00:16.14 | *** join/#devuan arnoldoree (~arnoldore@113.210.102.105) |
00:22.05 | *** join/#devuan cyteen (~cyteen@static-84-9-179-245.vodafonexdsl.co.uk) |
00:25.22 | *** join/#devuan djph_ (~dpurgert@104-57-151-177.lightspeed.bcvloh.sbcglobal.net) |
00:54.16 | *** join/#devuan arnoldoree (~arnoldore@113.210.102.105) |
01:08.55 | suavedandy | fsmithred: The installation went great. |
01:09.22 | suavedandy | The only caveat is that your live image has OpenRC. |
01:09.50 | suavedandy | And for some reason OpenRC always complains that it can't stop anacron. |
01:10.03 | suavedandy | Don't know why. |
01:14.01 | fsmithred | what??? |
01:16.24 | fsmithred | suavedandy, you would only get openrc if you installed it or if you used the one openrc iso in my experimental folder |
01:16.37 | fsmithred | and you can't miss it - it has 'openrc' in the file name. |
01:19.42 | specing | It's unstoppable mwahahaha! |
01:20.11 | *** join/#devuan fluffywolf (~furrywolf@172.58.92.107) |
01:21.00 | clort | devuan? |
01:21.45 | clort | openrc? |
01:22.17 | suavedandy | Yes. |
01:22.23 | suavedandy | Devuan OpenRC. |
01:22.38 | clort | i wonder what specing is referring to? |
01:22.49 | suavedandy | Ah, never mind. |
01:23.11 | suavedandy | Perhaps the live image was with OpenRC. |
01:23.26 | suavedandy | I see good ol' SysVinit. |
01:24.25 | *** join/#devuan psarria (~psarria@213.94.48.104) |
01:24.57 | suavedandy | No more problems, I guess. The Internet is once again back to normal after some toggling of the airplane mode and restarting of wpa_supplicant. |
01:25.09 | suavedandy | Weird machinations, I know. |
01:25.18 | suavedandy | But hey, it worked. |
01:26.07 | suavedandy | Ah, the only issue I haven't looked into is Cyrillic font. |
01:26.34 | suavedandy | I'll look into it after I get some sleep. |
01:26.51 | suavedandy | I got surprisingly far this time around. |
02:08.10 | *** join/#devuan sunshavi (~user@190.234.75.216) |
02:32.57 | *** join/#devuan bleb_ (~cm@unaffiliated/bleb) |
02:36.25 | *** join/#devuan debdog (~debdog@2a00:79c0:620:2500:7a24:afff:fe8a:d04d) |
02:39.40 | *** join/#devuan Stealth (~stealth@sourcemage/archon/stealth) |
02:50.48 | *** join/#devuan petzi (~petzi@p578b3438.dip0.t-ipconnect.de) |
03:27.36 | *** join/#devuan kelsoo2 (~kelsoo@dragora/developer/kelsoo) |
03:32.12 | *** join/#devuan systemdlete (~systemdle@c-73-235-92-238.hsd1.ca.comcast.net) |
03:34.02 | systemdlete | I'm trying to forward packets on refracta. I'm guessing it is the same as on devuan. I have set up 3 machines for this purpose. I have A (source) machine, B (where firewall runs and where I want to set up forwarding), and C which is a target system. |
03:34.56 | systemdlete | On A, I run ping C. Using wireshark on C, I can see C is receiving pings and responding. But neither A nor B see the ping responses. |
03:35.53 | systemdlete | I'm using gufw/ufw and I've set up forwarding per their instructions. B is dual-homed of course, with an interface facing A, and an interface facing C. |
03:36.30 | systemdlete | Do I need NAT to do this? I was hoping to use gufw (and ufw) to accomplish this. Seems like this should be simple. |
03:37.19 | clort | could you document how you do that if you get it working |
03:37.24 | clort | cause i fail at that now too |
03:38.02 | systemdlete | Btw, A is a devuan Ascii system, B is a refracta system, and C is a different Ascii system. |
03:45.22 | Hurgotron | systemdlete: One would need IP addresses, networks and routing to analyze |
