Re: [vox-tech] Possible rootkit
Nice catch, Rod! Boy, though... what an unfortunately named process! On Mon, Sep 23, 2013 at 8:45 AM, Rod Roark wrote: > rtkit-daemon is a normal process: > > http://packages.ubuntu.com/lucid/rtkit > > Rod > > On Mon, 23 Sep 2013 06:52:01 -0400 > Ken Bloom wrote: > >> Do a clean reinstall. In your new installation, change your passwords and >> make sure you have the latest security updates. >> On Sep 23, 2013 1:49 AM, "Richard Harke" wrote: >> >> > I may have screwed up. I opened a GIF that I received in an email using >> > ImageMagick. The image didn't have a close button so I used ps -A to find >> > the >> > task. I didn't find any called ImageMagick but there was one named >> > display.im6 >> > and when I killed it, the icon on the task bar went away. But I also found >> > a task >> > called rtkit-daemon which I killed. But now I also find a whole new >> > directory >> > named /run which seems to have a lot of executables in it. All time stamped >> > about the time this happened. Whoops, I forgot 24 hour clock. The time >> > stamps >> > are this morning so maybe it doesn't have to do with the GIF. In any case >> > I assume everything in /run is trojaned. >> > >> > I am open for advice. >> > >> > Richard >> > >> > >> > ___ >> > vox-tech mailing list >> > vox-tech@lists.lugod.org >> > http://lists.lugod.org/mailman/listinfo/vox-tech > ___ > vox-tech mailing list > vox-tech@lists.lugod.org > http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Broken video? Poor frame rate
Hi All, I recorded a Skype video chat with Evaer The chat was with someone in Italy, so the quality of the chat was poor, but the video recording is horrendous. Much poorer than the chat. While chatting I could discern the individual frames. It kinda sorta looked smooth if I didn't scrutinize it too much. However, when I play the video, the frames are DEFINITELY discrete -- the video is basically audio with a picture that changes every .5 to 2 seconds. Much, much poorer than the chat. I've tried on Linux and Windows, which are 4 core Nehalem and 8 core Sandybridge systems with 8 GB of RAM and SSD hard drives. and the video sucks on both. The quality of the video is definitely much poorer than the chat itself, so I'm thinking maybe the video is either broken or in bad need of better compression. ffmpeg reports: p@satan$ ffmpeg -i darionapoli74_2013-08-09_12-36-46.mp4 ffmpeg version 0.8.6-4:0.8.6-0ubuntu0.12.04.1, Copyright (c) 2000-2013 the Libav developers Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'darionapoli74_2013-08-09_12-36-46.mp4': Metadata: major_brand : isom minor_version : 512 compatible_brands: isomiso2avc1mp41 creation_time : 1970-01-01 00:00:00 encoder : Lavf52.32.0 Duration: 01:05:16.23, start: 0.00, bitrate: 350 kb/s Stream #0.0(eng): Video: h264 (Main), yuv420p, 640x480 [PAR 1:1 DAR 4:3], 292 kb/s, 28.26 fps, 30 tbr, 30 tbn, 60 tbc Metadata: creation_time : 1970-01-01 00:00:00 Stream #0.1(eng): Audio: aac, 16000 Hz, stereo, s16, 55 kb/s I'm no video expert, but I interpret this as there IS video compression (h264) and audio compression (aac). Audio sampling is pretty high quality (it tracks the sucky audio very well) and the fps is actually quite high, so this points to one of two things: 1. The video file or compression is broken somehow and my computer is having trouble decoding and displaying the video. 2. Evaer just really, really, really sucks at recording Skype video chats. I'm leaning towards #2 because my computer's fans don't go on, and the RAM / CPU utilization are both very low while playing this video. Still, I'm not 100% sure, because it seems odd that a commercial product would suck so noticeably bad. Usually commercial products suck subtly or if you try using them in a way they were not engineered to function. But this was a really plain vanilla recording project. It should've been a lot better. Any thoughts? Much appreciated! Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Hard drive Reliability
For the past couple of years I've been buying 2TB drives because they're so cheap. But I think I've lost more drives in the last 5 years than I've ever lost in my entire life. I haven't been keeping records, but I swear it feels like many of my drives last 2-3 years. Are others finding the same thing? Are there any manufacturers known to be more reliable than others? Less reliable than others? ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] frustrating laptop problem
On Tue, Dec 18, 2012 at 3:56 PM, Norm Matloff wrote: > > So, I recently "inherited" an Acer Aspire One, model 722. (My daughter > had been using it but she then bought a Mac.) Naturally, I wanted to > install Linux on it. > > I began with my distro of choice, Ubuntu (in this case 12.04). > Installed fine; didn't even need to fiddle with the WiFi. But after > installation, it turned out that the touchpad would freeze after a few > seconds. Same when I attached a USB external mouse. > > Subsequently, I tried various Debian derivatives, such as MEPIS and > Mint. Each had some kind of problem. For instance, one of them froze > when I tried to click to select my desired SSID. Mint actually froze > during the installation process itself (and did so each of the several > times I retried it). > > Last, I turned to Fedora. The installation went absolutely fine (again, > including the WiFi), with no special actions on my part. And yet...it > won't shut down! Whether I click to shutdown, or run poweroff from a > terminal window, it just hangs; KDE shuts down, the screen goes black, a > cryptic message appears regarding a fonts file, but that's all. > > The one piece of good news is that I'm not imagining any of this. :-) > All of the above problems are discussed on various Web sites. Yet none > of the suggested remedies worked. > > If anyone has any suggestions, they would be highly appreciated. > > Norm > I remember back in the day there was a debate over whether Linux should be able to shut off computers. I remember being outraged because it seemed like such a stupid argument. The argument went along the lines of (I think.. this is over 15 years ago) that the ability to shut down power required BIOS support and therefore, should not be a part of the kernel proper but perhaps a supporting module / package combo. Anyway, that obviously got resolved a long, long time ago, but the take away is that the ability to shut power down (not just shut off the OS) is BIOS related. Are there BIOS updates for the laptop? Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Rescuing NTFS partition
Hi all, A 2GB Hitachi drive holding one NTFS partition got hosed. The drive is literally one year old, and my belief is that this is a hardware failure, not a filesystem hosing. I see the drive in BIOS, so perhaps not all is lost. Windows fails to even acknowledge the drive's existence, so I'm trying to rescue it on Linux. I've never rescued an NTFS partition before. Doing some reading I found ntfsclone, so I figured the best thing to do would be to make a copy of the drive. I used: ntfsclone --force --rescue -o /ftp/storage.img /dev/sdc1 but it's basically stuck at 57.71%: ntfsclone v2011.4.12AR.4 (libntfs-3g) NTFS volume version: 3.1 Cluster size : 4096 bytes Current volume size: 2000396288000 bytes (2000397 MB) Current device size: 2000396289024 bytes (2000397 MB) Scanning volume ... 56.71 percent completed which generates entries in /var/log/messages along the lines of: Mar 19 21:49:17 satan kernel: [3492239.910141] sd 10:0:0:0: [sdc] Sense Key : Hardware Error [current] Mar 19 21:49:17 satan kernel: [3492239.910146] sd 10:0:0:0: [sdc] Add. Sense: No additional sense information Mar 19 21:49:17 satan kernel: [3492239.910151] sd 10:0:0:0: [sdc] CDB: Read(10): 28 00 00 62 57 a7 00 00 08 00 Mar 19 21:50:39 satan kernel: [3492321.522843] sd 10:0:0:0: [sdc] Unhandled sense code It's not even clear whether ntfsclone is actually *reading* the drive. Scanning could just be checking FS integrity. Anyhow, I was curious about something. What exactly is the difference between dd (or ddrescue) which is how I normally rescued partitions in the past and ntfsclone? Which tool would be more appropriate for rescuing as many files as possible? Any words of wisdom from people who been here / done this? Thanks! Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Graphical Remote Login to Linux/KDE from WinXP
Thanks Gilbert. I'll check that out now. Just out of curiosity, it's not clear what VNC does. Is it a remote desktop that gives you what's going on in the console (what I don't want)? Or does it give you a new X session (what I want). On Sun, Dec 25, 2011 at 9:04 PM, Gilbert Coville wrote: > Take a look at NX. (www.nomachine.com). That gets you a new session, > different > from what's happening on the console. > > Gilbert > > On Dec 25, 2011, at 10:13 AM, Peter Salzman wrote: > >> Sometimes when I work on my WinXP box I want to use my Linux box >> without being in front of the computer. What I'd really like is to >> graphically remote login to Linux/KDE from WinXP, as in, open up a >> window containing a KDE login session from my WinXP box. I'm already >> running MingW, and can use remote X apps like xeyes via Putty. >> >> I tried using Putty (with X-Forwarding and running /usr/bin/startkde >> upon login) but KDE crashes, and the problem seems pretty complicated, >> so I'd like to try a different way. >> >> My wife is almost always logged into the Linux box and is using KDE. >> I don't want to share her session, but use my own session. >> >> What the easiest/best ways of doing that? >> >> Thanks! >> Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Graphical Remote Login to Linux/KDE from WinXP
Which VNC do you use? There appears to be tons of them. I've read weird things on Google like some don't support cut and paste (?!?!) On Sun, Dec 25, 2011 at 3:29 PM, Norm Matloff wrote: > VNC works fine for me. There are others. > > Norm ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Graphical Remote Login to Linux/KDE from WinXP
Sometimes when I work on my WinXP box I want to use my Linux box without being in front of the computer. What I'd really like is to graphically remote login to Linux/KDE from WinXP, as in, open up a window containing a KDE login session from my WinXP box. I'm already running MingW, and can use remote X apps like xeyes via Putty. I tried using Putty (with X-Forwarding and running /usr/bin/startkde upon login) but KDE crashes, and the problem seems pretty complicated, so I'd like to try a different way. My wife is almost always logged into the Linux box and is using KDE. I don't want to share her session, but use my own session. What the easiest/best ways of doing that? Thanks! Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] CalDAV
