Re: Homebuilt NAS: System Drive Filesystem?

2020-08-24 Thread Andrei POPESCU 
On Lu, 24 aug 20, 09:26:57, Patrick Bartek wrote:
> 
> Since F2FS is not supported directly for an install, one would have to
> convert to it after or configure the flash drive with another computer
> before the install. I don't know if it is worth the time to do so.
> EXT4 without journaling would be easier.

The journal is written to only if the filesystem is written to as well.  

Without having any other data than my own, admittedly limited, 
experience[1] it doesn't seem worth disabling the journal, it is only 
written when the filesystem is written to as well anyway.

[1] all my current systems are running from SD cards, with the only 
optimisation being to not configure any swap.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Cannot see a process listening on 127.0.0.1

2020-08-24 Thread Victor Sudakov 
Andy Smith wrote:
> 
> On Thu, Aug 20, 2020 at 12:09:03PM +0700, Victor Sudakov wrote:
> > There is a process listening on 127.0.0.1:8081 but for some reason
> > netstat/sockstat/ss do not show it listening on IPv4. Is this a bug or a
> > feature?
> 
> I think it's listening on an IPv4-mapped IPv6 address so it can
> accept either v4 or v6. Does this answer your question?
> 
> 
> https://unix.stackexchange.com/questions/152612/netstat-why-are-ipv4-daemons-listening-to-ports-listed-only-in-a-inet6
> 
> Daemons that want to receive connections will do the equivalent of:
> 
> bind(address, port)
> 
> The address will determine the interface and whether it is v4 or v6
> or whatever. If they instead do:
> 
> bind(INADDR_ANY, port)
> 
> then this will bind to every interface whether it's v4 or v6 and the
> daemon will get udp6 or tcp6 sockets that can from fromn/to a v4 address.

Thank you, Andy, that explains it. 

It's different in *BSD which got me confused. In *BSD, even if you bind
to INADDR_ANY, you'll see something like this in sockstat output:

root dovecot39601 21 tcp4   *:110 *:*
root dovecot39601 22 tcp6   *:110 *:*
root dovecot39601 23 tcp4   *:995 *:*
root dovecot39601 24 tcp6   *:995 *:*

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/


signature.asc
Description: PGP signature

Re: Continuing problem with malfunctioning USB 3 port

2020-08-24 Thread David Christensen 

On 2020-08-24 10:49, Mick Ab wrote:

I am still struggling to solve the problem with the malfunctioning USB 3
port on a desktop running Debian.

I would be very grateful if someone could please give useful answers to the
following questions :-

(1) Can the desktop be safely rebooted, if needed, given the USB 3 problem?


If your desktop cannot be safely rebooted, the USB ports are the least 
of your worries.




(2) Can the USB 3 problem be fixed in some way or is the port now
permanently unavailable?


That depends upon your hardware, your operating system, your software, 
and/or your definition of "fixed".




(3) If the USB 3 port is unavailable, can the new portable hard drive be
used to do a back-up of the system from the USB 2 port currently occupied
by a card reader or is there any risk the card reader will be messed up
again afterwards ?

  (On a previous occasion, a portable hard drive was plugged into this
USB 2 port in place of the card reader. The system issued a message
indicating the port was busy. The card reader was plugged back into the USB
2 port and it was then found that a card inserted into the card reader
could not be mounted).


Power down the computer.  Disconnect everything except the keyboard, 
mouse, monitor, and network cable.  Boot the computer.



Connect one device at a time and test it thoroughly.  Repeat for all 
devices.



Post if you have problems.  Please run the following commands and post 
the console session -- prompt, command entered, output obtained:


# cat /etc/debian_version ; uname -a

# lsusb

# dmesg | grep usb


David

Re: Homebuilt NAS: System Drive Filesystem?

2020-08-24 Thread David Christensen 

On 2020-08-24 02:40, Jonathan Dowland wrote:

On Fri, Aug 21, 2020 at 09:02:05PM -0700, Patrick Bartek wrote:

Opinions?  Suggestions?  Recommendations?



But I'd also avoid trying to run / on a flash drive. I just use a
logical volume on my NAS storage for the OS. I can't see a reason not
to.