03:48.15 | *** join/#devuan debdog (~debdog@194.140.113.70) |
03:49.29 | systemdlete | Hurgotron: Here is what I have configured: A is 192.168.57.1, B is 192.168.57.2 (both on same leg) and B has 192.168.56.2, C has 192.168.56.18 (both on same leg) |
03:50.08 | systemdlete | I'll call them A-B network and B-C network, respectively. |
03:50.32 | systemdlete | A has default route to 192.168.56.2 |
03:50.45 | systemdlete | B has default route to 192.168.56.1 |
03:50.54 | systemdlete | C has default route to 192.168.56.1 also |
03:51.52 | systemdlete | Hurgotron, for the moment, assume I am entering IP addresses only, no DNS etc |
03:53.27 | Hurgotron | both /24 networks? A has default route to 192.168.57.2 and C to 192.168.56.2 ? |
03:53.58 | systemdlete | ^^ |
03:54.05 | systemdlete | (and yes /24) |
03:54.18 | Hurgotron | ah sorry too slow today |
03:54.22 | systemdlete | nw |
03:54.25 | systemdlete | thanks for helping |
03:55.08 | systemdlete | I guess you can say that network A-B is 192.168.57.0/24 and B-C is 192.168.56.0/24 |
03:55.19 | Hurgotron | right |
03:55.26 | Hurgotron | But where is 192.168.56.1? |
03:55.54 | Hurgotron | You just mention that as a route target and not as a host address. |
03:55.59 | systemdlete | That's another router that takes packets to the Internet, but no need to worry about that now. I'd be happy to hit 192.168.56.18 at this point! |
03:56.19 | systemdlete | Hurgotron, I skpped some info |
03:56.40 | systemdlete | All 3 systems hvae router entries for their own interfaces. I thought that was obvious, sorry. |
03:58.41 | systemdlete | Also, C does not need to hit A. Just A getting out to C (and the Internet, later on, once this is figured out) |
03:59.11 | systemdlete | A and C are single-homed systems, just for clarity. |
03:59.18 | Hurgotron | Hmm, not sure what you mean, anyway. C needs to have a route to 192.168.57.0/24 with gateway 192.168.56.1 if you want to ping between a and C |
04:00.16 | systemdlete | That's what I was afraid of. Would NAT or masquerading solve this for me? |
04:00.43 | systemdlete | I think ufw can do NAT, but gufw does not have a way to do this directly. |
04:00.43 | Hurgotron | Yes, should work |
04:01.37 | systemdlete | What does this exact same scenario look like in IPv6? Does IPv6 have NAT, or does its design obviate the need for NAT? |
04:01.56 | systemdlete | I vaguely recall reading about this years ago, but I forgot what it said now. |
04:02.15 | systemdlete | (I'm not serious about v6 atm, just curious) |
04:03.03 | Hurgotron | Should not need nat, but needs more subnetting. Nice is the autoconfiguration with router advertisements. |
04:03.41 | systemdlete | Hurgotron: Thank you for confirming my suspicions. I have something to work with now. Greatly appreciated. |
04:04.44 | Hurgotron | anytime. |
04:22.01 | *** join/#devuan nyov (~nyov@unaffiliated/nyov) |
04:37.35 | clort | 'lets improve iptables, they said' |
04:57.37 | *** join/#devuan ar3itrary (~hacker@v22016101923038440.bestsrv.de) |
05:09.40 | *** join/#devuan kreyren (~kreyren@fsf/member/kreyren) |
05:21.24 | *** join/#devuan kelsoo3 (~kelsoo@dragora/developer/kelsoo) |
05:32.51 | *** join/#devuan DocScrutinizer05 (~saturn@openmoko/engineers/joerg) |
06:10.49 | *** join/#devuan arnoldoree (~arnoldore@113.210.113.16) |
06:19.33 | *** join/#devuan GNUmoon (~GNUmoon@gateway/tor-sasl/gnumoon) |
06:32.18 | *** join/#devuan Unit193 (ukikie@freenode/staff/ubuntu.member.unit193) |