On Wed, Jul 6, 2011 at 11:18 PM, Nick Schmalenberger wrote: > On Wed, Jul 06, 2011 at 10:15:37PM -0400, Peter Salzman wrote: >> On Fri, Jul 1, 2011 at 4:28 PM, Rick Moen wrote: >> > I wrote: >> > >> > And that's just not happening. Everyone wants to make a groupware suite >> > that does absolutely everything, wants to take over the world, and has >> > incredibly picky and incredibly extensive requirements. I cannot just >> > drop Bedework, or Bongo Project, or Cosmo, or Dingo Calendar Server, or >> > ScalableOGo, or EGroupware into my old PIII server and have any of >> > those play well with my existing server configuration. Almost all >> > insist on a specific back-end database, and many want LDAP-based >> > directory services. >> >> Update. >> >> This is about right. Bedework is unsuitable for my needs. It's too >> big of a framework. Very intensive. The developers say it requires >> its own dedicated server, which is why it's not offered by webhosting >> companies. There's no such thing as a server that runs Bedework for >> multiple clients, and from what I've read, I don't exactly want to run >> it on my desktop machine. Sigh. It does look like a conquer the >> world type application though. Very impressive, but you hit the nail >> squarely on the head with the above paragraph. >> >> I looked into mod_caldav. The documentation is spotty, but from what >> I can tell, it requires a patched Apache server?!? I've seen messages >> of people who were compiling Apache to run mod_caldav, and that looks >> like a whole can of worms too. >> >> I started to look into the Ubuntu calendarserver package. Still >> trying to figure out how to set it up and whatnot; documentation >> sucks, but I think it might be the most fruitful avenue to caldav out >> of the three options I've looked at so far. >> > Has anybody tried davical? How does it compare? I just tried > "apt-cache search caldav" and radicale also comes up, besides > calendarserver. > Nick Thanks for the lead. I'll look into this week and post my experience. ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] CalDAV
On Fri, Jul 1, 2011 at 4:28 PM, Rick Moen wrote: > I wrote: > > And that's just not happening. Everyone wants to make a groupware suite > that does absolutely everything, wants to take over the world, and has > incredibly picky and incredibly extensive requirements. I cannot just > drop Bedework, or Bongo Project, or Cosmo, or Dingo Calendar Server, or > ScalableOGo, or EGroupware into my old PIII server and have any of > those play well with my existing server configuration. Almost all > insist on a specific back-end database, and many want LDAP-based > directory services. Update. This is about right. Bedework is unsuitable for my needs. It's too big of a framework. Very intensive. The developers say it requires its own dedicated server, which is why it's not offered by webhosting companies. There's no such thing as a server that runs Bedework for multiple clients, and from what I've read, I don't exactly want to run it on my desktop machine. Sigh. It does look like a conquer the world type application though. Very impressive, but you hit the nail squarely on the head with the above paragraph. I looked into mod_caldav. The documentation is spotty, but from what I can tell, it requires a patched Apache server?!? I've seen messages of people who were compiling Apache to run mod_caldav, and that looks like a whole can of worms too. I started to look into the Ubuntu calendarserver package. Still trying to figure out how to set it up and whatnot; documentation sucks, but I think it might be the most fruitful avenue to caldav out of the three options I've looked at so far. Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] CalDAV
On Fri, Jul 1, 2011 at 2:23 PM, Rick Moen wrote: > Quoting Peter Salzman (p...@dirac.org): > >> Actually, this looks absolutely fantastic. I can't figure out why >> it's not practically an industry standard. The main design goal is >> interoperability with all calendaring clients, is BSD licensed, and it >> looks very polished. Thanks for mentioning this. > > Bedework is mentioned very briefly (but, sadly, not covered otherwise) > in this April 2008 rundown on Linux groupware: > http://www.linuxjournal.com/magazine/scalable-opengroupwareorg > > That article is mostly about one of the alternative implementations, > SOGo aka ScalableOGo. > > These pages look pretty useful: > http://caldav.calconnect.org/implementations/servers.html > http://wiki.herzbube.ch/index.php/DAViCal Thanks for the reading. I'll check it out on my commute today. I can't figure out why calDAV isn't more utilized. Interoperability of things like business card and contact sharing has really taken off, but for any business or organization that has scheduled events (i.e. nearly all of them) it seems ... weird that calDAV isn't more front and center in an age where nearly half the US population has some kind of smart phone. Heck, even LUGOD could benefit by exporting a calendar listing all meetings, installfests, one-off events, etc. It's a way of pushing information to a target group rather than requiring them to pull information (e.g. going to a website and obtaining the info themselves). It's right there on their phones. Even things like event cancellations become less onerous. ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] CalDAV
Actually, this looks absolutely fantastic. I can't figure out why it's not practically an industry standard. The main design goal is interoperability with all calendaring clients, is BSD licensed, and it looks very polished. Thanks for mentioning this. On Mon, Jun 27, 2011 at 3:34 PM, Peter Salzman wrote: > That lead looks great to me. I'll check it out. Thanks!!! > > > On Mon, Jun 27, 2011 at 3:22 PM, Scott Miller wrote: >> >> http://www.bedework.org/bedework/ >> >> Bedework is an open source calendering server that appears to follow >> all of the open spec'd caldav stuff and be very compatible. >> >> UC Berkeley is rolling it out for the campus. I'm not sure what's >> involved for getting it up and running though. :( >> >> >> == >> Date: Mon, 27 Jun 2011 11:42:24 -0400 >> From: Peter Salzman >> Subject: [vox-tech] CalDAV >> To: vox-tech >> Message-ID: >> Content-Type: text/plain; charset="iso-8859-1" >> >> I'd like to be able to serve calendar events to Google Calendar, iPhone, >> Android, and BlackBerry users. I did some research and found that CalDAV >> is >> the protocol that I need to look at. Ubuntu has something called >> calendarserver which I think serves up CalDAV data. >> >> However, I've also read hints that this would work for Google Calendar >> users, but not necessarily for mobile phone users because the mobile >> phones >> use proprietary extensions. >> >> This is totally uncharted territory for me. I was wondering if anyone has >> done this, and if so, what's the scoop on serving calendars to mobile >> phone >> users. >> >> Thanks! >> Pete > ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] CalDAV
That lead looks great to me. I'll check it out. Thanks!!! On Mon, Jun 27, 2011 at 3:22 PM, Scott Miller wrote: > http://www.bedework.org/bedework/ > > Bedework is an open source calendering server that appears to follow > all of the open spec'd caldav stuff and be very compatible. > > UC Berkeley is rolling it out for the campus. I'm not sure what's > involved for getting it up and running though. :( > > > == > Date: Mon, 27 Jun 2011 11:42:24 -0400 > From: Peter Salzman > Subject: [vox-tech] CalDAV > To: vox-tech > Message-ID: > Content-Type: text/plain; charset="iso-8859-1" > > I'd like to be able to serve calendar events to Google Calendar, iPhone, > Android, and BlackBerry users. I did some research and found that CalDAV > is > the protocol that I need to look at. Ubuntu has something called > calendarserver which I think serves up CalDAV data. > > However, I've also read hints that this would work for Google Calendar > users, but not necessarily for mobile phone users because the mobile phones > use proprietary extensions. > > This is totally uncharted territory for me. I was wondering if anyone has > done this, and if so, what's the scoop on serving calendars to mobile phone > users. > > Thanks! > Pete > ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] CalDAV
I'd like to be able to serve calendar events to Google Calendar, iPhone, Android, and BlackBerry users. I did some research and found that CalDAV is the protocol that I need to look at. Ubuntu has something called calendarserver which I think serves up CalDAV data. However, I've also read hints that this would work for Google Calendar users, but not necessarily for mobile phone users because the mobile phones use proprietary extensions. This is totally uncharted territory for me. I was wondering if anyone has done this, and if so, what's the scoop on serving calendars to mobile phone users. Thanks! Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Filename suffix dependent deletion problem with Samba
Summary: It appears that Samba refuses to delete files with certain types of extensions, but I can't find any mention of suffix-dependent permissions in Samba, so something else must be happening that *looks like* suffix dependent permissions. Setup: My "M drive" on a Windows machine is a Samba share, /data/mp3, mounted from my Linux workstation. So: Satan Samba Lucifer /data/mp3>M: I have a Windows explorer window opened to M:\test and a putty terminal opened to /data/mp3/test (they're viewing the same directory). The Test: On the Linux command line, I do: $ touch foo.txt foo.mp3 $ lla total 8.0K drwxr-xr-x 2 p p 4.0K 2011-03-19 13:32 ./ drwxrwx--- 42 p users 4.0K 2011-03-19 13:25 ../ -rw-r--r--1 p p0 2011-03-19 13:32 foo.mp3 -rw-r--r--1 p p0 2011-03-19 13:32 foo.txt So the files are *exactly* the same except for their suffixes. Now, turning to the Windows explorer window, I can delete foo.txt, but I cannot delete foo.mp3! Even weirder: From the Windows explorer, I can rename the base filenames (foo), but I can only rename the suffix (i.e. change the filetype) of the txt file, not the mp3 file. How strange is that? Even stranger, if there are two mp3 files, say, foo.mp3 and bar.mp3, from the Windows explorer, I can't delete foo.mp3 by itself, and I can't delete bar.mp3 by itself, but if I control-select both files, I can delete them together. In other words, I can't delete single mp3 files, but I can delete multiple mp3 files. So the mp3 filename suffix is handled very strangely. After a little testing, I found that *wav files also suffer from the strange Samba deletion / filetype change restrictions. txt, pdf, avi, mpg, xls, doc, ogg mp2 all behave normally. I tried bumping up the Samba log level to 3, but that really gave me no clues at all. Does anyone have any guesses what might be happening? Thanks! Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Netflix
On Tue, Mar 8, 2011 at 3:28 PM, jim wrote: > > how do you know online petitions are not worth...? > if i were in charge of a company or department, i'd > make sure y group was attentive to incoming electronic > info. i'd at least try to ensure that the filters were > sufficiently granular and produced useful statistics. > it's a question: do you have info or are you jaded > or some such? > > > > On Tue, 2011-03-08 at 13:37 -0600, Chanoch (Ken) Bloom wrote: > > On Tue, Mar 08, 2011 at 09:13:08AM -0800, Bob Scofield wrote: > > > On Tuesday 08 March 2011, Darth Borehd wrote: > > > > Netflix intentional denies Linux clients from using their streaming > > > > service > > > > because of DRM. Please send them letters and phone calls expressing why > > > > this is stupid. > > > > > > There's an online petition out there somewhere. I've signed it. > > > > Online petitions generally aren't worth the paper they're printed on. I think that generally comes from signing countless online petitions in the 90's and not seeing a single one pan out. They had a petition for everything... * video card specs released to the X developers for this chipset or that chipset * creation of a Linux client for Half-Life (there was already a server) * GPL for various really old games that people wanted to port (e.g. Redneck Rampage and Outlaws) * petition for X developers to get all the Voodoo 5 GPUs active under X/Mesa. I don't think I've seen a single petition amount to anything. Seems like their only real value is to raise public awareness of an issue when the inevitable slashdotting happens. ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Apache: 2, Me: 0.
