Re: Weird routing issue
On Thursday 25 March 2004 14:10, Brian May wrote: > > "Michael" == Michael Loftis <[EMAIL PROTECTED]> writes: > > Michael> netstat -rn output on the box (.7?) having issues. > > # netstat -rn | grep '^192\.168\.0' > 192.168.0.0 0.0.0.0 255.255.255.0 U40 0 0 eth0 > 192.168.0.0 192.168.0.8 255.255.0.0 UG 40 0 0 eth0 > Hmmm... Actually it would have to be more complicated then that as it > seems to be sensitive to the Ethernet adaptor (or address), otherwise > it would work after changing the IP address. I had to also route via > the other system too. It must be an arp issue. Either a switch is impeding arp (via a VLAN or locking of ports or similar) or the bridging equipment is just not bridging for machines other than the one that is working. From your original email you indicated an arp response on the machine that worked (.8). Have you tried putting in a static arp entry on the machine to .5 on .7? ie: # arp -s 192.168.0.5 0:50:73:68:a4:22 See if you get any pings... t PS: a note regarding switches locking ports : sometimes switches will lock down a port if they see the IP address change, this is a security mode that is usually off by default and is only available on fairly intelligent switches. I just thought I'd raise it as it might be relevant. -- GPG: http://n12turbo.com/tarragon/public.key
Re: Weird routing issue
On Thursday 25 March 2004 14:10, Brian May wrote: > > "Michael" == Michael Loftis <[EMAIL PROTECTED]> writes: > > Michael> netstat -rn output on the box (.7?) having issues. > > # netstat -rn | grep '^192\.168\.0' > 192.168.0.0 0.0.0.0 255.255.255.0 U40 0 0 eth0 > 192.168.0.0 192.168.0.8 255.255.0.0 UG 40 0 0 eth0 > Hmmm... Actually it would have to be more complicated then that as it > seems to be sensitive to the Ethernet adaptor (or address), otherwise > it would work after changing the IP address. I had to also route via > the other system too. It must be an arp issue. Either a switch is impeding arp (via a VLAN or locking of ports or similar) or the bridging equipment is just not bridging for machines other than the one that is working. From your original email you indicated an arp response on the machine that worked (.8). Have you tried putting in a static arp entry on the machine to .5 on .7? ie: # arp -s 192.168.0.5 0:50:73:68:a4:22 See if you get any pings... t PS: a note regarding switches locking ports : sometimes switches will lock down a port if they see the IP address change, this is a security mode that is usually off by default and is only available on fairly intelligent switches. I just thought I'd raise it as it might be relevant. -- GPG: http://n12turbo.com/tarragon/public.key -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Jesus Help Me !
On Wed, 24 Mar 2004 06:36 pm, Comcast Mail wrote: > well... I am confused...I typed "Jesus help me live" & got a website.. > I only respond because I am a lost sheep..Do you understand?? ..c Y'know, if you actually go to google and type in "jesus help me", the second hit is this mailing list. Go figure. t -- GPG : http://n12turbo.com/tarragon/public.key
Re: Jesus Help Me !
On Wed, 24 Mar 2004 06:36 pm, Comcast Mail wrote: > well... I am confused...I typed "Jesus help me live" & got a website.. > I only respond because I am a lost sheep..Do you understand?? ..c Y'know, if you actually go to google and type in "jesus help me", the second hit is this mailing list. Go figure. t -- GPG : http://n12turbo.com/tarragon/public.key -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Moving Sites
On Tuesday 21 October 2003 13:43, Rod Rodolico wrote: > Stupid Question: I have about 50 web sites and a few hundred e-mail > accounts to move to a new server. New IP address, etc... Web sites are no > problem, but I do not want my clients to notice any problems with e-mail. > They have IMAP available, so many of the clients store their e-mail on the > server. > > Any ideas on how to move the e-mail accounts seamlessly. I have all their > MX records pointing to one address: mail.dailydata.net. > > I have rsync'd all the files over, and can do it again whenever, but that > won't work as they will be checking their mail on one machine while, I > assume, some might be delivered to the other, older server (I was planning > on keeping the old server up a few days in case I screw up). > > Guess is boils down to this. When I update the address of > mail.dailydata.net, it can take up to 72 hours for that change to perculate > throughout the net, so I'm assuming some places will still try to send to > the old IP and, if I leave that box on, be delivered to it. If I turn the > other box off, I'm assuming they will bounce. > > Am I creating a problem that doesn't exist? > > Thanks for any comments/help. > > Rod Put the IP address of the old site on the new mail server when you bring down the old one, and then change your DNS entry, wait three days, then drop the old IP address. Alternatively, set up a redirector on the old mail server to forward traffic to the new mail server (using 'redir' or something similar). t -- GPG: http://n12turbo.com/tarragon/public.key
Re: Moving Sites