07:06.15 | *** join/#devuan shibboleth (~shibbolet@gateway/tor-sasl/shibboleth) |
07:21.32 | *** join/#devuan Acacia (~Acacia@unaffiliated/acacia) |
07:32.38 | *** join/#devuan shibboleth (~shibbolet@gateway/tor-sasl/shibboleth) |
07:33.18 | *** join/#devuan Joril (~joril@host-217-194-188-145.sbs.redder.net) |
07:55.59 | *** join/#devuan rsx (~rsx@ppp-188-174-136-68.dynamic.mnet-online.de) |
08:25.04 | *** join/#devuan xinomilo (~xinomilo@gateway/tor-sasl/xinomilo) |
08:42.56 | *** join/#devuan alv (~alv@mob-5-90-138-19.net.vodafone.it) |
08:45.37 | *** join/#devuan Pali (~pali@Maemo/community/contributor/Pali) |
09:05.20 | r3boot | yep, and instead of importing pf, they wrote nftables .. such a missed chance |
09:06.12 | r3boot | systemdlete: not only does ipv6 do nat, it is being used to implement CGN, which means the end of e2e connectivity on the internet |
09:17.21 | *** join/#devuan arnoldoree (~arnoldore@113.210.92.246) |
09:18.31 | *** join/#devuan xrogaan (~xrogaan@unaffiliated/xrogaan) |
09:39.18 | DPA | I'm no expert in IPv6, I still haven't even gotten around to setting it up at home. But as far as I know, IPv6 doesn't require that ISPs use NAT. |
09:39.18 | DPA | Wasn't it was even intended that every internet user would get a prefix with an entire block of addresses originally, to make it possible for |
09:39.18 | DPA | every device in a local network to be globally addressable and reachable? |
09:42.11 | sixwheeledbeast | it wouldn't be required but they do, I assume was the point? |
09:42.13 | r3boot | it's not required, but it is possible |
09:43.44 | r3boot | Also, re: ipv6, the article 'network service models' in this edition of IPJ explains the financial dynamics nicely: https://ipj.dreamhosters.com/wp-content/uploads/issues/2013/ipj16-2.pdf |
09:46.35 | *** join/#devuan cocoadaemon (~foo@30.27.119.80.rev.sfr.net) |
10:07.30 | *** join/#devuan Uberius (~uberius@gateway/tor-sasl/uberius) |
10:24.20 | *** join/#devuan bpmedley (~bpm@2601:246:8101:4eb0:10b0:cd4d:6a7:3d51) |
10:40.53 | *** join/#devuan djph (~dpurgert@devuan/community/dpurgert) |
10:54.45 | *** join/#devuan link2xt (~link2xt@83.149.193.141) |
10:55.54 | systemdlete | sadly, I am getting this error when I add the lines for NAT: problem running ufw-init bad argument *nat |
10:56.46 | systemdlete | I ran the requirements script for ufw and it passed, no errors. So it seems like I should have everything I need to do NAT |
10:58.15 | systemdlete | Seems like I need to add NAT table, but instructions did not indicate that specifically; https://gist.github.com/kimus/9315140 |
10:58.33 | systemdlete | Maybe these instructions are out of date for newer releases of ufw |
11:01.08 | systemdlete | nvm. I think I missed a step... |
11:01.26 | systemdlete | yep. Forgot to set the default policy instruction... |
11:31.51 | *** join/#devuan kreyren (~kreyren@fsf/member/kreyren) |
11:42.19 | *** join/#devuan bsd4me (~me@95-105-74-65.gci.net) |
12:23.31 | *** join/#devuan gnarface (~gnarface@108-227-52-42.lightspeed.irvnca.sbcglobal.net) |
12:38.00 | *** join/#devuan systemdlete (~systemdle@c-73-235-92-238.hsd1.ca.comcast.net) |
13:09.32 | *** join/#devuan systemdlete (~systemdle@c-73-235-92-238.hsd1.ca.comcast.net) |
13:54.24 | *** join/#devuan systemdlete2 (~systemdle@c-73-235-92-238.hsd1.ca.comcast.net) |
13:59.52 | *** join/#devuan n4dir (~n4dir@i59F77C6D.versanet.de) |
14:13.11 | *** join/#devuan cromnion (~cromnion@88.202.178.103) |
14:19.06 | *** join/#devuan luna_is_here_ (~quassel@port-92-200-182-126.dynamic.as20676.net) |