On Tue, Feb 22, 2011 at 12:45 PM, Bill Kendrick wrote: > > On Tue, Feb 15, 2011 at 11:51:13AM -0800, Bryan Richter wrote: > > Unfortunately, it looks like Optimum has a similar policy, depending on what > > type of account you have. > > > > >From http://www.optimum.net/Terms : > > > > > Section 22.B.i: Users [of Optimum Online Boost and Optimum Online Ultra] may > > not run any servers except for a webserver (HTTP) and mail (SMTP) on the > > system. This includes but is not limited to FTP, IRC, POP, SOCKS, SQUID, > > DNS or any multi-user forums. > > Hah. So what constitutes a "multi-user forum?" Does that mean that, > although you're allowed to run a webserver, it can't be a blog that has > a "post a comment" feature? :) LOL. Go figure! I don't think they thought that one through very well. ;-) Well, I am pleased to say that the problem is fixed. Third time is indeed a charm. The ISP mistakenly filtered port 80. It was interesting to see what this filtering looked like -- I was surprised that 2/3 of the handshake was allowed to happen. Thank you everybody for the suggestions. I really appreciate everyone's help! Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Apache: 2, Me: 0.
On Mon, Feb 21, 2011 at 10:32 PM, Shwaine wrote: > On Mon, 21 Feb 2011, Chanoch (Ken) Bloom wrote: > > > (bad vibed messaged snipped) > I'm really very disappointed in both these messages. I hope you both have the good sense to not escalate with each other. ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Apache: 2, Me: 0.
On Mon, Feb 21, 2011 at 3:50 PM, Peter Salzman wrote: > On Tue, Feb 15, 2011 at 7:15 PM, Troy Arnold wrote: >> >> On Tue, Feb 15, 2011 at 03:27:01PM -0500, Peter Salzman wrote: >> > >> > But as to why the 3-way handshake isn't being fully established ... >> > that would suck because I have *no* idea how to diagnose that sort of >> > thing... >> >> Hey, Pete- >> >> netcat is the perfect tool for determining if the 3 way handshake is >> successful. >> >> On satan: >> stop apache >> # nc -l -p 80 >> >> from elsewhere: >> nc dirac.org 80 >> >> >> if it works you'll be able to type stuff on either side and see it echoed >> on the other (after hitting return) >> >> At least at the end of this you'll know if your apache config is to blame. >> >> -t > > > Hey Troy and Shwaine, > > That is a *really* snazzy tool. I'm surprised I haven't run across it > yet. Thanks for mentioning it to me! > > OK, I think for the first time I've made a little progress. I tried > nc on a port that I'm 100% confident with, port 22 (ssh). It worked > as advertised. > > Next I tried it on the questionable port, port 80. On the server > side, it bound to 80 no problem. On the client, I typed "nc -v > dirac.org 80" (-v gives verbose output). After about 30 seconds, it > replied with: > > nc: connect to dirac.org port 80 (tcp) failed: Connection timed out > > Progress by a mile. I think this limits the problem to either my > router or the ISP. I think the next step is to connect satan > directly to the modem, bypassing the router. If nc still doesn't work > on port 80, then it's time to grill my ISP and ask them why they're > breaking the TOS. > > *Thank you* > > Pete > > ps- iptables are completely empty. OK, I think the problem is close to being solved. I connected satan directly to the modem, and nc STILL showed that nc couldn't make the connection on port 80 (but it could on ssh). So my router was not to blame. That left the ISP. I called, and found it was indeed the ISP. When I first got Internet service from Optimum, I had the normal cheap service (which filters 80, 25, and 21). Then when I saw the Boost service with its 100 down / 15 up (and no filtering) I switched. Apparently, the ISP didn't unfilter my ports. Hopefully, this time tomorrow will find my webserver functional unless I screwed up the Apache configuration with all my testing and prodding. :) That nc tool is truly a great find! Thank you for mentioning it! I was really able to see that 23 worked flawlessly and 80 couldn't establish the connection; it eliminated almost all doubt. Thanks Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Apache: 2, Me: 0.
On Tue, Feb 15, 2011 at 7:15 PM, Troy Arnold wrote: > > On Tue, Feb 15, 2011 at 03:27:01PM -0500, Peter Salzman wrote: > > > > But as to why the 3-way handshake isn't being fully established ... > > that would suck because I have *no* idea how to diagnose that sort of > > thing... > > Hey, Pete- > > netcat is the perfect tool for determining if the 3 way handshake is > successful. > > On satan: > stop apache > # nc -l -p 80 > > from elsewhere: > nc dirac.org 80 > > > if it works you'll be able to type stuff on either side and see it echoed > on the other (after hitting return) > > At least at the end of this you'll know if your apache config is to blame. > > -t Hey Troy and Shwaine, That is a *really* snazzy tool. I'm surprised I haven't run across it yet. Thanks for mentioning it to me! OK, I think for the first time I've made a little progress. I tried nc on a port that I'm 100% confident with, port 22 (ssh). It worked as advertised. Next I tried it on the questionable port, port 80. On the server side, it bound to 80 no problem. On the client, I typed "nc -v dirac.org 80" (-v gives verbose output). After about 30 seconds, it replied with: nc: connect to dirac.org port 80 (tcp) failed: Connection timed out Progress by a mile. I think this limits the problem to either my router or the ISP. I think the next step is to connect satan directly to the modem, bypassing the router. If nc still doesn't work on port 80, then it's time to grill my ISP and ask them why they're breaking the TOS. *Thank you* Pete ps- iptables are completely empty. ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Apache: 2, Me: 0.
> Hi Bryan, > > Good call, but I'm on Optimum Online Ultra. It's pricey ($85/mo) but > between the 100Mbps down, 15 Mbps up, static IP, and being able to run > servers, I kind of had to get it, so I fall under 22B. > > I called them and verified they don't drop packets to port 80, and in > fact, I actually do see the packets coming in to port 80. Orson had a > good point about the 3 way handshake not being fully established, and > that's in my queue of things to investigate. If the handshake isn't > being fully established, Apache wouldn't see the request, and that > would explain why I can't find a misconfiguration. > > But as to why the 3-way handshake isn't being fully established ... > that would suck because I have *no* idea how to diagnose that sort of > thing... > > Pete It's a bit of a confirmation, but according to netstat: tcp0 0 satan:www ny-131.algorithmi:13082 SYN_RECV SYN_RECV means a request has been received from the network. This proves that the http request was received at the right machine, at the right port. But for whatever reason, the connection was never fully established. I'm not sure if this is telling me there's a problem with the TCP transport or if this is simply restating the fact that Apache isn't picking up the phone. Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Apache: 2, Me: 0.
On Tue, Feb 15, 2011 at 2:54 PM, Cam Ellison wrote: > On 11-02-15 11:31 AM, Peter Salzman wrote: >> On Tue, Feb 15, 2011 at 12:26 PM, Cam Ellison wrote: >>> On 11-02-15 08:56 AM, Peter Salzman wrote: >>>> OK, I commented out all the virtual host stuff and changed ports.conf to: >>>> >>>> Listen 80 >>>> >>>> � � �# SSL name based virtual hosts are not yet supported, therefore no >>>> � � �Listen 443 >>>> >>>> ServerName dirac.org >>>> >>>> and Apache is still not responding to requests from outside my LAN. >>>> >>>> This is crazy! �I've never had so much trouble with this before. �The >>>> packets are clearly coming in. �Could there be some kind of crazy >>>> packet header rewriting to make the packets look like they're destined >>>> for somewhere else (like the DSL modem)? >>>> >>>> Rod, do you have any other ideas? >>> Maybe I missed something in this discussion, but it looks as though you >>> have duplicate ServerName entries and Port assignments. �You can't do >>> that - at least, not with impunity. �Use your sites-enabled file to >>> specify the site and port(s), and take the corresponding entries out of >>> apache.conf. �You also have conflicting site names between the two files. >>> >>> HTH >>> >>> Cam >> Hi Cam!!! > Hi Pete!!! - long time... >> When I take out the ServerName directive from apache2.conf and restart >> the server, I get the following warning: >> >> root@satan:/etc/apache2# /etc/init.d/apache2 restart >> >> * Restarting web server >> apache2: Could not reliably determine the server's fully qualified >> domain name, using 127.0.0.1 for ServerName >> ... waiting apache2: Could not reliably determine the server's fully >> qualified domain name, using 127.0.0.1 for ServerName [ OK ] > Hmmm. What I can remember from fussing around with mine and looking > through the Apache documentation is that you're better off using the > default or other conf file in /etc/apache2/sites-available, and > symlinking it or them to /sites-enabled. In other words, leave > ports.conf blank or commented out, and don't put IP address or port > number information in apache2.conf. I ran into similar, though not > identical problems, and they weren't resolved until I did this. > > Here's a portion of my default.conf: > > Listen 80 > NameVirtualHost 24.207.43.86:80 > > ServerName ellisonpsychology.ca > > and virtuals.conf: > > Listen 443 > > NameVirtualHost 24.207.43.86:443 > > > ServerName appears within VirtualHost - it doesn't seem to matter > whether it's inside or outside it. >> >> I thought the ServerName within a virtual hosts directive indicates >> which name that particular virtual host responds to but the general >> ServerName is used (for some purpose) by the general web server? I >> tried taking the ServerName out of apache2.conf and got the error >> message above. Still didn't work, unfortunately, >> >> Where is the ports assignment done twice? > It's in both apache.conf and ports.conf, as well as in both dirac.org > and iuselinux.org > > I think you will need to either assign port 80 to one domain name and a > different port to the other, or use port 80 and specify the other > domains as ServerAliases. > > I'll send you my entire site files if you want. > > Cheers > > Cam Hey Cam, The virtual host files are actually in sites-available and symlinked into sites-enabled. I've done this before twice on Debian, which is part of the reason why it's so frustrating. It took awhile to get working, but I didn't have this much trouble. Not even close. When I had it working, both virtual hosts used port 80. The server was able to serve the right page based on the requested domain name (e.g. dirac.org vs iuselinux.org). If you don't mind, I wouldn't mind taking a look at your config files. Maybe I can glean something from them or even use them slightly modified to see if they do the trick for my setup. Thanks! Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Apache: 2, Me: 0.