On Tuesday 21 October 2003 13:43, Rod Rodolico wrote: > Stupid Question: I have about 50 web sites and a few hundred e-mail > accounts to move to a new server. New IP address, etc... Web sites are no > problem, but I do not want my clients to notice any problems with e-mail. > They have IMAP available, so many of the clients store their e-mail on the > server. > > Any ideas on how to move the e-mail accounts seamlessly. I have all their > MX records pointing to one address: mail.dailydata.net. > > I have rsync'd all the files over, and can do it again whenever, but that > won't work as they will be checking their mail on one machine while, I > assume, some might be delivered to the other, older server (I was planning > on keeping the old server up a few days in case I screw up). > > Guess is boils down to this. When I update the address of > mail.dailydata.net, it can take up to 72 hours for that change to perculate > throughout the net, so I'm assuming some places will still try to send to > the old IP and, if I leave that box on, be delivered to it. If I turn the > other box off, I'm assuming they will bounce. > > Am I creating a problem that doesn't exist? > > Thanks for any comments/help. > > Rod Put the IP address of the old site on the new mail server when you bring down the old one, and then change your DNS entry, wait three days, then drop the old IP address. Alternatively, set up a redirector on the old mail server to forward traffic to the new mail server (using 'redir' or something similar). t -- GPG: http://n12turbo.com/tarragon/public.key -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apt-get update failure???
On Friday 19 September 2003 14:04, Dan MacNeil wrote: > We've a couple debian systems to patch for the new sshd problems. > > On one of them that is monitored closely and patched quickly. The other is > patched less quickly. > > The system that is patched less quickly claims to be up to date but nobody > remembers patching it. There are some wierd things about file sizes & > strings on the less closely monitored system. Are we missing something? > > apt-get update; apt-get upgrade; > [snip] > 0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded. > > > I've looked (quickly) at the man pages, but am a bit short of sleep and > have probably missings some basic answers. > > Where are the logs? > > Is there a way to force a package update/re-install? > > # both systems have sources.list as: > > deb http://debian.lcs.mit.edu/debian woody main contrib non-free > deb http://http.us.debian.org/debian woody main contrib non-free > deb http://security.debian.org/ woody/updates main contrib non-free > deb http://non-us.debian.org/debian-non-US stable/non-US main contrib > non-free I'd try hashing out all except the security.debian.org lines , apt-get update ; apt-get install ssh ... and see what the outcome is. Are there any proxy servers involved with your apt access? It may be that the Release and Packages.gz is being cached from the older version. Failing that, you can grab the package manually and "dpkg -i" it, although this won't explain why you can't see the updates with apt-get. You might try using one of the mirrors and see if you get different results. As an aside, you can use the --resinstall option with apt-get to force it to reinstall a package it already considers up-to-date. re: logs - I'm not sure that apt-get actually does any logging, aptitude writes a log file though. t -- GPG: http://n12turbo.com/tarragon/public.key -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: multiple ppp connections
On Sat, 6 Sep 2003 07:36 pm, Emmanuel Lacour wrote: > On Thu, Sep 04, 2003 at 02:24:35PM +0200, Sz?ts RĂ³bert wrote: > > Does anyone know how can I put iptables firewall script onto a firewall > > where is more ppp connectoins? Expl. > > > > There is a firewall with two dsl connection the first is ppp0 the 2nd is > > the ppp1. It's clear. > > > > How can I build firewall If I do not know which dsl connection wil be the > > ppp0 or the ppp1? > > See /etc/ppp/ip-up and /etc/ppp/ip-down they give an $PPP_IFACE to > scripts you will put in ip-up.d and ip-down.d > > To be sure to get the same pppx to each connection see the parameter > "unit" for pppd. (put "unit 0" to /etc/ppp/peers/dsl-provider-0 and > "unit 1" to /etc/ppp/peers/dsl-provider-1). You can also use the PPP_IPPARAM variable set by the ip-up scripts to differentiate the connections by name, regardless of the ppp+ device it ends up using. t -- GPG : http://n12turbo.com/tarragon/public.key -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: # RE: ISP is just too fascist
On Tuesday 19 August 2003 00:45, Petrisor Eddy wrote: > I am [EMAIL PROTECTED] > > To clarify things, > present configuration is: > > MyDebianStation - (proxy server/DHCP server=ISP's Proxy) - internet > > the IP's are given dynamically according to the MAC address of each PC in > the network. > > The IP - MAC pairing is edited by hand (I saw it myself) > > The ISP's workstaion is connected respecting the same schematics, but it > has unlimited http/ftp/ access > > He is planning to make a VPN between his wks and the server in order to > protect from somebody else stealing his MAC and as a consequence his IP and > rights to the inet. > > Note that anybody that doesn't have a valid MAC address isn't given an IP > address and doesn't have access to the inet or so he says (read he = ISP).I > don't know if this is > true!!! Get a different ISP. Honestly. Anyway, the usual solution to this sort of overbearing control of your connection (that you are paying for!!) is to put in a NAT server. This way only one MAC address is seen by the ISP, and you can have as many machines behind it as you like. Yes, there are ways to tell (or make best guess) on a number of machines behind a NAT firewall, but honestly, if the guy at the ISP is doing that, then he has far too much idle time. And if he accuses you of that, change ISP. Actually, just change ISP. t -- GPG: http://n12turbo.com/tarragon/public.key -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Automatic DNS for dynamic clients?