I find it is easier to administer computers when the operating system is 
on one device/RAID and the data is on another device/RAID (or several, 
one for each subgroup of data) -- e.g. "separation of concerns".



David

Re: stretch vs iptables auto-start

2020-08-24 Thread Gene Heskett 
On Monday 24 August 2020 17:03:13 Andrew Cater wrote:

> Start here perhaps? https://wiki.debian.org/nftables
>
> It should be relatively straightforward to move backward and forwards.
> Working as a systemd service means that it will start automatically if
> you're using systemd.
>
> [When in doubt, check the Debian wiki for a topic - if that's no good,
> have a quick look at the Arch Linux wiki - as folk who build from
> source, they're good at documenting how things work.
>
> All best, as ever,
>
> Andy C.

As always. good advice, thanks Andy.

> On Mon, Aug 24, 2020 at 8:15 PM deloptes  wrote:
> > Gene Heskett wrote:
> > > At the present time I have around 80 rules, all designed to deny
> > > the network spiders and bots that think they have to mirror my
> > > several giga-byte site, 2 or 3 times a day.  And that was eating
> > > up my bandwidth allocation on a slow net connection.
> > >
> > > Is there a tut someplace to guide one in converting from iptables
> > > to this newer nftables? I'm assumeing its a similar utility.
> >
> > Sure, but I have not looked into ... I only read there will be a
> > couple of years transition period and somehow a compatibility layer
> > is or can be used.
> >
> > Perhaps someone more in this can gives us a detail or a hint to a
> > good tutorial


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page

Re: stretch vs iptables auto-start

2020-08-24 Thread Andrew Cater 
Start here perhaps? https://wiki.debian.org/nftables

It should be relatively straightforward to move backward and forwards.
Working as a systemd service means that it will start automatically if
you're using systemd.

[When in doubt, check the Debian wiki for a topic - if that's no good, have
a quick look at the Arch Linux wiki - as folk who build from source,
they're good at documenting how things work.

All best, as ever,

Andy C.

On Mon, Aug 24, 2020 at 8:15 PM deloptes  wrote:

> Gene Heskett wrote:
>
> > At the present time I have around 80 rules, all designed to deny the
> > network spiders and bots that think they have to mirror my several
> > giga-byte site, 2 or 3 times a day.  And that was eating up my bandwidth
> > allocation on a slow net connection.
> >
> > Is there a tut someplace to guide one in converting from iptables to this
> > newer nftables? I'm assumeing its a similar utility.
>
> Sure, but I have not looked into ... I only read there will be a couple of
> years transition period and somehow a compatibility layer is or can be
> used.
>
> Perhaps someone more in this can gives us a detail or a hint to a good
> tutorial
>
>

Re: stretch vs iptables auto-start

2020-08-24 Thread deloptes 
Gene Heskett wrote:

> At the present time I have around 80 rules, all designed to deny the
> network spiders and bots that think they have to mirror my several
> giga-byte site, 2 or 3 times a day.  And that was eating up my bandwidth
> allocation on a slow net connection.
> 
> Is there a tut someplace to guide one in converting from iptables to this
> newer nftables? I'm assumeing its a similar utility.

Sure, but I have not looked into ... I only read there will be a couple of
years transition period and somehow a compatibility layer is or can be
used.

Perhaps someone more in this can gives us a detail or a hint to a good
tutorial

Re: In network bonding second nic (eth1) is not pingable while first one (eth0) is always pingable"

2020-08-24 Thread deloptes 
Jaikumar Sharma wrote:

> For my tests on Cisco switch  at office (without any changes on
> switch) and using bonding in  "active-backup" mode, I can ping the
> active interface using bond0 IP after plugging out the network cable
> of the cable of active interface.
> Only catch was all interfaces must be on same VLAN - problem was found
> that one of the interface was in different VLAN and that is why ping
> was failing - I asked my IT guy to put all interfaces in same VLAN and
> everything worked like charm

active-backup does not require specific configuration on the switch but of
course you have to have the same VLAN on all ports same as in the bond on
the server. But again it is not LACP (mode4). LACP requires configuration
on both ends (LAG) and has the advantage that it negotiates the active
interface. In the case only one link is active. If it fails the other takes
over and both devices are notified.