On Tue, Feb 15, 2011 at 2:51 PM, Bryan Richter wrote: > On Tue, Feb 15, 2011 at 01:31:58AM -0500, Peter Salzman wrote: >> Third time is a charm, perhaps. I'm trying to get Apache to work. >> >> I can access dirac.org successfully from inside my network; I can't >> access it from outside my home network. Apache is running on a Linux box >> on satan: 192.168.0.2 and I'm testing it from a MS Windows machine on >> lucifer:192.168.0.3. My ISP is optimum online. > > Can you confirm that optimum Online is not dropping your packets? I had > Comcast do something similar to me. Comcast has a policy that subscribers > cannot operate a server. (Yes, this *does* go against everything the Internet > is about, and pains me greatly.) > > Unfortunately, it looks like Optimum has a similar policy, depending on what > type of account you have. > > From http://www.optimum.net/Terms : > > Section 22.A.i: Users [of Optimum Online] may not run any type of server on > the system. This includes but is not limited to FTP, IRC, SMTP, POP, HTTP, > SOCKS, SQUID, DNS or any multi-user forums; > > Section 22.B.i: Users [of Optimum Online Boost and Optimum Online Ultra] > may > not run any servers except for a webserver (HTTP) and mail (SMTP) on the > system. This includes but is not limited to FTP, IRC, POP, SOCKS, SQUID, > DNS or any multi-user forums. > > In my case, I was running an sftp server that worked for a while and then > mysteriously stopped. When I contacted support, I was apprised of their > policy, > which I can only assume that they had reactively enforced. > > -- > - Bryan Hi Bryan, Good call, but I'm on Optimum Online Ultra. It's pricey ($85/mo) but between the 100Mbps down, 15 Mbps up, static IP, and being able to run servers, I kind of had to get it, so I fall under 22B. I called them and verified they don't drop packets to port 80, and in fact, I actually do see the packets coming in to port 80. Orson had a good point about the 3 way handshake not being fully established, and that's in my queue of things to investigate. If the handshake isn't being fully established, Apache wouldn't see the request, and that would explain why I can't find a misconfiguration. But as to why the 3-way handshake isn't being fully established ... that would suck because I have *no* idea how to diagnose that sort of thing... Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Apache: 2, Me: 0.
On Tue, Feb 15, 2011 at 2:26 PM, Orson Jones wrote: >> Unfortunately, Apache is listening to 80 -- I think I know that >> because the webserver is accessible from inside the LAN. But just to >> make 100% sure, > > Rereading your original post, I misunderstood the setup. > It sounds like the packets are getting in, hitting the server, being > responded to by the server, but not making it back out the router. > > I think your apache config may be ok, but your router may not be handling > the return traffic correctly. It's also possible that your server's routing > tables are incorrect, but that is unlikely with it using DHCP. > > For the sake of being thorough, running the 'route' command should show the > default destination gateway to be the IP of your router. > > As for your router not passing data back out, I'm at a loss as how to > correct that. Perhaps running netcat or sshd and trying to connect to that > could tell you if it is apache not working correctly, or the router. > > Orson Hi Orson, I'm pretty sure the problem is that Apache is not responding to the incoming external packets, not that the outgoing packets are being lost. The reason why I say this is because: * /var/log/apache/access.log * /var/log/apache/dirac.org.access.log * /var/log/apache/iuselinux.org.access.log are all empty. When I access dirac.org from inside the LAN, I can see exactly which files and images are requested because they get logged in the *.access logs. But when I access dirac.org from outside the LAN, the requests aren't logged in the *.access files. So therefore, I don't think Apache is responding to external requests. Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Apache: 2, Me: 0.
On Tue, Feb 15, 2011 at 12:26 PM, Cam Ellison wrote: > On 11-02-15 08:56 AM, Peter Salzman wrote: >> >> OK, I commented out all the virtual host stuff and changed ports.conf to: >> >> Listen 80 >> >> # SSL name based virtual hosts are not yet supported, therefore no >> Listen 443 >> >> ServerName dirac.org >> >> and Apache is still not responding to requests from outside my LAN. >> >> This is crazy! I've never had so much trouble with this before. The >> packets are clearly coming in. Could there be some kind of crazy >> packet header rewriting to make the packets look like they're destined >> for somewhere else (like the DSL modem)? >> >> Rod, do you have any other ideas? > Maybe I missed something in this discussion, but it looks as though you > have duplicate ServerName entries and Port assignments. You can't do > that - at least, not with impunity. Use your sites-enabled file to > specify the site and port(s), and take the corresponding entries out of > apache.conf. You also have conflicting site names between the two files. > > HTH > > Cam Hi Cam!!! When I take out the ServerName directive from apache2.conf and restart the server, I get the following warning: root@satan:/etc/apache2# /etc/init.d/apache2 restart * Restarting web server apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName ... waiting apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName [ OK ] I thought the ServerName within a virtual hosts directive indicates which name that particular virtual host responds to but the general ServerName is used (for some purpose) by the general web server? I tried taking the ServerName out of apache2.conf and got the error message above. Still didn't work, unfortunately, Where is the ports assignment done twice? I'm posting the relevant conf files. Would be supremely grateful to anyone who takes a look at them. I'm really frustrated and humbled by this problem. :-( :-( dirac.org and iuselinux.org are both in sites-enabled / sites-available. Thank you!! Pete apache2.conf Description: Binary data dirac.org Description: Binary data iuselinux.org Description: Binary data ports.conf Description: Binary data ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Apache: 2, Me: 0.
On Tue, Feb 15, 2011 at 12:40 PM, Orson Jones wrote: > A couple more things worth checking: > > Use netstat to check to see what IP(s) it is actually listening on. > netstat -tapn | grep LISTEN | grep :80 > If the output of that doesn't match what is in the configuration, there may > be something wrong with the config and you should spend more time looking > there. Otherwise: > > Check your firewall to see if it is blocking the port > Some distros now include a firewall by default and you have to manually > allow outside access to apache. > > run: "iptables -L" or "iptables-save" to see what rules are active in the > firewall. If you are using a firewall tool, it is probably easier to use > it's interface instead of the above commands, but these commands will at > least let you know if the firewall is active or not. > > Orson Hi Orson, Unfortunately, Apache is listening to 80 -- I think I know that because the webserver is accessible from inside the LAN. But just to make 100% sure, root@satan:/etc/network# netstat -tapn | grep -i listen | grep -i :80 tcp 0 0 0.0.0.0:80 0.0.0.0:*LISTEN 14090/apache2 I think the same argument applies to the firewall idea. Using tcpdump, I can definitely see external packets arrive at the right computer at the right port. I also checked tcpwrappers, and put ALL: ALL in hosts.allow, but that didn't work. It seems like everything points to Apache not knowing to look at incoming packets that originated outside the LAN. iptables has no rules in it, unfortunately. Great suggestions! Thank you! Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Apache: 2, Me: 0.
On Tue, Feb 15, 2011 at 12:32 PM, wrote: >> Original Message >> Subject: [vox-tech] Apache: 2, Me: 0. >> From: Peter Salzman >> Date: Mon, February 14, 2011 10:31 pm >> To: vox-tech >> >> >> Third time is a charm, perhaps. I'm trying to get Apache to work. >> >> I can access dirac.org successfully from inside my network; I can't >> access it from outside my home network. Apache is running on a Linux >> box on satan: 192.168.0.2 > > > > I'm assuming you want http://dirac.org to work from an outside browser. > It times out from here. > > 1) dig dirac.org returns 24.189.162.210. > 2) ping 24.189.162.210 returns 100% packet loss. > > I'm assuming /etc/network/interfaces has 24.189.162.210 as the > static IP address. > > So, maybe using 24.189.162.210 in your testing would be more insightful > than 192.168... Hi Tim, Yeah; in my testing, packets are actually received at port 80 of the right computer; Apache just refuses to respond to them. Currently the IP address is assigned via DHCP, but on the router, I reserved the IP addresses for all the main computers and network devices (I assume the router assigns the IP based on the reported MAC), so my interfaces file is pretty basic. auto lo iface lo inet loopback The IP gets assigned at boot time -- I assume dhcp is run in the startup scripts. Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Apache: 2, Me: 0.
On Tue, Feb 15, 2011 at 11:28 AM, Rod Roark wrote: > On 02/15/2011 08:05 AM, Peter Salzman wrote: >> and in ports.conf: >> >> Listen 192.168.0.2:80 >> >> >> # SSL name based virtual hosts are not yet supported, therefore >> no >> Listen 443 >> >> >> ServerName dirac.org > > So it's only listening on 192.168.0.2. Perhaps packets from outside > your network are forwarded to some other IP? > > To listen on all ports, change the first Listen directive to > just "Listen 80". > > Rod OK, I commented out all the virtual host stuff and changed ports.conf to: Listen 80 # SSL name based virtual hosts are not yet supported, therefore no Listen 443 ServerName dirac.org and Apache is still not responding to requests from outside my LAN. This is crazy! I've never had so much trouble with this before. The packets are clearly coming in. Could there be some kind of crazy packet header rewriting to make the packets look like they're destined for somewhere else (like the DSL modem)? Rod, do you have any other ideas? Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Apache: 2, Me: 0.
On Tue, Feb 15, 2011 at 9:29 AM, Rod Roark wrote: > > Check the Listen directives. By default it will listen on all > IP addresses, but if one specifies an IP or localhost then only > those specified will be listened to. > > If that's OK, then see if it works without the NameVirtualHost > and VirtualHost stuff. > > Rod Hi Rod! For the listen directive: root@satan:/etc/apache2# grep -R -i listen . and in ports.conf: Listen 192.168.0.2:80 # SSL name based virtual hosts are not yet supported, therefore no Listen 443 ServerName dirac.org does that look OK to you? I'll remove the name virtual hosting stuff and see if that changes anything. Thank you!! Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Apache: 2, Me: 0.
On Tue, Feb 15, 2011 at 2:42 AM, Nick Schmalenberger wrote: > On Tue, Feb 15, 2011 at 01:31:58AM -0500, Peter Salzman wrote: >> Third time is a charm, perhaps. I'm trying to get Apache to work. >> >> I can access dirac.org successfully from inside my network; I can't >> access it from outside my home network. Apache is running on a Linux >> box on satan: 192.168.0.2 and I'm testing it from a MS Windows machine >> on lucifer:192.168.0.3. My ISP is optimum online. Here are some >> clues. >> > Are you on ppp or pppoe? When you try to telnet in from outside, > you should be able to do GET / HTTP/1.0 and the server will > respond, but instead the connection closes. This makes me think > that a small connection is working but not for more data, and > maybe path mtu discovery and/or tcp maximum segment size > negotiation are broken because pppoe has an mtu of 1492 instead > of the ethernet mtu of 1500. It might be wrong, but I think being > able to get response headers from the server over telnet from > outside would be the next progress to make in troubleshooting it. > Nick Hi Nick, No, not on PPPOE or PPP. When I try to telnet to port 80 in from the outside, I don't get anything. The packets get forwarded to the right port on the right server, but Apache isn't picking up the phone at all. Do you have other ideas I might be able to try? I'm really stumped on this! Thanks! Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Apache: 2, Me: 0.
