Re: Iptables is driving me nuts (beginner)
On Tue, Mar 11, 2003 at 07:49:16AM +0100, n/a wrote: > Hello there, > > For the past couple of days i've been looking into setting up an old pc as a > firewall/router for a couple of students. > > To do so i enabled iptables and started looking into configuration issues. > Eventually i came up with a config that worked. haha. Then i realised this > config was fishy and started deleting lines as i went along. Now almost no > lines are left and the darned thing still works even after reboots, > re-loads, restarts. > > Apparently there's something i'm not getting thru my thick skull about > packet filtering. Could someone explain to me in text (no diagrams) how a > packet is evaluated and then processed tru the chains, also what is done and > not-done any more after a packet has passed thru a chain. Somehow i have the > idea this config works from the lan to the outside but not from the outside > to the lan or something. > > Any good resources, tips, explanations are welcome. I'm to dumb for this i > guess. > > Regards, > > Joris > [snip iptables -L outputs] I found Rusty's HOWTOs in /usr/share/doc/iptables/html/ to be useful when I was starting with iptables. Try the packet filtering HOWTO first. (Love that "4. Who the hell are you, and why are you playing with my kernel") As Mike mentioned earlier, the ipmasq package is good for managing iptables. Graeme -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Z52 issues with cups
On Mon, Mar 10, 2003 at 05:16:50PM +0100, J.Lambrecht wrote: > Hello All, > > I've been trying to get my Z52 to work with linux, CUPS using gimp-print. > > At first i messed up the innitial config but then all fell into place, > still i cannot print. Even when cups says task completed there is no > output. Using the lexmark-foomatic-kit i can print testpages however using > the same device /dev/usb/lp0 as cups does. > > I've tested different Lexmark Z52 drivers with no difference then that the > cups-jobs-report states either 'aborted' or 'completed' with no output at > all. > > Apparently there's a signal 2! (interrupt) situation after cups sends the > data to usb but i get no further debug information. > I use a Lexmark Z52 on Woody. I chose the lexmark-foomatic-kit with the lexmarkinkjet binary driver instead of the gimp-print driver. The binary driver allows one to clean the cartidge nozzles, which is important as they do get clogged on occasion. (I couldn't figure out how to use the gimp-print driver to clean the nozzles ... perhaps this isn't even a feature?) I was able to use either driver to print to the Lexmark. I have never gotten a signal 2! error in my cups logs, and I do not know what it means. Getting the USB working was somewhat involved for me (the Lexmark Z52 was my first USB device on Woody). I fould the USB-guide at www.linux-usb.org very helpful to get the Lexmark finally working. I recall I needed to mount a usbdevfs and to install the printer module. Graeme -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Any users of mondoarchive on debian boxes?
On Wed, Sep 24, 2003 at 09:07:40PM -0600, Paul E Condon wrote: > An article in Oct issue of Linux journal got me interested in Mondo > Archive, which is software that builds self-booting restore CDs for > Linux systems. So, I started to try to use it. I found a debian > package in Woody, and did the standard apt-get ... . I had mostly no > problem understanding the man page. But some puzzles lead me to look > at the Mondo web site, and ... > > >From reading the Mondo web site, it appears that there are > no documented instances of mondoarchive being used successfully > on a Debian system, and that Debian kernels are somehow non- > standard, and difficult to work with. Is this true? And, if true, > why is there a Debian package of Mondo Archive? > > And if not true, who, on this list has experience? Is there a > different Debian list where I should be going for help on this > particular package? > > Thanks. I apologize for the late response, but there have been some recent developments to mindi and mondo for Debian. When I used to run Woody, I was able to successfully use the mondo and mindi Woody packages to backup my system using a CDRW to a series