Continuing problem with malfunctioning USB 3 port

2020-08-24 Thread Mick Ab 
I am still struggling to solve the problem with the malfunctioning USB 3
port on a desktop running Debian.

I would be very grateful if someone could please give useful answers to the
following questions :-

(1) Can the desktop be safely rebooted, if needed, given the USB 3 problem?

(2) Can the USB 3 problem be fixed in some way or is the port now
permanently unavailable?

(3) If the USB 3 port is unavailable, can the new portable hard drive be
used to do a back-up of the system from the USB 2 port currently occupied
by a card reader or is there any risk the card reader will be messed up
again afterwards ?

 (On a previous occasion, a portable hard drive was plugged into this
USB 2 port in place of the card reader. The system issued a message
indicating the port was busy. The card reader was plugged back into the USB
2 port and it was then found that a card inserted into the card reader
could not be mounted).

Re: Homebuilt NAS: System Drive Filesystem?

2020-08-24 Thread Patrick Bartek 
On Mon, 24 Aug 2020 10:40:30 +0100
Jonathan Dowland  wrote:

> On Fri, Aug 21, 2020 at 09:02:05PM -0700, Patrick Bartek wrote:
> >Opinions?  Suggestions?  Recommendations?  
> 
> If I were doing this, I would remount / as read-only after boot, see
> what complains, and make adjustments to either stop those processes
> writing, or redirect where they write to (such as mounting something
> else over /var/log, or disabling logging, or disabling cron jobs for
> services I don't really need, etc)

Some good suggestions.  Although, I'm not sure which ones would be
practical or even possible.  Have to do a default install to see how
things get set up.

> I've never used F2FS, I did read a bit about it when it was first
> announced. It's had several decades less battle-hardening than plain
> old ext4, so I'd personally be inclined to avoid it.

Since F2FS is not supported directly for an install, one would have to
convert to it after or configure the flash drive with another computer
before the install. I don't know if it is worth the time to do so.
EXT4 without journaling would be easier.

> But I'd also avoid trying to run / on a flash drive. I just use a
> logical volume on my NAS storage for the OS. I can't see a reason not
> to.

Of the three or four dedicated NAS software packages I've looked at,
all require installing the OS, etc. on its own dedicated drive and NOT
on a drive DATA will be stored on.  Although, I'm sure there's a hack to
do otherwise. On this old box I'm using, it does have an IDE port
(Master and Slave), so I could use that instead of a flash drive, but I
don't have any IDE drives anymore.

Thanks for the input.

B

Fwd: troubles with mpt3sas module on a very recent Dell server

2020-08-24 Thread Patrice Duroux 
Sorry, I should have reply to the list.

-- Message transféré --
De : *Patrice Duroux* 
Date : dimanche 23 août 2020
Objet : troubles with mpt3sas module on a very recent Dell server
À : Dan Ritter 


Sorry, I do not have an access to it neither, just its «free» part.

Here are results (OCR text conversion of iDRAC console screenshots) taken
from 2 grep in dmesg output :