Third time is a charm, perhaps. I'm trying to get Apache to work. I can access dirac.org successfully from inside my network; I can't access it from outside my home network. Apache is running on a Linux box on satan: 192.168.0.2 and I'm testing it from a MS Windows machine on lucifer:192.168.0.3. My ISP is optimum online. Here are some clues. 1. tcpdump = Using tcpdump when accessing dirac.org from within the home network (this is what works): # tcpdump -i eth0 host ool-18bda2d2.dyn.optonline.net and tcp port 80 ool-18bda2d2.dyn.optonline.net.2826 > satan.www: Flags [S], seq 3934453911, win 65535, options [mss 1460,nop,nop,sackOK], length 0 satan.www > ool-18bda2d2.dyn.optonline.net.2826: Flags [S.], seq 2824373109, ack 3934453912, win 5840, options [mss 1460,nop,nop,sackOK], length 0 ool-18bda2d2.dyn.optonline.net.2826 > satan.www: Flags [.], ack 1, win 65535, length 0 ool-18bda2d2.dyn.optonline.net.2826 > satan.www: Flags [P.], seq 1:487, ack 1, win 65535, length 486 satan.www > ool-18bda2d2.dyn.optonline.net.2826: Flags [.], ack 487, win 6432, length 0 satan.www > ool-18bda2d2.dyn.optonline.net.2826: Flags [P.], seq 1:211, ack 487, win 6432, length 210 ool-18bda2d2.dyn.optonline.net.2826 > satan.www: Flags [.], ack 211, win 65325, length 0 Using tcpdump when accessing dirac.org from outside the home network (this doesn't work) # tcpdump -i eth0 host born.physics.ucdavis.edu and tcp dst port 80 born.physics.ucdavis.edu.45830 > satan.www: Flags [S], seq 692754447, win 5840, options [mss 1460,sackOK,TS val 303380783 ecr 0,nop,wscale 6], length 0 satan.www > born.physics.ucdavis.edu.45830: Flags [S.], seq 3535693591, ack 692754448, win 5792, options [mss 1460,sackOK,TS val 32070833 ecr 303380783,nop,wscale 6], length 0 born.physics.ucdavis.edu.45830 > satan.www: Flags [S], seq 692754447, win 5840, options [mss 1460,sackOK,TS val 303383783 ecr 0,nop,wscale 6], length 0 satan.www > born.physics.ucdavis.edu.45830: Flags [S.], seq 3535693591, ack 692754448, win 5792, options [mss 1460,sackOK,TS val 32071581 ecr 303380783,nop,wscale 6], length 0 satan.www > born.physics.ucdavis.edu.45830: Flags [S.], seq 3535693591, ack 692754448, win 5792, options [mss 1460,sackOK,TS val 32071915 ecr 303380783,nop,wscale 6], length 0 born.physics.ucdavis.edu.45830 > satan.www: Flags [S], seq 692754447, win 5840, options [mss 1460,sackOK,TS val 303389783 ecr 0,nop,wscale 6], length 0 satan.www > born.physics.ucdavis.edu.45830: Flags [S.], seq 3535693591, ack 692754448, win 5792, options [mss 1460,sackOK,TS val 32073081 ecr 303380783,nop,wscale 6], length 0 satan.www > born.physics.ucdavis.edu.45830: Flags [S.], seq 3535693591, ack 692754448, win 5792, options [mss 1460,sackOK,TS val 32073415 ecr 303380783,nop,wscale 6], length 0 satan.www > born.physics.ucdavis.edu.45830: Flags [S.], seq 3535693591, ack 692754448, win 5792, options [mss 1460,sackOK,TS val 32076415 ecr 303380783,nop,wscale 6], length 0 So packets are DEFINITELY reaching my server from outside my LAN. Port forwarding is working, and satan is acknowledging the packets. I believe that definitively points to Apache server misconfiguration. It's interesting that born and satan appear to talking to each other, sending each other syns over and over. 2. telnet == >From inside the network, I tried telneting to port 80 from lucifer (the MS Windows machine at 192.168.0.3): C:\Documents and Settings\p>telnet dirac.org 80 501 Method Not Implemented >From outside the network: born.ucdavis.edu$ telnet dirac.org 80 Trying 24.189.162.210... telnet: connect to address 24.189.162.210: Connection timed out Which is no surprise. It tells me that Apache isn't listening to connections from outside the network. I knew that already. 3. Apache Configuration == This is the weak link, I think. apache2ctl reports no configuration problems: root@satan:/etc/apache2# apache2ctl configtest Syntax OK I'm using name based virtual hosting since I may want to serve two domains from the same IP address in the future. In apache2.conf: ServerName www.dirac.org NameVirtualHost *:80 ErrorLog /var/log/apache2/error.log LogLevel debug In /etc/apache2/sites-enabled/001-dirac.org: ServerAdmin p...@dirac.org ServerName www.dirac.org ServerAlias www.dirac.org dirac.org satan DirectoryIndex index.html DocumentRoot /www/dirac LogLevel debug ErrorLog /var/log/apache2/dirac.org.error CustomLog /var/log/apache2/dirac.org.access combined And in /etc/apache2/sites-enabled/002-iuselinux.org: ServerAdmin p...@dirac.org ServerName www.iuselinux.org ServerAlias www.iuselinux.org iuselinux.org DirectoryIndex index.html DocumentRoot /www/iuselinux LogLevel debug ErrorLog /var/log/apache2/iuselinux.org.error CustomLog /var/log/apache2/iuselinux.org.access combined I worked my ass off to get rid of the "NameVirtualHost *:80 has no virtual host" error messages. I'm no expert, but this looks right to me.
Re: [vox-tech] find not found
On Sun, Oct 24, 2010 at 9:17 PM, Rod Roark wrote: > On 10/24/2010 01:35 PM, Brian Lavender wrote: >> On Sat, Oct 23, 2010 at 11:00:40AM -0700, Rod Roark wrote: >>> A strange thing happened last night around 10:09 pm. I had just rebooted >>> my home server (running Ubuntu 10.04), and then started getting emails >>> from cron jobs saying this: >>> >>> /bin/sh: find: not found >> >> Is /usr/bin in your path? > > Yes. It was not a path problem, but a missing file problem. That's > the mystery. > > I have a feeling my Hauppauge PVR-350 TV capture card may have > caused this. It was recording a program and had died (i.e. would > no longer record), which is what prompted the original reboot. > > Rod Seems like that would be more of a symptom than a cause. How would recording a program delete files in of itself? I haven't followed the entire thread -- was filesystem (either physical or virtual) or memory corruption ruled out? Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Webserver Woes: Lost Packets
On Mon, Oct 18, 2010 at 12:18 AM, Chanoch (Ken) Bloom wrote: > On Mon, 2010-10-18 at 00:07 -0400, Peter Salzman wrote: >> On Sun, Oct 17, 2010 at 11:25 PM, Chanoch (Ken) Bloom >> wrote: >> > On Sun, 2010-10-17 at 22:18 -0400, Peter Salzman wrote: >> >> > Your apache configuration has nothing to do with a problem at this >> >> > level. >> > >> >> If it's not an Apache or firewall problem, then you should be able to >> >> connect to dirac.org. Can you reach it? >> > >> > No, I can't. >> > >> > Here's some potentially relevant info: >> > >> > [bl...@cat-in-the-hat ~]$ dig dirac.org >> > >> > ; <<>> DiG 9.7.1-P2 <<>> dirac.org >> > ;; global options: +cmd >> > ;; Got answer: >> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17811 >> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 >> > >> > ;; QUESTION SECTION: >> > ;dirac.org. IN A >> > >> > ;; ANSWER SECTION: >> > dirac.org. 3590 IN A 24.189.162.69 >> > >> > ;; Query time: 17 msec >> > ;; SERVER: 192.168.1.1#53(192.168.1.1) >> > ;; WHEN: Sun Oct 17 22:23:24 2010 >> > ;; MSG SIZE rcvd: 43 >> > >> > [bl...@cat-in-the-hat ~]$ traceroute dirac.org >> > traceroute to dirac.org (24.189.162.69), 30 hops max, 60 byte packets >> > 1 DD-WRT (192.168.1.1) 0.969 ms 1.961 ms 2.354 ms >> > 2 24-148-9-1.arm-bsr1.chi-arm.il.cable.rcn.com (24.148.9.1) 12.839 ms >> > 13.204 ms 13.440 ms >> > 3 mart-h1.chi-mart.il.cable.rcn.net (207.229.191.130) 14.296 ms 14.540 >> > ms 14.768 ms >> > 4 tge3-1.border2.eqnx.il.rcn.net (207.172.19.159) 217.065 ms 217.437 >> > ms 217.673 ms >> > 5 r1-ge9-0-0.in.chcgildt.cv.net (206.223.119.13) 19.001 ms 19.378 ms >> > 19.611 ms >> > 6 64.15.1.6 (64.15.1.6) 44.633 ms 39.785 ms 40.078 ms >> > 7 64.15.5.137 (64.15.5.137) 45.814 ms 44.587 ms 41.395 ms >> > 8 ool-4353dd8e.dyn.optonline.net (67.83.221.142) 40.295 ms 45.014 ms >> > 45.359 ms >> > 9 ubr101-ge1-0-0.cmts.nyk4ny.cv.net (67.83.221.171) 42.448 ms 42.691 >> > ms 42.922 ms >> > 10 * * * >> > 11 * * * >> >> >> Well, it looks OK, I guess. However, if I see the request coming in >> with tcpdump, yet Apache doesn't log the request, doesn't that point >> to some kind Apache misconfiguration? > > The traceroute stops somewhere before it ever reaches your dirac.org. > (or it *does* reach your machine, but the responses are getting eaten > somewhere in the middle.) > > So you need to get on the phone with your ISP. > > --Ken Not to belabor the point, but we know the packets are received by dirac.org because I see them with tcpdump. Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Webserver Woes: Lost Packets
On Sun, Oct 17, 2010 at 11:25 PM, Chanoch (Ken) Bloom wrote: > On Sun, 2010-10-17 at 22:18 -0400, Peter Salzman wrote: >> > Your apache configuration has nothing to do with a problem at this >> > level. > >> If it's not an Apache or firewall problem, then you should be able to >> connect to dirac.org. Can you reach it? > > No, I can't. > > Here's some potentially relevant info: > > [bl...@cat-in-the-hat ~]$ dig dirac.org > > ; <<>> DiG 9.7.1-P2 <<>> dirac.org > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17811 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;dirac.org. IN A > > ;; ANSWER SECTION: > dirac.org. 3590 IN A 24.189.162.69 > > ;; Query time: 17 msec > ;; SERVER: 192.168.1.1#53(192.168.1.1) > ;; WHEN: Sun Oct 17 22:23:24 2010 > ;; MSG SIZE rcvd: 43 > > [bl...@cat-in-the-hat ~]$ traceroute dirac.org > traceroute to dirac.org (24.189.162.69), 30 hops max, 60 byte packets > 1 DD-WRT (192.168.1.1) 0.969 ms 1.961 ms 2.354 ms > 2 24-148-9-1.arm-bsr1.chi-arm.il.cable.rcn.com (24.148.9.1) 12.839 ms > 13.204 ms 13.440 ms > 3 mart-h1.chi-mart.il.cable.rcn.net (207.229.191.130) 14.296 ms 14.540 ms > 14.768 ms > 4 tge3-1.border2.eqnx.il.rcn.net (207.172.19.159) 217.065 ms 217.437 ms > 217.673 ms > 5 r1-ge9-0-0.in.chcgildt.cv.net (206.223.119.13) 19.001 ms 19.378 ms > 19.611 ms > 6 64.15.1.6 (64.15.1.6) 44.633 ms 39.785 ms 40.078 ms > 7 64.15.5.137 (64.15.5.137) 45.814 ms 44.587 ms 41.395 ms > 8 ool-4353dd8e.dyn.optonline.net (67.83.221.142) 40.295 ms 45.014 ms > 45.359 ms > 9 ubr101-ge1-0-0.cmts.nyk4ny.cv.net (67.83.221.171) 42.448 ms 42.691 ms > 42.922 ms > 10 * * * > 11 * * * Well, it looks OK, I guess. However, if I see the request coming in with tcpdump, yet Apache doesn't log the request, doesn't that point to some kind Apache misconfiguration? Thanks, Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Webserver Woes: Lost Packets