On Mon, 7 Jul 2003 08:57 pm, Splash Tekalal wrote: > Hi folks! > > Okay here's the setup I have.. > > Right now there's a server sitting in a data center in California, > Mephitsune.. Mephitsune is running STABLE and using BIND9 for DNS and has a > static IP.. I have massive amounts of capable bandwidth, but I have a peak > I have to watch for or I'll get billed for going over my limits.. > > So my solution to hosting large files (such as my home made movies) is to > get a cable modem here at home, have it connect to a second Debian machine > (Horde) and host a private server that I can pass out the URL to friends > with.. > > At current, Mephitsune manages DNS for *.dreamchaos.net, and I want to get > horde.dreamchaos.net to point at Horde.. > > My question is, is there something I can setup between the two machines > that will have Horde automatically report it's IP to Mephitsune on a > schedule, then Mephitsune update the zone file and reload DNS? > > Any suggestions on this would be greatly helpful.. Thanks! > > - Aaron I have a similar setup. I use www.dyndns.org. I have dyndns assign my home IP to one of their free hostnames, and in my personal domain zonefile I pointed a CNAME at the one from dyndns. There's client software out there to update you IP to dyndns (I use one called ddclient). It works pretty well. t -- GPG : http://n12turbo.com/tarragon/public.key
Re: Automatic DNS for dynamic clients?
On Mon, 7 Jul 2003 08:57 pm, Splash Tekalal wrote: > Hi folks! > > Okay here's the setup I have.. > > Right now there's a server sitting in a data center in California, > Mephitsune.. Mephitsune is running STABLE and using BIND9 for DNS and has a > static IP.. I have massive amounts of capable bandwidth, but I have a peak > I have to watch for or I'll get billed for going over my limits.. > > So my solution to hosting large files (such as my home made movies) is to > get a cable modem here at home, have it connect to a second Debian machine > (Horde) and host a private server that I can pass out the URL to friends > with.. > > At current, Mephitsune manages DNS for *.dreamchaos.net, and I want to get > horde.dreamchaos.net to point at Horde.. > > My question is, is there something I can setup between the two machines > that will have Horde automatically report it's IP to Mephitsune on a > schedule, then Mephitsune update the zone file and reload DNS? > > Any suggestions on this would be greatly helpful.. Thanks! > > - Aaron I have a similar setup. I use www.dyndns.org. I have dyndns assign my home IP to one of their free hostnames, and in my personal domain zonefile I pointed a CNAME at the one from dyndns. There's client software out there to update you IP to dyndns (I use one called ddclient). It works pretty well. t -- GPG : http://n12turbo.com/tarragon/public.key -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PPTP and Firewalls
On Fri, 9 May 2003 03:16 pm, Simon Bland wrote: > I'm having some trouble setting up a PPTP VPN server behind a firewall. > > Internet - Firewall LAN (Including PPTP server) > > At the moment I'm forwarding port 1723 back to the PPTP server. I can > see the logs of the client connecting to the server, but when the server > sends it's first LCP ConfReq there is never any reply. I'm guessing > there is some sort of routing issue involved, but can't seem to get it > set up. > > The firewall and PPTP server are both running 2.4.18 kernels with iptables > and GRE tunnels set up as modules and mppe patches for the kernel and for > pppd, both are Debian stable. > > I know the VPN configs are fine as I can get it working if the VPN runs > on the firewall, but I'd really rather not have the VPN running on the > firewall if I can get around it. > > Thanks for any suggestions/help. Does the PPTP server have a real IP address, or is there some sort of NAT/DNAT/SNAT being done by the firewall? What do you see with a tcpdump on the firewall, and does the server's ConfReq actually make it to the client at all? Can the PPTP server ping the client? Have you explicitly allowed GRE traffic through the firewall? t -- GPG : http://n12turbo.com/tarragon/public.key
Re: Help een dwerg
On Fri, 2 May 2003 02:42 pm, Cameron Moore wrote: > MUAs that don't suck (or ones that just suck less[1]) have a > "reply-to-list" feature so you can reply to whoever you want to > regardless of what the stupid reply-to tag says. Funny you should mention it, KMail actually does have this option, it's just not on the default toolbar. Fixed. Thanks for the tip! (I was not intending a flame war, my apologies for venting). t -- GPG : http://n12turbo.com/tarragon/public.key