1. grep 'mpt3sas'
[ 3.428945] mpt3sas_cm0: 63 BIT PCI BUS DMA ADDRESSING SUPPORTED, total mem
(131514432 kB)
[ 3.478646] mpt3sas_cm0: CurrentHostPageSize is 0: Setting default host
page size to 4k
[ 3.478665] mpt3sas_cm0: MSI-X vectors supported: 96
[ 3.478668] mpt3sas_cm0: 0 96
[ 3.482719] mpt3sas_cm0: High IOPs queues : disabled
[ 3.482855] mpt3sas_cm0: iomem(0xa550),
mapped(0xb287487d), size(65536)
[ 3.462857] mpt3sas_cm0: ioport(0x6000), size(256)
[ 3.537408] mot3sas_cmo: CurrentHostPageSize is 0: Setting default host
page size to 4k
[ 3.537411] mpt3sas_cm0: sending message unit reset !!
[ 3.538979] mpt3sas_cm0: message unit reset: SUCCESS
[ 3.566771] mot3sas_cmO: scatter gather: sge_in_main_msg(1),
sge_per_chain(7), sge_per_io(128), chains_per_io(19)
[ 3.574683] mpt3sas_cm0: request pool(0x0155647c) -
dma(0xfe4o000d): depth(9700), frame_size(128), pool_size(1212 kB)
[ 3.700583] mpt3sas_cm0: sense pool(0x12f0c13e)- dmal(0xfcco0d00):
depth(9463),element_size(96), pool_size(887 kB)
[ 3.700792] mpt3sas_cm0: config page(0x2fS86fdfa) -
dma(0xfc9ee000): size(512)
[ 3.700793] mpt3sas_cm0: Allocated physical memory: size(19145 kB)
[ 3.700793] mpt3sas_cm0: Current Controller Queue Depth(9460),Max
Controller Queue Depth(9584)
[ 3.700793] mptSsas_cmO: Scatter Gather Elements per IO(128)
[ 3.871306] mpt3sas_cm0: _base_display_fwpkg_version: complete
[ 3.871310] mpt3sas_cm0: FW Package Ver(16.17.00.05)
[ 3.871439] mpt3sas_cm0: overriding NVDATA EEDPTagMode setting
[ 3.871823] mpt3sas_cm0: LSISASSO08: FWVersion(16.00.08.00),
ChipRevision(0x02), BiosVersion(18.00.00.00)
[ 3.871824] mpt3sas_cm0: Protocol=(Initiator,Target),
Capabilities=(TLR,EEDP,Snapshot Buffer,Diag Trace Buffer,Task Set Full,
NCQ)
[ 3.877202] mpt3sas_cm0: sending port enable !!
[ 3.879601] mpt3sas_cm0: host_add: handle(0x0001),
sas_addr(0x52cea7f04de43f800), phys(8)
[ 3.893387] mpt3sas_cm0: port enable: SUCCESS
[ 4.090990] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)
[ 4.095736] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)
[ 4.098772] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)
[ 4.103503] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)
[ 4.107395] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)
[ 4.112238] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)
[ 4.115278] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)
[ 4.119454] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)
[ 4.123635] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)
[ 4.128449] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)
[ 4.131516] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)
[ 4.135229] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)
[ 4.142162] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)
[ 4.146976] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)
[ 4.150725] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)
[ 4.155460] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)
[ 5.668812] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)
[ 5.671926] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)
[ 5.678008] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)
[ 5.679460] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)
[ 5.685393] mpt3sas_cm0: log_info(0x3112043b): originator(PL), code(0x12),
sub_code(0x043b)[ 3.925874] sd 0:0:0:0: [sdc] 468862128 512-byte logical
blocks: (240 GB/224 GiB)
...

2. grep 'sd[a-d]'
[ 3.925877] sd 0:0:0:0: [sdc] 4096-byte physical blocks
[ 3.926126] sd 0:0:0:0: [sdc] Write Protect is off
[ 3.926129] sd 0:0:0:0: [sdc] Mode Sense: 9b 00 10 08
[ 3.926150] sd 0:0:1:0: [sda] Enabling DIF Type 2 protection
[ 3.926319] sd 0:0:3:0: [sdb] Enabling DIF Type 2 protection
[ 3.926376] sd 0:0:4:0: [sdd] Enabling DIF Type 2 protection
[ 3.926437] sd 0:0:0:0: [sdc] Write cache: enabled, read cache: enabled,
supports DPO and FUA
[ 3.926449] sd 0:0:1:0: [sda] 3516328368 512-byte logical blocks: (1.80
TB/1.64 TiB)
[ 3.926450] sd 0:0:1:0: [sda] 4096-byte physical blocks
[ 3.926627] sd 0:0:3:0: [sdb] 351632

Re: stretch vs iptables auto-start

2020-08-24 Thread Greg Wooledge 
On Sun, Aug 23, 2020 at 02:26:19PM -0400, Gene Heskett wrote:
> Since the big conversion of file structs vs who owns what,

The what?  I can't even parse that.

> which 
> apparently includes running rc.local as the logged in user and not as 
> root,

Now that is pure nonsense.  You're just inventing incorrect explanations
for whatever behavior you're seeing that you don't understand.

If an /etc/rc.local file exists and has the execute bit turned on, it
is executed AS ROOT at BOOT TIME, before there is any "logged in user".