of bootable CDs. For me, the worst part of moving to Sarge was losing a functional mondo ... I could not get the Sarge package (1.61) working. Just yesterday, the mindi/mondo package maintainer (Hector) created debs intended for unstable/testing from the current stable branches of mondo rescue (mindi 0.86 and mondo 1.66). They work for me (thanks, Hector). He may even try to do Woody packages. See his thread at the mondo mailing list http://sourceforge.net/mailarchive/forum.php?thread_id=3289027&forum_id=5086 for details. As other posters here have mentioned, Hugo, the originator of mondo rescue, used to be quite antagonistic to Debian, because it does things differently from other distros with which he is more familiar. A short list of differences Hugo has complained about off the top of my head: initrd for kernel-images /dev/cdrom mounts to /cdrom, not /mnt/cdrom gawk is different from awk (your awk probably points to gawk) mount uses different options umount must be invoked with options /etc/fstab has different options that whole packaging difference (debs instead of rpms) Debian is not spelled R-e-d-h-a-t He seems to have gotten more help ironing out these differences from Debian users recently, and his attitude has softened, thankfully. (Sometimes I felt reading the mondo mailing list as a Debian user was an exercise in self-flagellation.) Most importantly, I'm relieved that Hugo continues to support Debian. Graeme -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Backup Package names currently installed
On Wed, Oct 29, 2003 at 04:05:10PM +0100, Michael Dominok wrote:
> On Wed, 2003-10-29 at 10:12, Michael Dominok wrote:
> > dpkg -l |grep --extended-regexp --regexp='^[uirph]c|^[uirph]i'|awk {'
> > print $2 "=" $3'} >/tmp/p_list
> I have to correct myself. Just noticed that packages with long names
> could get chopped this way.
Prepend the above command with something like 'COLUMNS=200 ' to see full package
names.
> A better way of getting a p_list:
>
> cat /var/lib/dpkg/available |grep --extended-regexp '^Package' |awk
> {'print $2'} >/tmp/p_only
> cat /var/lib/dpkg/available |grep --extended-regexp '^Version' |awk
> {'print $2'} >/tmp/v_only
> paste -d'=' /tmp/p_only /tmp/v_only >/tmp/p_list
For me, this p_list now includes packages that I have deinstalled, and
dpkg --get-selections shows them as deinstalled. I believe if you use
this p_list you may try to install *all* available packages found in
your sources.list rather than just the packages you have installed
currently.
> Michael
Graeme
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: CUPS, what's wrong?
On Sat, Nov 02, 2002 at 02:30:21PM -0500, Stephen Gran wrote: > This one time, at band camp, Calber Chainy said: > > Hello list: > > > > I wanted to have a print server and heard of cups. > > > > I want to have remote control of the server and heard i could do it easily using > > cups and a navigator. > > > > So i did a little of apt-getting and edited the cupsd.conf file in /etc/cupsys. > > > > Theese are the detailes I changed: > > > > ServerName reorx > > ServerAdmin root@reorx > > Port 631 > > HostNameLookups On > > BrowseProtocols cups > > BrowseAdress 192.168.0.255 (my broadcast lan adress) > > BrowseAllow 192.168.0.255(again) > > BrowseDeny All > > BrowseOrder allow,deny > > BrowsePort 631 > > > > > > When I try to connect to port 631 from other machine it says I am not > > authorised. > > > > Any Ideas?? > > > > Thanks A lot. > > > > Chainy. > > Make sure you have: > Browsing On > and you should have 2 stanzas like so: > > Order Deny,Allow > Deny From All > Allow From 127.0.0.1 > Allow From 192.168.0.255 > With CUPS in Woody (and possibly elsewhere), the broadcast address does not work. Instead, use the subnet address and netmask, eg: Allow From 192.168.0.0/24 > > AuthType Basic > AuthClass System > Order Deny,Allow > Deny From All > Allow From 127.0.0.1 > Allow From 192.168.0.255 > Ditto here: Allow From 192.168.0.0/24 > This allows browsing and administration from anywhere in the LAN - check > out the comments in the config file for details of what each feature > does. By default, CUPS doesn't allow remote administration, so you have > to change these to values similar to above to make it work and then > restart it (/etc/init.d/cupsys restart). > > HTH, > Steve > -- > This novel is not to be tossed lightly aside, but to be hurled with great force. > -- Dorothy Parker -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apt-get upgrade advice