Re: Help een dwerg
On Fri, 2 May 2003 02:16 pm, Mark Lijftogt wrote: > And yet again I agree with Russel. Guess I don't say it that often.. > If I compare the amount of mails that contain a complaint (debian-isp, > security etc) with the amount of spam (or mail sent blindly).. it's a tough > call to make. Well, Russell didn't actually address the spam issue, he addressed the Reply-To issue, but anyway. > In every setup of the mailinglist you will find points that can't be > controlled by any piece of software.. we are all humans, and bound to > make mistakes one day or another, and spam is created by people who think > they can profit of it. > > And when it comes to online-games like that war game dwarf was whining > about, people do stupid things just to get attention, and hope somebody > clicks.. even if it means to sacrifice an e-mail adres/domain. > > oohwell.. I still know how to use the delete function in my mail-client, > and willing to do so for the 5 pieces a month coming from this list. Well, I've personally been running a mailing list for the last 3 years or so, and the policy on that list is that all new members are moderated. If they post one or two valid posts, then they are confirmed and they can post what they like. This has managed to stop about 95% of spam coming to the list by people who create a bogus email account, subscribe, their first message is spam, and the account is never used again. It requires a little more work by (a) moderator(s), but it works very effectively. The reply-to issue is moot, it's just a little inconvenient for me, particularly when I'm at work and trying to fire off a quick answer to someone's question - when I'm at work I'm in the mindset of "get this over and finished quickly and get it off my (mental) desk" and so I've got most things geared with this in mind. That's not to say that I'm sloppy - far from it - it's just that I don't like to clutter myself up with too many things to remember. That's just me. t -- GPG : http://n12turbo.com/tarragon/public.key
Re: Help een dwerg
On Fri, 2 May 2003 02:20 pm, Art Sackett wrote: > On Fri, May 02, 2003 at 09:00:18AM +1000, Tarragon Allen wrote: > > 8< snip >8 > > > 2) could the goddamn reply address be set to go back to the LIST rather > > than to the original sender? I don't know how many times I've clicked > > Reply, typed out a message, and only realised at the last second that > > it's going to go direct to the original sender rather than the list > > (requiring a quick jump back to the original message, click on Reply All, > > cut and paste the list address .. ). It's annoying to have to remember to > > do this every time. > > It's an interesting bit of logic, blaming the list server software for not > working around the limitations of your mail reader. I dunno... Pardon? How do you figure that? t -- GPG : http://n12turbo.com/tarragon/public.key
Re: Network monitor
On Fri, 2 May 2003 08:30 am, Ghe Rivero wrote: > Hi! > I would like to monitor a complex and heterogeneus network, but i dont > know what to use for it. It should be almost real time monitor and has > any kind of alerts (sound, sms..) Any idea? Thx > > Ghe Rivero > -- Check out Netsaint (in stable) or Nagios (in unstable). They are the same product, btw, Netsaint has been renamed to Nagios recently. t -- GPG : http://n12turbo.com/tarragon/public.key
Re: Re making routes permanent
On Thu, 1 May 2003 10:44 am, Craig Sanders wrote: > unless you want to use a routing daemon like zebra (which is overkill for > this job), look at the man page for interfaces(5), the "up" command is > probably what you want. > > e.g. something like this in /etc/network/interfaces: > > iface eth0 inet static > address x.x.x.x > netmask 255.255.255.0 > broadcast x.x.x.255 > up route add -net y.y.y.y gw z.z.z.z > up route add -net a.a.a.a gw z.z.z.z And you should really put corresponding "route del"s in there too, otherwise you could end up with duplicated routes and all sorts of funniness if your IP is changing a bit (not too likely, but better to be neat than sorry). Something like : down route del -net y.y.y.y gw z.z.z.z down route del -net a.a.a.a gw z.z.z.z etc... t -- GPG : http://n12turbo.com/tarragon/public.key
Re: Help een dwerg