15:04.34 | *** join/#devuan targz (~Thunderbi@unaffiliated/targz) |
15:16.53 | *** join/#devuan cocoadaemon (~foo@36.161.2.109.rev.sfr.net) |
15:41.42 | *** join/#devuan morruth (~quassel@85.132.76.25) |
15:46.27 | *** join/#devuan IoFran (~Thunderbi@189.237.107.41) |
15:50.02 | *** join/#devuan cd (~cd@unaffiliated/cd) |
15:58.31 | Ryushin | I think I remember reading there was a systemd unit to sysvinit script convertor somewhere. The only one I found online is 8 years old and is not working properly. Anyone know of a new one? |
16:01.05 | *** join/#devuan fluffywolf (~furrywolf@172.58.95.77) |
16:03.29 | fsmithred | Ryushin, check upstream sysvinit packages. I think it's in there. |
16:03.43 | Ryushin | After a few hours I couldn't find it, now I just did searching through the mailing archives: http://www.trek.eu.org/devel/sysd2v/ |
16:04.07 | Ryushin | fsmithred: You're right. It's in the new sysvinit source I guess. |
16:05.02 | fsmithred | Maybe this? sysvinit-utils: /lib/init/init-d-script |
16:06.42 | Ryushin | From the email: Trek sent over a Bash shell script which accepts a systemd unit file as its sole parameter. It then digests the unit file and prints out an equivalent shell script and some debugging information. The shell script is called sysd2v.sh and is now included in the SysV init source code, under the "contrib" directory. |
16:06.49 | Ryushin | Going to try it out now. |
16:08.35 | fsmithred | apt-file can't find it in ceres |
16:08.50 | fsmithred | gotta go. bbl. |
16:12.18 | Ryushin | fsmithred: Thanks have a great day. |
16:14.32 | Ryushin | Here we go: http://git.savannah.nongnu.org/cgit/sysvinit.git/tree/contrib/sysd2v.sh |
16:17.43 | *** join/#devuan luna_is_here (~quassel@port-92-200-204-79.dynamic.as20676.net) |
16:23.19 | *** join/#devuan GNUmoon (~GNUmoon@gateway/tor-sasl/gnumoon) |
16:25.46 | Ryushin | fsmithred: I'm impressed!! Script worked wonderfully converting the three Greenbone Security Scanner systemd unit files. |
16:26.03 | Ryushin | That is several hours worth of work saved. |
16:27.51 | *** join/#devuan gast0n (~g4570n@unaffiliated/g4570n) |
16:29.53 | *** join/#devuan Besnik_b (~Besnik@2a02:587:de0b:8d00:5bbb:4c52:53d5:4c60) |
16:31.39 | *** join/#devuan HumanG33k (~HumanG33k@2a01:e0a:5b9:7840:6600:6aff:fe5f:9d6) |
16:41.28 | *** join/#devuan gnu_srs1 (~srs@devuan/developer/srs) |
16:44.11 | *** join/#devuan petzi (~petzi@p578b3438.dip0.t-ipconnect.de) |
16:45.52 | *** join/#devuan shibboleth (~shibbolet@gateway/tor-sasl/shibboleth) |
16:58.55 | *** join/#devuan Dav281 (~Dav281@host213-120-32-12.range213-120.btcentralplus.com) |
17:12.44 | *** join/#devuan conifer (~conifer@gateway/tor-sasl/conifer) |
17:15.28 | *** join/#devuan st3ma (~st3ma@88.133.163.96) |
17:16.52 | *** join/#devuan morruth (~quassel@77.244.124.45) |
17:53.26 | Wonka | does anyone have any idea why g++-10, gcc-10, cpp-10 grow several hundred megabytes each from 10.2.0-15 to 10.2.0-16? |
17:54.55 | crashoverride | ram is cheap. |
17:55.42 | Wonka | not for a 2011 macbook pro |
17:57.56 | crashoverride | yeah well, that's what happens when you value form over function :) |
17:58.40 | Wonka | back then, I valued it functioning longer than plastic cased devices. And I was right, it still runs. |
17:59.17 | Wonka | all previous notebooks only survived about three years |
18:01.02 | *** join/#devuan Akuli (~akuli@213.216.213.243) |
18:01.45 | xinomilo | thinkpad from 2011, still runs fine |