On Sun, Oct 17, 2010 at 9:59 PM, Chanoch (Ken) Bloom wrote: > On Sun, Oct 17, 2010 at 06:04:58PM -0400, Peter Salzman wrote: >> I'm having trouble with Apache running on satan (192.162.0.2). At >> some point I must have changed something, and it stopped working. >> >> There are two virtual hosts: >> >> 1. /etc/apache2/sites-enabled/000-default >> >> >> ServerAdmin p...@dirac.org >> DocumentRoot /var/www >> >> Options FollowSymLinks >> AllowOverride None >> >> >> >> Options Indexes FollowSymLinks MultiViews >> AllowOverride None >> Order allow,deny >> allow from all >> >> >> ErrorLog /var/log/apache2/error.log >> LogLevel debug >> >> CustomLog /var/log/apache2/access.log combined >> >> >> >> >> 2. /etc/apache2/sites-enabled/001-dirac.org (the one I want to work) >> >> >> ServerAdmin p...@dirac.org >> ServerName www.dirac.org >> ServerAlias dirac.org >> >> DirectoryIndex index.html >> DocumentRoot /var/www/ >> >> LogLevel debug >> ErrorLog /var/log/apache2/dirac.org.error >> CustomLog //var/log/apache2/dirac.org.access combined >> >> >> The /etc/hostname file contains "satan". The /etc/hosts file contains: >> >> 192.168.0.2 satan >> 192.168.0.2 dirac.org >> 192.168.0.2 www.dirac.org >> >> >> >> >> I'm seeing different behaviors depending on whether I'm on the home >> network or outside the home network. >> >> From the home network I can access the webserver from any computer by >> pointing a browser to http://dirac.org, http://www.dirac.org, >> http://192.168.0.2, http://24.189.162.69/, or http://satan. When I >> access www.dirac.org or dirac.org, /var/log/apache/dirac.org.access >> gets larger. When I access satan, 192.168.0.2, or 24.189.162.69 (my >> external IP), /var/log/apache2/access.log gets larger. No surprises >> here. >> >> From outside the home network, I can't access the webserver at all, >> and as expected, none of the logs get larger. It's clear that Apache >> simply isn't seeing anything, otherwise, the logs would increase in >> size. >> >> I don't think it's a firewall issue because tcpdump sees external www >> requests coming from. From external IP 10.37.247.64 (an iPhone on the >> 3G network), I point Safari to "http://www.dirac.org"; and this is what >> tcpdump reports: >> >> r...@satan:/var/log/apache2# tcpdump -vv -i eth0 tcp port 80 | grep cingular >> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 >> bytes >> satan.www > mobile-166-137-137-082.mycingular.net.4445: Flags >> [S.], cksum 0x4d17 (correct), seq 305106526, ack 4022190454, win 5792, >> options [mss 1460,sackOK,TS val 1210510762 ecr 842475580,nop,wscale >> 6], length 0 >> mobile-166-137-137-082.mycingular.net.5878 > satan.www: Flags [S], >> cksum 0x3dc6 (correct), seq 1346585780, win 65535, options [mss >> 1410,nop,wscale 2,nop,nop,TS val 842476145 ecr 0,sackOK,eol], length 0 >> satan.www > mobile-166-137-137-082.mycingular.net.5878: Flags >> [S.], cksum 0xcafe (correct), seq 1206576348, ack 1346585781, win >> 5792, options [mss 1460,sackOK,TS val 1210513399 ecr >> 842476145,nop,wscale 6], length 0 >> mobile-166-137-137-082.mycingular.net.5878 > satan.www: Flags [S], >> cksum 0x3dbc (correct), seq 1346585780, win 65535, options [mss >> 1410,nop,wscale 2,nop,nop,TS val 842476155 ecr 0,sackOK,eol], length 0 >> satan.www > mobile-166-137-137-082.mycingular.net.5878: Flags >> [S.], cksum 0xcafe (correct), seq 1206576348, ack 1346585781, win >> 5792, options [mss 1460,sackOK,TS val 1210513399 ecr >> 842476145,nop,wscale 6], length 0 >> >> Packets from the iPhone are seen coming in. And packets are being >> sent back out to the iPhone. However, Safari errors out with a >> "Cannot open Page" error. Furthermore, neither >> /var/log/apache2/access.log no /var/log/apache2/dirac.org.access get >> larger. >> >> On one hand it's "obvious" that Apache isn't seeing these packets from >> the iPhone because the logs aren't increasing in size. On the other >> hand, it's not "obvious" because .. why are packets being sent from >> satan.www to mycingular.net? >> >> I'm really stumped. Any ideas? > > The packets you see going from satan.www to mycingular.net are SYN-ACK > packets, which are the second part of the three-way handshake used to > open a TCP connection. That is, satan is responding to the iPhone and > agreeing to open a connection. For some reason, the iPhone doesn't see > this response (or just doesn't respond with the ACK that is the third > part of the three-way handshake). > > Your apache configuration has nothing to do with a problem at this > level. > > --Ken If it's not an Apache or firewall problem, then you should be able to connect to dirac.org. Can you reach it? Thanks! Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Webserver Woes: Lost Packets
I'm having trouble with Apache running on satan (192.162.0.2). At some point I must have changed something, and it stopped working. There are two virtual hosts: 1. /etc/apache2/sites-enabled/000-default ServerAdmin p...@dirac.org DocumentRoot /var/www Options FollowSymLinks AllowOverride None Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all ErrorLog /var/log/apache2/error.log LogLevel debug CustomLog /var/log/apache2/access.log combined 2. /etc/apache2/sites-enabled/001-dirac.org (the one I want to work) ServerAdmin p...@dirac.org ServerName www.dirac.org ServerAlias dirac.org DirectoryIndex index.html DocumentRoot /var/www/ LogLevel debug ErrorLog /var/log/apache2/dirac.org.error CustomLog //var/log/apache2/dirac.org.access combined The /etc/hostname file contains "satan". The /etc/hosts file contains: 192.168.0.2 satan 192.168.0.2 dirac.org 192.168.0.2 www.dirac.org I'm seeing different behaviors depending on whether I'm on the home network or outside the home network. >From the home network I can access the webserver from any computer by pointing a browser to http://dirac.org, http://www.dirac.org, http://192.168.0.2, http://24.189.162.69/, or http://satan. When I access www.dirac.org or dirac.org, /var/log/apache/dirac.org.access gets larger. When I access satan, 192.168.0.2, or 24.189.162.69 (my external IP), /var/log/apache2/access.log gets larger. No surprises here. >From outside the home network, I can't access the webserver at all, and as expected, none of the logs get larger. It's clear that Apache simply isn't seeing anything, otherwise, the logs would increase in size. I don't think it's a firewall issue because tcpdump sees external www requests coming from. From external IP 10.37.247.64 (an iPhone on the 3G network), I point Safari to "http://www.dirac.org"; and this is what tcpdump reports: r...@satan:/var/log/apache2# tcpdump -vv -i eth0 tcp port 80 | grep cingular tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes satan.www > mobile-166-137-137-082.mycingular.net.4445: Flags [S.], cksum 0x4d17 (correct), seq 305106526, ack 4022190454, win 5792, options [mss 1460,sackOK,TS val 1210510762 ecr 842475580,nop,wscale 6], length 0 mobile-166-137-137-082.mycingular.net.5878 > satan.www: Flags [S], cksum 0x3dc6 (correct), seq 1346585780, win 65535, options [mss 1410,nop,wscale 2,nop,nop,TS val 842476145 ecr 0,sackOK,eol], length 0 satan.www > mobile-166-137-137-082.mycingular.net.5878: Flags [S.], cksum 0xcafe (correct), seq 1206576348, ack 1346585781, win 5792, options [mss 1460,sackOK,TS val 1210513399 ecr 842476145,nop,wscale 6], length 0 mobile-166-137-137-082.mycingular.net.5878 > satan.www: Flags [S], cksum 0x3dbc (correct), seq 1346585780, win 65535, options [mss 1410,nop,wscale 2,nop,nop,TS val 842476155 ecr 0,sackOK,eol], length 0 satan.www > mobile-166-137-137-082.mycingular.net.5878: Flags [S.], cksum 0xcafe (correct), seq 1206576348, ack 1346585781, win 5792, options [mss 1460,sackOK,TS val 1210513399 ecr 842476145,nop,wscale 6], length 0 Packets from the iPhone are seen coming in. And packets are being sent back out to the iPhone. However, Safari errors out with a "Cannot open Page" error. Furthermore, neither /var/log/apache2/access.log no /var/log/apache2/dirac.org.access get larger. On one hand it's "obvious" that Apache isn't seeing these packets from the iPhone because the logs aren't increasing in size. On the other hand, it's not "obvious" because .. why are packets being sent from satan.www to mycingular.net? I'm really stumped. Any ideas? Thanks! Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Apache2 problems
On Thu, Aug 12, 2010 at 5:56 AM, Ryan wrote: > On Tuesday August 10 2010 12:50:00 Peter Salzman wrote: > > From the lack of entries in the log file, it looks like Apache isn't > seeing > > the incoming request. However, tcpdump seems to be showing otherwise. > > Port 80 is forwarded to the Linux box by the router. > > > > In sites.enabled: > > > > > >ServerAdmin p...@dirac.org > >ServerName www.dirac.org > >ServerAlias dirac.org > > > ># Indexes + Directory Root. > >DirectoryIndex index.html > >DocumentRoot /var/www/ > > > ># Logfiles > >ErrorLog /var/log/apache2/dirac.org.error > >CustomLog //var/log/apache2/dirac.org.access combined > > > > --snip-- > > > Any ideas what could be preventing this from working? > > I'm going assume that your router is doing some form of NAT given that you > appear to be connected with a dynamic IP cable internet service. > > Unless you are port forwarding to an internal box that actually has an > interface configured with the IP address 24.189.162.69, this is not going > to > work. The connection will hit your router on port 80, get rewritten to > whatever internal address your web server has, and then hit Apache. Apache > will look at the ip address on the local side of the socket and fail to > match > those vhosts since it doesn't see the 24.189.162.69 address anywhere. > > Another thing to note - cable internet providers often block inbound port > 80 - > and it looks like yours is doing so. > > http://www.google.com/search?q=optonline+block+port+80 > > However, they seem to be doing it by blocking the return SYN+ACK packet > which > is a completely asinine way to accomplish the block which manages to make > troubleshooting extra annoying (as you've discovered). You can check this > by > running tcpdump on both the client and server. > > Fun fact - these port blocks are usually done on the subscriber's modem by > a > policy pushed down in the config file from the CMTS. > > Finally, a general Apache note - unless you actually do need to serve > different sites based on what IP address is hit, you probably should use > . It'll save headaches if your ip addresses change. > > -Ryan > Hi Ryan! I actually got it working. It turned out to be a router issue. I forwarded the port using the "port forward" page, whereas apparently I should have forwarded the port using the "application forward" page. I'm not too sure what the difference is, but there you go. I works! Optonline has different classes of service. I have the super-duper dluxe service with static ip and no blocked ports (as you'll see if you point a browser to dirac.org). Thanks for the tip on virtual name host. I definitely will keep that in mind. It's a real headache tracking down "named host has no virtual servers" warnings... Thanks! Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Apache2 problems