On Wed, Jun 11, 2003 at 01:24:50PM +0100, Richard Kimber wrote: > I have 50 or so testing packages in line for upgrade. Some of these have > grave bugs open. Some have grave bugs I can live with. Some I don't know > about. > > Is there a way of telling apt to upgrade all _except_ a given package? I'm > not keen on dealing with packages one by one. > > Also, am I right in assuming that the #188900 bug is such that I should > avoid upgrading binutils? > > Thanks, > -Richard. I find dselect useful in these situations. During package selection, you can hold a given package. If at a later time you want to unhold it, well, choose the unhold option. I'm using testing: $ dpkg -l binutils ii binutils 2.14.90.0.4-0.1The GNU assembler, linker ... and bug #188900 seems fixed. Graeme -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apt-get upgrade advice
On Sat, Jun 14, 2003 at 01:12:57PM +0100, Richard Kimber wrote: > On Sat, 14 Jun 2003 01:29:09 -0400 > Graeme Tank <[EMAIL PROTECTED]> wrote: > > > I'm using testing: > > $ dpkg -l binutils > > ii binutils 2.14.90.0.4-0.1The GNU assembler, linker ... > > > > and bug #188900 seems fixed. > > > > Thanks. But this morning listbugs still says it's open. There isn't much > point in having this facility if it doesn't report the true position. > > - Richard. Sorry for not being clearer, Richard. The bug is in binutils 2.13.90.0.18-1.6, but was fixed in 2.13.90.0.18-1.7 some 2 months ago. >From the changelog in the testing version (2.14.90.0.4-0.1) cited previously: binutils (2.13.90.0.18-1.7) unstable; urgency=high * NMU * Fixed ld segv (replaced yy_current_buffer by YY_CURRENT_BUFFER) (Closes: #188876, 188900, 188912) -- Julien LEMOINE <[EMAIL PROTECTED]> Mon, 14 Apr 2003 04:45:03 +0200 The stable binutils (2.12.90.0.1-4) does not suffer this bug. Graeme -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apt-get upgrade advice
On Sat, Jun 14, 2003 at 12:59:55AM -0700, Paul Johnson wrote: > > Have you tried aptitude? It's like dselect but with a bit more brain. I recall using aptitude briefly as a Debian novice on stable, but found apt-cache (search|show) and apt-get install easier for upgrades within stable. I can easily imagine others preferring aptitude. Later (just recently), I wanted to make the move to testing and found Colin Watson's May 9 post: I much prefer upgrading with dselect. I've spent too much time fixing very subtle problems with 'apt-get dist-upgrade' that really shouldn't have gone wrong (debconf and xbase-clients upgrade problems come to mind) that I don't trust it. I repeat it here, because the upgrade from stable to testing with dselect went smoothly ... kudos to those responsible. After the move to a testing/unstable system, I found dselect easy to use to hold and unhold packages. In this way aptitude would work well, too. Thanks Paul, I'll check it out. (However, because aptitude is a front-end for apt, perhaps it's best to use dselect for dist-upgrades as Colin recommends.) Lastly, Paul, you mention aptitude has a bit more brain. How so? Does it do a better job resolving dependencies than dselect? Is the usability better? For me, usability in dselect is, well, not as usable as it could be. To pick one example, if the package information spills over to more than one page, you press 'd' (delete in many other apps) to scroll down instead of 'space' (which scrolls down the package listing in the upper window instead of the information in the lower window). Yes, one can understand why 'space' does this, but still, the usability isn't there. Graeme -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Just curious about system LOAD