> that has hidden the iptables stuff from everybody but root since 
> its not now in the users $PATH.

Now I believe you're talking about the change to "su" in buster.

https://wiki.debian.org/NewInBuster#Changes

Of course, you might be talking about something else entirely, but
your message is so unclear that I can't tell what you mean.

If you mean "the iptables command is /sbin/iptables which is not in
my PATH by default as a user", well, like... duh?  Hasn't that always
been the case?  iptables is a system administration command, which
most end users will never need.  If you want to run it as an end user,
just make sure /sbin (and probably /usr/sbin) is in your PATH.  Not
that you can do much with it as an end user.  Or explicitly type
/sbin/iptables to run it.

Re: right after installation errors reported during booting (dmesg) ...

2020-08-24 Thread Greg Wooledge 
On Sat, Aug 22, 2020 at 03:38:59PM +0200, Albretch Mueller wrote:
> On 8/21/20, The Wanderer  wrote:
> >  Wow. That's some dense, opaque code.
> 
>  my only intention was to get something done as quickly as possible. I
> didn't even know that people cared about proper writing of bash
> script. Is there such a thing? Do people take it seriously?

Not enough, unfortunately.  Way too many people just throw together
some stuff that *looks* like it works (because they didn't test it
properly), and then it goes into production and becomes a landmine
just waiting to explode.

The code in question had several quoting errors, and was using internal
shell variables that didn't contain any lowercase letters.  Also, for
some reason, almost all of the variables began with the _ character.
I have no idea why, but it certainly doesn't help readability.

I didn't analyze it beyond that.

Re: In network bonding second nic (eth1) is not pingable while first one (eth0) is always pingable"

2020-08-24 Thread Andy Smith 
Hello,

On Sun, Aug 23, 2020 at 09:16:48PM +0200, deloptes wrote:
> Dan Ritter wrote:
> > This really sounds like you're trying to test out a scenario in
> > a situation where it can't possibly work.
> > 
> 
> But this is exactly what he has to do - connect two wired network interfaces
> to a managed switch. Then configure LAGG (LACP) on the switch for the two
> ports and LAGG (LACP) on the PC/server.

Have I misunderstood how the OP is trying to replicate it though? My
Understanding was they are taking a bare metal machine with one
Ethernet and one WiFi, then exporting those to a virtual machine as
two virtual Ethernets. Then they are trying to use the bonding
driver on those virtual Ethernets.

I use bonding on bare metal servers a lot and it "just works". I
don't know what is wrong in OP's case but if they really are trying
to do it the way I understand then I suspect those who say the WiFi
is the problem are correct.

Cheers,
Andy

Re: In network bonding second nic (eth1) is not pingable while first one (eth0) is always pingable"

2020-08-24 Thread Jaikumar Sharma 
On Sat, Aug 22, 2020 at 9:36 PM Dan Ritter  wrote:
> This really sounds like you're trying to test out a scenario in
> a situation where it can't possibly work.
>
> Don't do that. Test it in as close a simulation to reality as
> possible.
Thanks Dan for insights, it worked - I humbly appreciate you for insights given.

Regards,

Re: Homebuilt NAS: System Drive Filesystem?

2020-08-24 Thread Jonathan Dowland 

On Fri, Aug 21, 2020 at 09:02:05PM -0700, Patrick Bartek wrote:

Opinions?  Suggestions?  Recommendations?


If I were doing this, I would remount / as read-only after boot, see
what complains, and make adjustments to either stop those processes
writing, or redirect where they write to (such as mounting something
else over /var/log, or disabling logging, or disabling cron jobs for
services I don't really need, etc)

I've never used F2FS, I did read a bit about it when it was first
announced. It's had several decades less battle-hardening than plain
old ext4, so I'd personally be inclined to avoid it.

But I'd also avoid trying to run / on a flash drive. I just use a
logical volume on my NAS storage for the OS. I can't see a reason not
to.

--
Please do not CC me, I am subscribed to the list.