On Tue, Aug 10, 2010 at 4:19 PM, Chanoch (Ken) Bloom wrote: > On Tue, Aug 10, 2010 at 03:50:00PM -0400, Peter Salzman wrote: > > I set up Apache2 on home Kubuntu box. I defined one named virtual host > in > > addition to "default" that came with the installation. When I try to > access > > the server from work, Firefox responds with "The connection timed out". > > > > When I run tcpdump -i eth0 tcp port 80, I see the incoming request from > work > > to http://www.dirac.org: > > > > 14:30:42.219003 IP ny-131.foo.com.33188 > satan.www: Flags [S], seq > > 3646786876, win 64512, options [mss 1460,nop,nop,sackOK], length 0 > > > > I also see (what looks to be) the outgoing packets from satan to work: > > > > 14:30:42.219027 IP satan.www > ny-131.foo.com.33188: Flags [S.], seq > > 2741002130, ack 3646786877, win 5840, options [mss 1460,nop,nop,sackOK], > > length 0 > > > > However, *nothing* is getting written to the logs: > > > > -rw-r- 1 root root 0 2010-08-10 12:21 access.log > > -rw-r- 1 root root 0 2010-08-10 12:21 dirac.org.access > > -rw-r- 1 root root 0 2010-08-10 12:21 dirac.org.error > > -rw-r- 1 root root 330 2010-08-10 12:21 error.log > > > > > > The file error.log doesn't have anything interesting in it: > > > > > > [Tue Aug 10 12:21:00 2010] [notice] Apache/2.2.12 (Ubuntu) > > PHP/5.2.10-2ubuntu6.4 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0 > > configured -- resuming normal operations > > [Tue Aug 10 12:21:00 2010] [info] Server built: Mar 9 2010 21:20:44 > > [Tue Aug 10 12:21:00 2010] [debug] prefork.c(1013): AcceptMutex: sysvsem > > (default: sysvsem) > > > > > > From the lack of entries in the log file, it looks like Apache isn't > seeing > > the incoming request. However, tcpdump seems to be showing otherwise. > Port > > 80 is forwarded to the Linux box by the router. > > First, we *need* to know the names of the files involved, since the > alphabetical order of the files determines which is the default host > (the first host is default, so you should have > sites-enabled/000-default and sites-enabled/001-dirac). > > > In sites.enabled: > > Did you verify that this is the correct IP address? (You probably want > to use "*:80" instead.) > > > > >ServerAdmin p...@dirac.org > >ServerName www.dirac.org > >ServerAlias dirac.org > > > ># Indexes + Directory Root. > >DirectoryIndex index.html > >DocumentRoot /var/www/ > > > ># Logfiles > >ErrorLog /var/log/apache2/dirac.org.error > >CustomLog //var/log/apache2/dirac.org.access combined > > > > > > The default enabled site starts off as: > > You don't have a ServerName for the default site. Is it > possible that the default is catching all of the requests since it has > no name? Give it a name. Since it's the default (its configuration > file comes first alphabetically), it will still respond > to any unknown hostnames passed in the host header. > > The link I quote below says: > "ServerName should always be set for each vhost. Otherwise A DNS lookup > is required for each vhost." > > > > >ServerAdmin p...@dirac.org > >DocumentRoot /var/www > >. . . > > > > > > > > Any ideas what could be preventing this from working? > > For more information about Apache virtual host ordering, see > http://httpd.apache.org/docs/2.2/vhosts/details.html > > --Ken > Interesting -- I didn't know that the sites were read in alpha order. Also, I guess the wildcard for the NameVirtualHost is a better idea. Unfortunately, didn't fix the problem, but more weirdness came up. I can't telnet to dirac.org port 80, which would explain why the logs aren't being touched. But then I'm at a loss as to how tcpdump apparently sees the connection: tcpdump -i eth0 tcp port 80 16:40:32.104293 IP ny-131.foo.com.10096 > satan.www: Flags [S], seq 1653467397, win 64512, options [mss 1460,nop,nop,sackOK], length 0 16:40:32.104314 IP satan.www > ny-131.foo.com.10096: Flags [S.], seq 329481650, ack 1653467398, win 5840, options [mss 1460,nop,nop,sackOK], length 0 It looks like the packets are getting forwarded correctly, but nobody is listening. The port is set correctly in /etc/apache2/ports.conf and I verified that apache2 is indeed running. It's such a mystery! :-( Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Apache2 problems
I set up Apache2 on home Kubuntu box. I defined one named virtual host in addition to "default" that came with the installation. When I try to access the server from work, Firefox responds with "The connection timed out". When I run tcpdump -i eth0 tcp port 80, I see the incoming request from work to http://www.dirac.org: 14:30:42.219003 IP ny-131.foo.com.33188 > satan.www: Flags [S], seq 3646786876, win 64512, options [mss 1460,nop,nop,sackOK], length 0 I also see (what looks to be) the outgoing packets from satan to work: 14:30:42.219027 IP satan.www > ny-131.foo.com.33188: Flags [S.], seq 2741002130, ack 3646786877, win 5840, options [mss 1460,nop,nop,sackOK], length 0 However, *nothing* is getting written to the logs: -rw-r- 1 root root 0 2010-08-10 12:21 access.log -rw-r- 1 root root 0 2010-08-10 12:21 dirac.org.access -rw-r- 1 root root 0 2010-08-10 12:21 dirac.org.error -rw-r- 1 root root 330 2010-08-10 12:21 error.log The file error.log doesn't have anything interesting in it: [Tue Aug 10 12:21:00 2010] [notice] Apache/2.2.12 (Ubuntu) PHP/5.2.10-2ubuntu6.4 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal operations [Tue Aug 10 12:21:00 2010] [info] Server built: Mar 9 2010 21:20:44 [Tue Aug 10 12:21:00 2010] [debug] prefork.c(1013): AcceptMutex: sysvsem (default: sysvsem) >From the lack of entries in the log file, it looks like Apache isn't seeing the incoming request. However, tcpdump seems to be showing otherwise. Port 80 is forwarded to the Linux box by the router. In sites.enabled: ServerAdmin p...@dirac.org ServerName www.dirac.org ServerAlias dirac.org # Indexes + Directory Root. DirectoryIndex index.html DocumentRoot /var/www/ # Logfiles ErrorLog /var/log/apache2/dirac.org.error CustomLog //var/log/apache2/dirac.org.access combined The default enabled site starts off as: ServerAdmin p...@dirac.org DocumentRoot /var/www . . . Any ideas what could be preventing this from working? Thanks, Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Wireless Networking
On Wed, Jul 28, 2010 at 3:57 PM, Chanoch (Ken) Bloom wrote: > On Wed, 2010-07-28 at 15:23 -0400, Peter Salzman wrote: > > > > So you're saying that if the interface can be brought up, say, by > > "ifconfig wlan1 192.168.0.5 up" then I can safely cross driver off the > > list of possible things that went wrong? > > Yes. > > --Ken > Success! Thank you! It's only connecting at 802.11g. I suspect that's why people are using the company's drivers instead of the kernel. Will play around with that in the future. The important thing is that I have a connection. Thanks, Ken! Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Wireless Networking
On Wed, Jul 28, 2010 at 2:14 PM, Chanoch (Ken) Bloom wrote: > On Wed, Jul 28, 2010 at 12:42:36PM -0400, Peter Salzman wrote: > > I'm having a horrendously awful time getting wireless networking working > on > > my Kubuntu box. I've never played around with wireless networking on > Linux > > before and wanted to consolidate my knowledge and see if I understand it > > correctly. My two wireless cards are: > > > > Edimax EW-7318usg > > 148F:2573 Ralink Technology, Corp. RT2501USB wireless adapter > > > > Alfa AWUS050NH > > 148F:2770 Ralink Technology, Corp. > > > > If this were wired networking, the steps I would take would be: > > > > 1. Plug in the card into the computer and connect it to the router. > > 2. Load the correct driver. > > 3. Bring the interface up and assign an IP addr, either manually with > > ifconfig or automatically with dhclient. > > 3a. If manual was used in step 3, resolv.conf must contain the DNS > servers > > and a gateway must be specified with "route". > > > > I assume wireless networking must work more or less the same way. The > two > > things that are causing me grief are: > > > > 1. I don't know if the drivers are correct. > > dmesg should clue you in to that. > You can also run ifconfig -a or iwconfig to see whether the interface > appears in the list. If that works, then your driver works. (Well, if > it appears in the list but doesn't work, then you're into bug hunting, > really.) > Unfortunately, that's kind of where I am, and part of why it's so frustrating. The interfaces definitely show up, but I can't connect to the WAN. I wasn't sure if it was non-functional driver, wpa_supplicant not working, some option or parameter that needs to be set somewhere. So you're saying that if the interface can be brought up, say, by "ifconfig wlan1 192.168.0.5 up" then I can safely cross driver off the list of possible things that went wrong? > > 2. Security details (WEP, WPA, etc) > > Use wpasupplicant. > > wpasupplicant maintains a configuration file with a list of networks > and their encryption types and passwords. When you run wpasupplicant, > it looks to see what's available that it knows about, picks one and > connects (to the wireless router -- then it's your job to set up the > IP address yourself.) If it doesn't know about any of the available > networks, it doesn't connect to any of them, even if they're > unencrypted. > > For some security confiurations (pretty much only WEP), you can use > iwconfig. iwconfig is the low level tool for connecting > to the network. It doesn't remember anything about any networks (kinda > like how ifconfig works) > OK, I had no idea, but this is great info! If worse comes to worse, I'll set network security to WEP temporarily. > Either way, you can check whether it worked by running iwconfig -- it > it says "Access Point: Not-Associated", you failed. If it gives a MAC > address, then you succeded. > > Your new set of steps: > > 1. Plug in the card into the computer and connect it to the router. > (check by looking at dmesg to see the USB subsystem recognizes that > it was plugged in.) > 2. Load the correct driver. (May happen automatically by udev) > (check by running ifconfig -a to see what name the interface was > given) > 3. Bring the interface up and connect to a wireless network > option 1: use wpa_supplicant for all of this. > option 2: use ifconfig/iwconfig for the various steps > (check by running iwconfig to see whether it's associated with a > particular MAC address. Maybe you could do some kind of arp lookup > at this point also.) > 4. Assign an IP address > option 1: dhclient > option 2: ifconfig/route/vi resolv.conf > (check by pinging something) > > In general, you probably want to use something like network-manager or > wicd to handle connecting to wireless networks. Even if you'd > ordinarily prefer to write your own networking configuration script, > or hard code information in /etc/network/interfaces, and let Debian > do it for you you're most likely going to be using a lot more > different networks (with a lot more varied configurations) with your > wireless card than you typically do with your wired ethernet. > > If you've reached the driver step and successfully loaded the driver, > you can watch the state of your wireless card in real time using wavemon > It will show you signal strength, which AP you're associated with, and > your IP address as they change (which can be useful to have in another > window while you're fighting through the details of configuring the > network.) <http://lists.lugod.org/mailman/listinfo/vox-tech> Awesome!!!The wavemon idea is spectacular. Hope to report good news tonight. Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Wireless Networking