On Mon, Nov 17, 2003 at 11:38:54PM +0100, Paul Sommer wrote: > Hi there, > > this is nor really a problem, but I'm curious about what the system load > exactly is. > > Please share your wisdom with me :-) > > Paul I was wondering about the load average the other day and googled across the following link: http://www.hawaga.org.uk/text/loadavg.html I would like to amplify this thread and ask, are there any utilities available to show which processes are "waiting in the run queue?" (I don't know the preferred way to say this ... perhaps even "ready to run.") Occasionally my Debian box gets hammered, but top shows minimal cpu usage, and I'd like to know the processes responsible. Thanks. Graeme -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: finding modules in "make menuconfig"
On Wed, Dec 10, 2003 at 01:39:05PM +, David Selby wrote: > Given a modules name, is there an easy way to locate it in "make > menuconfig" without searching through & making educated guesses ? > > I am trying to locate information on > > af_packet ... which has sprung up in /etc/modules ... what does it do ? > ip_conntrack_ftp ... where is it in "make menuconfig" ? > > If I can find them in "make menuconfig" I can view their help files & > switch them on/off. > > Any suggestions > Dave You can inspect the "make menuconfig" help files directly in the kernel-source directory. Reading the description of interest should then point you to the right place in "make menuconfig" so you can confortably make changes if you wish. For 2.4.22 kernels, the help file is Documentation/Configure.help: $ fgrep -C 10 af_packet Documentation/Configure.help ... Packet socket CONFIG_PACKET The Packet protocol is used by applications which communicate directly with network devices without an intermediate network protocol implemented in the kernel, e.g. tcpdump. If you want them to work, choose Y. This driver is also available as a module called af_packet.o ( = code which can be inserted in and removed from the running kernel whenever you want). If you want to compile it as a module, say M here and read ; if you use modprobe or kmod, you may also want to add "alias net-pf-17 af_packet" to /etc/modules.conf. If unsure, say Y. ... $ fgrep -C 10 ip_conntrack_ftp Documentation/Configure.help ... Helper match support CONFIG_IP_NF_MATCH_HELPER Helper matching allows you to match packets in dynamic connections tracked by a conntrack-helper, ie. ip_conntrack_ftp If you want to compile it as a module, say M here and read Documentation/modules.txt. If unsure, say `Y'. ... For the 2.6.0-test9 kernel, the help files are distributed. Find what you're looking for with something like: $ fgrep af_packet `find . -name "Kconfig" -print` Graeme -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: libGL and DRM error with Matrox card
On Wed, Nov 05, 2003 at 01:00:58PM +, Richard Kimber wrote: > > Some apps give an error when started saying: > > libGL error: failed to open DRM: Operation not permitted > libGL error: reverting to (slow) indirect rendering > > XFree86.0.log says:- > MGA(0): Direct rendering enabled > > Is there a problem? If so how should I resolve it? > > Thanks, > - Richard. Well, I started getting the identical error when I switched to a 2.6.0-test9 kernel from a 2.4.22 kernel. The apps that gave the error were glxgears and mutt (when I would view html in Konqueror ... some spam tastes hammy). Using # dpkg-reconfigure xserver-xfree86 and restarting the xserver fixed the problem. (I merely changed the default pixel depth from 24 to 16 to see the effect on glxgears. Switching back to a pixel depth of 24 did not cause the error to reappear.) FWIW, I use xserver-xfree86 4.3.0-0pre1v4 from experimental and the r128 driver for my cheapo ATI xpert 2k card. Graeme -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Compiling 2.4.20
On Tue, Jun 24, 2003 at 02:39:08PM +0100, Mark C wrote: > > I had problems trying to compile the debian kernel-source-2.4.20 using > gcc-3.3 (aparently gcc-3.2 works though) on woody/sarge mix > > In the end I installed gcc-2.95 and then created a symlink from > /usr/bin/gcc -> /usr/bin/gcc-2.95 An alternative to switching your /usr/bin/gcc link is to tell make-kpkg to use gcc-2.95 somewhat like this: $ MAKEFLAGS="CC=gcc-2.95" make-kpkg -rootcmd fakeroot kernel_image Also, from kernel source 2.4.x Documentation/Changes: The recommended compiler for the kernel is gcc 2.95.x (x >= 3), and it should be used when you need absolute stability. You may use gcc 3.0.x instead if you wish, although it may cause problems. Later versions of gcc have not received much testing for Linux kernel compilation, and there are almost certainly bugs (mainly, but not exclusively, in the kernel) that will need to be fixed in order to use these compilers. Graeme -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: dselect issue