On Thu, 1 May 2003 10:05 pm, Mark Lijftogt wrote: > The translations: "help my online army grow, I am a little dwarf, so help > me quick. click *on-url*. Join up with me and my army.". > > Cute :-) (but it's wrong). [Spam/Whatever it was SNIPped] Just wondering a couple of things about the management of this (and the other) debian lists: 1) has any thought been put in place to moderate all posts from non-subscribers and new subscribers? It will add a little bit of management time but would cut out a huge amount of the spam this list receives (hell, I've only been on here about a week and I've received 7 or 8 spams through this and other lists). 2) could the goddamn reply address be set to go back to the LIST rather than to the original sender? I don't know how many times I've clicked Reply, typed out a message, and only realised at the last second that it's going to go direct to the original sender rather than the list (requiring a quick jump back to the original message, click on Reply All, cut and paste the list address .. ). It's annoying to have to remember to do this every time. t -- GPG : http://n12turbo.com/tarragon/public.key
Re: exim 4 on woody PLEAESE HELP
On Thu, 1 May 2003 02:18 am, [EMAIL PROTECTED] wrote: > I get the following errors when compiling exim this seems to indecate a > missing library. > > make[1]: *** [exim_dumpdb.o] Error 1 > make[1]: Leaving directory > '/home/installs/exim/exim-4.14/build-Linux-i386' > make: *** [go] Error 2 > > could you also give me an idea on how to find out wich libraries it's > looking for when i get these errors, so i can resolve them my self. That error message isn't terribly informative. Was there any output just above it? Usually that's where the breakdown is, and you can check the gcc command line it was using to see what libraries it was trying to load.. t -- GPG : http://n12turbo.com/tarragon/public.key
Re: large files
On Fri, 25 Apr 2003 07:43 am, David Bishop wrote: > I have a user that really like to create files. Then, they don't clean > them up. We have already put a quota* on them, but unfortunetly, their > directory is so large and convaluted, that they can't even figure out where > all the disk space has gone. Is there a sane way to generate a report > showing the disk usage from a certain point on down, sorted by size? Heres > kinda what I mean: for a standard user, I would just run > 'du /u/foo | sort -n | tail -20', and tell them to clean up whatever is > there. However, I've let a du | sort -n run on this directory for over four > hours, before giving up in disgust. It is almost 100Gigs of files, with at > least four or five directories that have 20K to 30K+ files each (plus > hundreds of other subdirs). *And*, it's on a filer, so there are .snapshot > directories that du thinks it has to plow through, quintupling the amount > of work. I'd also like to make this into a weekly report, so that they > can make it part of their Friday routine (let's go delete 10 gigs of data! > Woohoo!). > > Ideas? Other than killing them, of course, no matter how tempting that > is... > > *100Gigs! I'd play with the --max-depth settings on du, this will allow you to limit the output a bit, however it will still have to run over the entire directory tree to count it. Failing that, if you suspect it's some really big files taking up the room then a find with -size +1000k or similar might be your friend. t -- GPG : http://n12turbo.com/tarragon/public.key
Re: route to/from xover box
On Fri, 25 Apr 2003 01:04 am, Mark Constable wrote: > Not strictly Debian related but the boxes in question are deb powered. > I have just been given a /28 (16 node) subnet and until I get a switch > in place I have a short xover eth cable between two boxes. I thought I > could get away with a couple of static routes in the mean time but the > upstream default gateway on the first box keeps arping for the IP on > the 2nd box... subnet is x.x.x.144/28 ... > > x.x.x.145 <-> eth0:x.x.x.146 eth1:x.x.x.147 <-xover-> eth0:x.x.x.158 > > Any suggestions as to how x.x.x.158 can see the outside world ? Well, the gateway is ARPing for x.158 because it thinks it's on the same network, which it isn't. Three suggestions : 1) reconfigure the gateway with a static route to x.158 through x.147. 2) configure ethernet bridging on x.147 through to x.158. 3) use a different subnet for the x.158 box. Of course this will require the gateway to be reconfigured as well. Depending on what the x.158 machine needs to do, it might be easier to give it a private IP address and NAT it through the x.147 machine instead. t -- GPG : http://n12turbo.com/tarragon/public.key