👱🏻  Jonathan Dowland
✎j...@debian.org
🔗   https://jmtd.net

Re: stretch vs iptables auto-start

2020-08-24 Thread Gene Heskett 
On Monday 24 August 2020 04:45:01 Andrei POPESCU wrote:

> On Du, 23 aug 20, 21:34:12, Gene Heskett wrote:
> > On Sunday 23 August 2020 15:45:22 Joe wrote:
> > > My server iptables is inherited from, I think, sarge, so it's
> > > probably not done optimally today. It's an init script run from
> > > /etc/rcS.d.
> >
> > Ah,/etc/rcS.d/S18netfilter-persistent
> > but that does not mention iptables anyplace in it.  Whats the diff?
>
> Why should it mention iptables?
>
> By the way, at least with systemd on buster the 'nftables' package is
> set to automatically load rules from /etc/nftables.conf, there is no
> need for any additional packages.
>
> > Or better yet, can this "netfilter" thingy import a set of rules
> > saved from iptables?  Hey, I've got an idea, go RTFM.  Except there
> > isn't one.
>
> A quick web search found
> https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables
>_to_nftables, which also mentions iptables-translate, according to
> https://packages.debian.org in the package 'iptables' (at least on
> buster).

Printed for both eyes open time of day, looks easy enough.  Thank you 
Andrei.
 
> Kind regards,
> Andrei


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page

Re: In network bonding second nic (eth1) is not pingable while first one (eth0) is always pingable"

2020-08-24 Thread Jaikumar Sharma 
On Mon, Aug 24, 2020 at 12:47 AM deloptes  wrote:
> But this is exactly what he has to do - connect two wired network interfaces
> to a managed switch. Then configure LAGG (LACP) on the switch for the two
> ports and LAGG (LACP) on the PC/server.
Right :)
For my tests on Cisco switch  at office (without any changes on
switch) and using bonding in  "active-backup" mode, I can ping the
active interface using bond0 IP after plugging out the network cable
of the cable of active interface.
Only catch was all interfaces must be on same VLAN - problem was found
that one of the interface was in different VLAN and that is why ping
was failing - I asked my IT guy to put all interfaces in same VLAN and
everything worked like charm

Thank you all  for different pointers & insights were given in the discussions.

Regards,

Re: Homebuilt NAS: System Drive Filesystem?

2020-08-24 Thread David Christensen 

On 8/24/20 1:33 AM, Andrei POPESCU wrote:

On Du, 23 aug 20, 14:26:15, David Christensen wrote:



I only use 'relatime' on data disks.  I would not use it on a root
filesystem.   /boot might be okay.  (I let the installer set the boot, swap,
and root entries in fstab and I am loath to touch them.)


Just in case you're not aware of it, 'relatime' is the default since
Linux 2.6.30, see mount(8).

Just as a data point, I have been running all my disks with 'noatime',
as far as I recall since before the default was changed and didn't
notice any strange behaviour.

It might have been a motivation to stop using mboxes with mutt though
(I'm using only Maildirs for any local storage), which is the often
quoted example of applications that might break with noatime.

As far as I know also Debian's popularity-contest relies on access
times, though it probably works fine with 'relatime'.

Kind regards,
Andrei



Here is my daily driver:

2020-08-24 01:59:36 root@tinkywinky ~
# cat /etc/debian_version ; uname -a
9.13
Linux tinkywinky 4.9.0-12-amd64 #1 SMP Debian 4.9.210-1+deb9u1 
(2020-06-07) x86_64 GNU/Lin



RTFM mount(8):

FILESYSTEM-INDEPENDENT MOUNT OPTIONS

   To  check  the  current  setting  see  the  options  in
   /proc/mounts.


Look at /proc/mounts -- /boot is on sda1 and root is on sda3_crypt:

2020-08-24 02:07:38 root@tinkywinky ~
# egrep 'sda[13]' /proc/mounts
/dev/mapper/sda3_crypt / ext4 rw,relatime,errors=remount-ro,data=ordered 0 0
/dev/sda1 /boot ext4 rw,relatime,data=ordered 0 0


They both use relatime.