18:02.33 | Wonka | the ThinkPad R60 back then only did 3 years... but I was constantly lugging them devices around. |
18:12.01 | *** join/#devuan luna_is_here (~quassel@port-92-200-224-66.dynamic.as20676.net) |
18:19.16 | *** join/#devuan suavedandy (uid468325@gateway/web/irccloud.com/x-grkkiiebqyltmtyp) |
18:20.02 | *** join/#devuan Uberius (~uberius@gateway/tor-sasl/uberius) |
18:38.22 | *** join/#devuan ferdy- (~ferdy@funtoo/contrib/ferdy-) |
19:25.44 | *** join/#devuan alv (~alv@mob-5-90-138-19.net.vodafone.it) |
19:38.04 | *** join/#devuan n4dir (~n4dir@i59F77C6D.versanet.de) |
19:47.41 | *** join/#devuan gnarface (~gnarface@108-227-52-42.lightspeed.irvnca.sbcglobal.net) |
20:18.36 | *** join/#devuan bsd4me (~me@95-105-74-65.gci.net) |
20:31.32 | *** join/#devuan IoFran2 (~Thunderbi@189.237.107.41) |
20:52.24 | *** join/#devuan cocoadaemon (~foo@30.27.119.80.rev.sfr.net) |
21:00.15 | *** join/#devuan epony (epony@unaffiliated/epony) |
21:01.44 | *** join/#devuan clort (clort@gateway/shell/ircnow/x-sgxtthpqmlqqqbrf) |
21:15.29 | conifer | hi, iirc in the past when i connected a luks+lvm encrypted drive by usb i could mount the partitions when i entered the password, but now in beowulf this does not happen |
21:17.01 | conifer | i can see the unlocked luks volume in gnome disks with the lvm inside |
21:17.37 | conifer | but it does not recognize the partitions in the lvm |
21:18.32 | fsmithred | do you see any of it in /dev/mapper? |
21:18.33 | conifer | how can i access these partitions? |
21:19.44 | fsmithred | cryptsetup luksOpen /dev/<encrypted partition> <some name> |
21:20.04 | fsmithred | vgchange -ay <volume-group> |
21:20.18 | conifer | the luks is in /dev/mapper |
21:20.37 | fsmithred | mount /dev/mapper/<vg-lv> |
21:20.57 | fsmithred | so start with vgchange |
21:21.17 | fsmithred | you can use vgdisplay to see what's going on |
21:24.59 | conifer | when i point cryptsetup luksOpen to the luks-[id] i see in /dev/mapper it says it doesn't exist or access denied |
21:26.10 | fsmithred | it's already open |
21:26.15 | fsmithred | start with vgchange |
21:26.50 | fsmithred | did you already give the passphrase for it? |
21:27.01 | fsmithred | or is there a keyfile? |
21:27.27 | conifer | i entered my password and it looks open in gnome disks |
21:27.37 | fsmithred | ok, so it is open |
21:27.46 | fsmithred | you need to activate the lvm |
21:28.25 | fsmithred | vgdisplay to find the names |
21:28.57 | fsmithred | vgchange -ay <volume-group> |
21:29.13 | conifer | what do i need for vgdisplay to work? is liblinux-lvm-perl enough? |
21:29.40 | fsmithred | I don't know. I assume that you get whatever you need with lvm2 |
21:29.54 | fsmithred | you need to be root |
21:30.04 | conifer | oops, tried to run it from non-root term |
21:33.43 | conifer | vgchange worked and now i can access it through gui |
21:33.50 | conifer | thanks a lot! :) |
21:39.03 | suavedandy | fsmithred: So I was using these instructions on how to prevent entering an encryption key twice. |
21:39.05 | suavedandy | https://is.gd/HkC7jH |
21:39.30 | *** join/#devuan clort (clort@gateway/shell/ircnow/x-ntqewhghjdxuwthe) |
21:39.35 | suavedandy | The problem arises with the second step. |
21:39.37 | *** join/#devuan sauron- (~foo@unaffiliated/sauron-) |
21:39.37 | *** join/#devuan chomwitt (~chomwitt@2a02:587:dc27:8c00:9d78:8894:8f6f:9e9d) |
21:40.04 | suavedandy | There is no /etc/mkinitcpio.conf |
21:41.56 | suavedandy | And so I don't really know what to do. |
21:44.44 | clort | we have no package providing mkinitcpio.conf |
21:47.12 | suavedandy | Alright, I'll try another method. |
21:51.30 | suavedandy | fsmithred: I like how you made fstab clean. |
21:51.41 | suavedandy | Looks very compact. |
21:53.06 | suavedandy | ( umask 0077 && dd if=/dev/urandom bs=1 count=64 of=/etc/keys/root.key conv=excl,fsync ) |
21:53.28 | suavedandy | Do brackets actually do anything here? |
22:10.46 | fsmithred | suavedandy, where are you looking? |
22:11.14 | suavedandy | https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html |
22:14.31 | fsmithred | ok, I took a quick look, and it makes no sense to me |
22:15.01 | fsmithred | looks like the keyfile goes into the initramfs, which I assume is in /boot which is encrypted. How do you get in? |
22:15.20 | fsmithred | or does it just boot automatically with the key for anyone who powers it up? |
22:16.46 | *** join/#devuan alv (~alv@mob-5-90-138-19.net.vodafone.it) |
22:19.38 | suavedandy | Following the instructions. |
22:19.51 | suavedandy | Everything seems to be working well so far. |
22:20.05 | suavedandy | Unlike my previous try with these instructions. |
22:20.13 | suavedandy | Better not screw up again. |
22:20.17 | *** join/#devuan sauron- (~foo@unaffiliated/sauron-) |
22:20.30 | fsmithred | maybe grub takes the password and then the initramfs uses the keyfile |
22:24.04 | *** join/#devuan finsternis (~Y@23.226.237.192) |
22:24.24 | *** join/#devuan kreyren (~kreyren@fsf/member/kreyren) |
22:25.29 | *** join/#devuan qaluh_ (~Asp@p200300e6172adc0002241dfffe205ebb.dip0.t-ipconnect.de) |
22:27.09 | suavedandy | I just realized that when I tested micro I pressed Alt+Right. |
22:27.18 | suavedandy | And that opens the next TTY. |
22:27.39 | suavedandy | It's not micro being glitchy. It's me being an imbecile. |
22:45.35 | suavedandy | fsmithred: Yay! It worked! |
22:46.03 | suavedandy | Minus one problem. |
22:46.07 | fsmithred | what's that? |
22:50.05 | *** join/#devuan unixman (~aunixman@209.165.134.7) |
22:50.05 | *** join/#devuan unixman (~aunixman@unaffiliated/eracc) |
22:51.06 | *** join/#devuan jotaxpe (~jotaxpe@103.125.235.21) |
22:53.05 | suavedandy | fsmithred: With the guide I followed there is no more asking for the encryption password twice. |
22:53.21 | suavedandy | I only need to enter the password once. |
22:53.29 | fsmithred | yeah, makes sense. |
22:54.28 | suavedandy | You set up the encrypted boot installation right but the password still needs to be entered at the initramfs stage. |
22:55.14 | suavedandy | I think adding the fourth script from the guide to the installer would be a good idea. |
22:55.22 | fsmithred | <PROTECTED> |
22:55.40 | suavedandy | There's also a section on booting optimization. |
22:57.13 | suavedandy | The last part of the third section, to be precise. |
23:09.47 | suavedandy | fsmithred: 50000 iterations seem to be just fine. |
23:10.50 | suavedandy | Not too fast to be easily broken but not too slow to drive you into insanity over whether you've inputted the password or not. |
23:13.21 | suavedandy | https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html |
23:13.51 | suavedandy | Section 3 part 2: boot time optimization |
23:14.25 | suavedandy | Section 4: avoiding entering the password twice |
23:26.03 | fsmithred | bookmarked, thanks |
23:40.17 | suavedandy | fsmithred: You're welcome. |
23:48.32 | suavedandy | I've also configured fstrim cronjob. |
23:48.54 | suavedandy | That's all for today. I can sleep piecefully at once. |