On Tue, Jun 24, 2003 at 01:09:23PM -0400, Howell Evans wrote: > problem that i have no idea how to beat. When i try and do an upgrade i > get these issues > > E: Internal Error, Could not perform immediate configuration (2) on > libpam0g > Some errors occurred while unpacking. I'm going to configure the > packages that were installed. This may result in duplicate errors > or errors caused by missing dependencies. This is OK, only the errors > above this message are important. Please fix them and run [I]nstall again What's the status of libpam0g? I run testing: $ dpkg -l libpam0g ii libpam0g 0.76-9 Pluggable Authentication Modules library Perhaps you need to reconfigure the package: # dpkg-reconfigure libpam0g ... then [I]nstall again via dselect. > i have no clue why it wants to remove libpam0g. I have gone into dselect > and told it to leave libpam0g alone, but i still get the same error. any > help would be amazing. If dselect wants to remove libpam0g, perhaps there's a conflicting dependency. If you're having trouble with dselect pinning down the conflict, you could use apt instead, which I find friendlier. To update the available packages: # apt-get update To simulate the upgrade, just to see what would happen: # apt-get -s upgrade If the result is satisfactory, upgrade: # apt-get upgrade You could also try aptitude as a package manager. > -howell Graeme -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: dselect issue
See the "unable to install libpam0g ?" thread of 6/25. Graeme -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: CC version conflicts--kernel vs nvidia driver
On Tue, Jun 10, 2008 at 09:41:52PM +0300, David Baron wrote: > On Tuesday 10 June 2008 20:18:45 [EMAIL PROTECTED] > wrote: > > > I have nvidia's "proprietary" dirver 96.43.01 running well on my > > > Debian Sid. There is a bug in the opengl which will show up, for > > > example, rotating a piece in a jigsaw puzzle program, where areas > > > near the cursor are incorrectly painted. Their driver is up to > > > version .05 so I tried to install. > > > > > > Their .run complained about the gcc version. I noticed the > > > kernel-compiled .ko's will show a 4.1.3. Now I compiled that kernel > > > much more recently than that!! Going ahead with the current 4.3.2!! > > > will produce and un-modprobable nvidia.ko. No --force option will > > > avail. > > > > > > Their instructions say set a CC environment variable. Anything I try > > > will then produce a complain that this "compiler" cannot produce > > > execs. I tried 4.1.3, gcc4.1.3, gcc-4.1.3 and such variations of the > > > current version to no avail. > > > > > > Since the kernel compile chose this older version, recompiling clean > > > will probably not help. What do I do to kludge this (I have sometimes > > > succeeded in editing vermagic stuff if the result had exactly the > > > same length but the gcc is not in this string.) > > > > The following helped me: > > > > # cd /usr/bin > > # rm gcc > > # ln -s gcc-4.1 gcc > > > > After compiling the kernel module, you can redo the steps above with > > gcc-4.3, or you can leave it this way. > > Worked fine. Actually, the kernel used 4.2 (the module I looked at, probably > no longer relevant, said 4.1). All's well. > > I have nine (count 'em) gcc-'s from 2.95 to 4.3. Do I need all of these? I tend to let dselect suggest to me which packages to remove ... they are under the "Obsolete and local packages present on system" heading. I believe apt will also suggest obsolete packages for you to remove and tell you how to remove them. Using testing, my installed gcc's are: $ COLUMNS=80 dpkg -l | grep -E "gcc |gcc\-[0-9].[0-9] " ii gcc4:4.2.3-10 The GNU C compiler hi gcc-3.43.4.6-6The GNU C compiler ii gcc-4.14.1.2-19 The GNU C compiler ii gcc-4.24.2.4-1The GNU C compiler ii gcc-4.34.3.0-5The GNU C compiler $ I recall removing gcc-2.95 aways back, but it was quite the kernel compiling workhorse for some time. Graeme -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
