode 0x0362: 768x480 (+3072), 24 bits Mode 0x0363: 960x600 (+960), 8 bits Mode 0x0364: 960x600 (+1920), 16 bits Mode 0x0365: 960x600 (+3840), 24 bits Mode 0x0305: 1024x768 (+1024), 8 bits Mode 0x0317: 1024x768 (+2048), 16 bits Mode 0x0318: 1024x768 (+4096), 24 bits Mode 0x0312: 640x480 (+2560), 24 bits Mode 0x0314: 800x600 (+1600), 16 bits Mode 0x0315: 800x600 (+3200), 24 bits Mode 0x0301: 640x480 (+640), 8 bits Mode 0x0303: 800x600 (+832), 8 bits Mode 0x0311: 640x480 (+1280), 16 bits Config Status: cfg=new, avail=yes, need=no, active=unknown
Re: [arch-general] How to set grub2 resolution to 1366x768
Hi, @Keshav P R: I tried: set gfxmode="1366x768;auto" It didn't give me a 1366x768 console; instead, grub2 just gave me a 1024x768 console. @Thomas Courbon: Yes, I just tried the 'auto' parameter, and, indeed, it didn't change anything. I just update my BIOS to the latest version---1.2.6, and it didn't change anything. Maybe It's my BIOS's fault. @Ralf Mardorf: According to `vbeinfo` under grub2, the maximum resolution my laptop (or my laptop's BIOS, I have no idea about this) supports is 1024x768. However, in Linux, I got a 1366x768 console by default (without further configuration). That's why I am thinking about insert some modules into grub2 and it may give me a proper console resolution. Regards, Bill
[arch-general] How to set grub2 resolution to 1366x768
Hi, I want to have a 1366x768 resolution for grub2. Unfortunately, `vbeinfo` shows that my computer doesn't support that resolution (up to 960x640/1024x768). So, can I load some additional modules for grub2 so that it can support 1366x786 resolution in my computer? I tried to do the following steps in grub2 command line: 1) insmod 915resolution 2) 915resolution 5c 1366 786 After step2, grub2 command line became completely black and unresponsive. I had to press the power button to force halt my machine. System information: Archlinux x86_64 grub2-common 1.99 grub2-bios 1.99 Thinkpad X220 (with Intel Sandy Bridge CPU graphic card) Regards