Thanks for the information.  :-)


David

Re: stretch vs iptables auto-start

2020-08-24 Thread Andrei POPESCU 
On Du, 23 aug 20, 21:34:12, Gene Heskett wrote:
> On Sunday 23 August 2020 15:45:22 Joe wrote:
> >
> > My server iptables is inherited from, I think, sarge, so it's probably
> > not done optimally today. It's an init script run from /etc/rcS.d.
> 
> Ah,/etc/rcS.d/S18netfilter-persistent
> but that does not mention iptables anyplace in it.  Whats the diff?

Why should it mention iptables?

By the way, at least with systemd on buster the 'nftables' package is 
set to automatically load rules from /etc/nftables.conf, there is no 
need for any additional packages.
 
> Or better yet, can this "netfilter" thingy import a set of rules saved 
> from iptables?  Hey, I've got an idea, go RTFM.  Except there isn't one.

A quick web search found
https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables,
 
which also mentions iptables-translate, according to 
https://packages.debian.org in the package 'iptables' (at least on 
buster).

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Homebuilt NAS: System Drive Filesystem?

2020-08-24 Thread Andrei POPESCU 
On Du, 23 aug 20, 14:26:15, David Christensen wrote:
> On 2020-08-23 11:22, Patrick Bartek wrote:
> > 
> > I'll use "relatime" instead of "noatime." "Relatime" is said to
> > create less problems with software that needs dates/times when files,
> > etc. were last modified, accessed, etc.
> 
> I only use 'relatime' on data disks.  I would not use it on a root
> filesystem.   /boot might be okay.  (I let the installer set the boot, swap,
> and root entries in fstab and I am loath to touch them.)

Just in case you're not aware of it, 'relatime' is the default since 
Linux 2.6.30, see mount(8).

Just as a data point, I have been running all my disks with 'noatime', 
as far as I recall since before the default was changed and didn't 
notice any strange behaviour.

It might have been a motivation to stop using mboxes with mutt though 
(I'm using only Maildirs for any local storage), which is the often 
quoted example of applications that might break with noatime.

As far as I know also Debian's popularity-contest relies on access 
times, though it probably works fine with 'relatime'.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: stretch vs iptables auto-start

2020-08-24 Thread Joe 
On Sun, 23 Aug 2020 21:34:12 -0400
Gene Heskett  wrote:

> On Sunday 23 August 2020 15:45:22 Joe wrote:
> 

> >
> > My server iptables is inherited from, I think, sarge, so it's
> > probably not done optimally today. It's an init script run from
> > /etc/rcS.d.  
> 
> Ah,/etc/rcS.d/S18netfilter-persistent
> but that does not mention iptables anyplace in it.  Whats the diff?
> 

Not quite. I have a pseudo-daemon script (lifted from Linux From
Scratch, before the auto-builds happened) that accepts a filename, so I
can have a couple of sets of rules, plus a status command to tell me
which is currently installed, and flush and stop commands to clear the
rules or to stop everything. 

My server only ever needs one set, but my netbook boots up into
suitable rules for public wifi, and I run a different set on a trusted
LAN. The netbook doesn't use my old daemon script, but uses
iptables-persistent and I just run other rulesets manually when needed.

-- 
Joe

Re: stretch vs iptables auto-start

2020-08-24 Thread Tixy 
On Sun, 2020-08-23 at 14:26 -0400, Gene Heskett wrote:
> Greetings all;
> 
> Since the big conversion of file structs vs who owns what, which 
> apparently includes running rc.local as the logged in user and not
> as 
> root, that has hidden the iptables stuff from everybody but root
> since 
> its not now in the users $PATH.
> 
> So what is the best way to assure this stuff gets started during a
> reboot

On my Debian box acting as a router, currently running Buster but been
running for about 10 years of Debian upgrades, I start my firewall by
this line in /etc/network/interfaces

  pre-up /root/firewall.sh

Where firewall.sh is a shell script of iptables rules (that also stops
and restarts fail2ban amongst other housekeeping tasks).

I have that pre-up command in the section for my ADSL line, the full
list of commands is

  auto dsl-provider
  iface dsl-provider inet ppp
  pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf
  pre-up /root/firewall.sh
  provider dsl-provider

My thinking was that before bringing up my ADSL connection to the
internet I need to make sure that eth0 is up because that connects to
my modem, then install my firewall.

My server is using sysvinit not systemd.

-- 
Tixy