I'm having a horrendously awful time getting wireless networking working on my Kubuntu box. I've never played around with wireless networking on Linux before and wanted to consolidate my knowledge and see if I understand it correctly. My two wireless cards are: Edimax EW-7318usg 148F:2573 Ralink Technology, Corp. RT2501USB wireless adapter Alfa AWUS050NH 148F:2770 Ralink Technology, Corp. If this were wired networking, the steps I would take would be: 1. Plug in the card into the computer and connect it to the router. 2. Load the correct driver. 3. Bring the interface up and assign an IP addr, either manually with ifconfig or automatically with dhclient. 3a. If manual was used in step 3, resolv.conf must contain the DNS servers and a gateway must be specified with "route". I assume wireless networking must work more or less the same way. The two things that are causing me grief are: 1. I don't know if the drivers are correct. 2. Security details (WEP, WPA, etc) Part of the problem is that there seems to be a LOT of information out there, and some of it is conflicting. For example, which drivers to use for these wireless cards. When I load a driver, is there some way of finding out if the driver is functional for the card? It would remove a lot of the later guesswork if I had confidence that the driver loaded is correct and working. The 2nd question concerns security. If you want to use WPA2/AES, is wpa_supplicant mandatory to use? Since the obvious way to know if networking is functional is to ping a remote host, if it doesn't work, it's not clear at what stage the process is failing at. Is there a way to detect that everything is AOK up to wpa_suplicant without having to switch the router's security completely off? Thanks! Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] LINUX installation question windows Vista
I'm not a windows expert, but I think you can set the page file size to 0, at least temporarily, so there would be no pagefiles to cause problems with partitioning. My Computer | Properties | Advanced | Performance | Settings | Virtual Memory | Change Make the settings and reboot. I believe your page files will be gone. Pete On Wed, Feb 10, 2010 at 3:13 PM, Jason Snyder wrote: > To Whom it May Concern, > > I have a computer with windows Vista and am having problems creating a > partition due to pagefiles. I was wondering if it is possible to just > install/run linux from an external hard drive where I can easily have > partitions of 250 GB as opposed to 7 GB, which is the maximum partition I > can get on my C drive. > > Thanks, > > Jason > > ___ > vox-tech mailing list > vox-tech@lists.lugod.org > http://lists.lugod.org/mailman/listinfo/vox-tech > > ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Samba Password Authentication is failing
This problem has been kicking my butt for a couple of days now. The computer names are: Linux: satan (Kubuntu) Windows: lucifer (WinXP) I want to mount Linux shares into "My Network Places" on Windows. My username on both machines is "p".The security related directives of the global section of smb.conf is: ### security ### security = user encrypt passwords = true # passdb backend= smbpasswd:/etc/samba/smbpasswd passdb backend= tdbsam:/var/lib/samba/passdb.tdb browseable= true If I set the security model to "share" with zero security everything works fine: I can access the Linux shares from the Windows machine. However, I'm trying to set this up correctly. Double clicking a share icon on the Windows machine (i.e. when I try to access a Linux share), I get a Win error pop-up: "\\Satan\tmp is not accessible. You might not have permission to use this network resource. Logon failure: unknown user name or bad password" On the Linux side, the log message says: netbios connect: name1=SATAN name2=LUCIFER netbios connect: local=satan remote=lucifer, name type = 0 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Authentication for user [p] -> [p] FAILED with error NT_STATUS_WRONG_PASSWORD Authentication for user [p] -> [p] FAILED with error NT_STATUS_WRONG_PASSWORD However, the passwords *should* be the same. First, I verified that my Linux Samba account exists using "pdbedit -Lv", and it looks good: Unix username:p NT username: Account Flags:[U ] User SID: S-1-5-21-861626965-82493899-2044239696-3000 Primary Group SID:S-1-5-21-861626965-82493899-2044239696-513 Full Name:Peter Jay Salzman,,, Home Directory: \\satan\p HomeDir Drive: Logon Script: Profile Path: \\satan\p\profile Domain: SATAN Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Sat, 30 Jan 2010 14:18:16 EST Password can change: Sat, 30 Jan 2010 14:18:16 EST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF I set my Linux Samba password with: # smbpasswd -D10 -c /etc/samba/smb.conf p and here's the general gist of the output: my_netbios_names[0]="SATAN" Attempting to find a passdb backend to match tdbsam:/var/lib/samba/passdb.tdb (tdbsam) Found pdb backend tdbsam pdb backend tdbsam:/var/lib/samba/passdb.tdb has a valid init (at which point I enter my Windows password, and then the verbose output continues...) tdbsam_open: successfully opened /var/lib/samba/passdb.tdb pdb_set_username: setting username p, was pdb_set_domain: setting domain SATAN, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Peter Jay Salzman was Home server: satan Substituting charset 'UTF-8' for LOCALE Finding user p Trying _Get_Pwnam(), username as lowercase is p Get_Pwnam_internals did find user [p]! account_policy_get: name: password history, val: 0 pdb_set_username: setting username p, was pdb_set_domain: setting domain SATAN, was pdb_set_full_name: setting full name Peter Jay Salzman was Home server: satan Unlocking key 555345525F7000 tdb_update_sam: Updating key for RID 3000 Locking key 5249445F303030303062 Allocated locked data 0x0x29fa620 Unlocking key 5249445F303030303062 The password file appears that it was updated: # ll /var/lib/samba/passdb.tdb -rw--- 1 root root 36K 2010-01-30 15:06 /var/lib/samba/passdb.tdb # date Sat Jan 30 3:07 PM Everything looks correct and healthy. Please does anyone have any ideas what could be happening? Thanks! Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] samba: smbpasswd not working
I'm trying to access Linux "shares" from a windows machine. So I went through this on my Linux server: # cat /etc/passwd | mksmbpasswd > /etc/samba/smbpasswd # smbpasswd -U p New SMB password: Retype new SMB password: The first command created the file /etc/samba/smbpasswd with all the user names (as expected) with disabled accounts (passwords are all X's). I typed in the same password twice. Everything looked good, but when I looked at /etc/samba/smbpasswd, it didn't change. The entry still says: p:1000::: .. I was expecting some of those "X"'s to be part of an encrypted string. Shouldn't smbpasswd change this file in *some* way? I do declare the location of the password file in /etc/samba/smb.conf: security = user encrypt passwords = yes smb passwd file= /etc/samba/smbpasswd Help. I have no idea what to do. I'm leaving on Saturday for Guatemala for 2.5 weeks, and I'd like to get this fixed before I go if possible. Thanks! Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] [OT] Uploading an image to Wikipedia (licensing)
I'm writing a Wikipedia article, and want to upload an image (the first time I'm uploading multimedia to Wikipedia). I found what appears to be a contradiction in Wikipedia's uploading policy. First of all, the image I want to upload is not mine, but the person who took the photo gave me permission to use it for the article: Hi Peter, Sorry for the delay in getting back to you. I have attached a copy of Salih's most recent portrait taken by myself, and owned by the ICMA Centre. You have express permission from me, as the photographer and as a representative of the ICMA Centre, to use this image on wikipedia. I hope this covers the required grounds - I'm afraid I don't have time to read up the implications of OC licenses etc (hence the delay in me getting back to you), so let me know if you need anything more. Kind regards, André Here's where the apparent contradiction comes. According to http://en.wikipedia.org/wiki/Wikipedia:Uploading_images in the cases of images where their owners have stipulated they be used for non-commercial purposes only, under new guidelines such images may no longer be uploaded into Wikipedia except by the express permission of those owners. [1] But when you follow the endnote [1], it leads to this text: All images which are for non-commercial only use and by permission only are not acceptable for Wikipedia and will be deleted. So on one hand, I can upload the image because I have the express permission from the owner. On the other hand, because the image is "by permission only" it is not acceptable for Wikipedia and will be deleted. Does anyone understand the Wikipedia policy and/or has a higher tolerance for understanding licenses than I do (which is admittedly very low). My sense is that the image owner wants his picture to be used for the Wikipedia article, but may be unwilling to allow the image to be used for commercial purposes. Help? Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech