[gentoo-user] booting to grub prompt, but config works
I'm performing a gentoo installation and have proceeding without problem until I went to reboot. I am greeted with the grub prompt and when issuing $configfile /boot/grub/grub.confthe boot process continues without issue. The grub-install command seemed to work correctly, and I've been googling for some trouble-shooting ideas without headway. Any advice would be appreciated. Thank you. = grub.conf default 0 timeout 5 splashimage=(hd0,0)/grub/splash.xpm.gz title=Gentoo Linux (2.6.23-gentoo-r7-initial) root (hd0,0) kernel /boot/kernel-genkernel-x86-2.6.24-gentoo-r7-initial root=/dev/ram0 init=/linuxrc ramdisk=8192 real_root=/dev/sda3 initrd /initramfs-genkernel-x86-2.6.24-gentoo-r7-initial title=Gentoo Linux (failsafe) kernel /boot/kernel-genkernel-x86-2.6.24-gentoo-r7-initial root=/dev/sda3 === -- Travis -- gentoo-user@lists.gentoo.org mailing list
SOLVED: [gentoo-user] booting to grub prompt, but config works
On Fri, May 9, 2008 at 3:52 PM, Mark Knecht [EMAIL PROTECTED] wrote: On Fri, May 9, 2008 at 12:32 PM, Travis Osterman [EMAIL PROTECTED] wrote: I'm performing a gentoo installation and have proceeding without problem until I went to reboot. I am greeted with the grub prompt and when issuing $configfile /boot/grub/grub.confthe boot process continues without issue. The grub-install command seemed to work correctly, and I've been googling for some trouble-shooting ideas without headway. cd /boot/grub ln -s grub.conf menu.lst Thanks for the quick responses Wonko and Mark. Everything is working again. -- T -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Protecting a package in package.keywords?
I needed to unmask ivtv by placing it in my /etc/portage/package.keywords as media-tv/ivtv. Now I'd like to have my system not ask me to ever upgrade it again until the newer version is required as a dependency of some other program. I thought that putting =media-tv/ivtv-0.9.0 (where 0.9.0 is my current version) in /etc/portage/package.mask would be the solution, but when I emerge ivtv -pv it wants to upgrade to 0.9.1. I commented out the line in package.keywords thinking maybe if it was already installed and masked that portage would ignore it. The result of this was portage wanted to downgrade to the more 'stable' 0.8.x - which is also not the desired result. Is there a way to not upgrade to 0.9.1 without emerge'ing ivtv with the '-1' option or using package.provided (as it seems to circumvent portage's dependency checking)? Thanks. -- Travis -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Protecting a package in package.keywords?
If you wanted to do something like that, and make all 0.9.x versions stable in package.keywords, then you would add this: =media-tv/ivtv-0.9* But if you just want to stick with 0.9.0, then what you had before is correct. =media-tv/ivtv-0.9.0 Excellent, I put both =sys-kernel/gentoo-sources-2.6.19-r1 and =media-tv/ivtv-0.9.0 in my package.keywords and now I can emerge world without worry. If either of these versions get unmasked by the developers, am I back in the same situation of needing to manually mask them to prevent installation? At least I know this will work for now. Thanks. -- Travis -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: [FIXED] Protecting a package in package.keywords?
On 12/13/06, Bo Ørsted Andresen [EMAIL PROTECTED] wrote: On Wednesday 13 December 2006 22:59, Travis Osterman wrote: I needed to unmask ivtv by placing it in my /etc/portage/package.keywords as media-tv/ivtv. Now I'd like to have my system not ask me to ever upgrade it again until the newer version is required as a dependency of some other program. Why? I tend not to upgrade for long periods on this box once it works and when I do upgrade generally it is only one or two programs. Those programs, however, have many dependencies and portage tends to want to update everything. I'm trying to protect myself from myself in a year running emerge some-app-with-new-feature and breaking ivtv because there is a new kernel version which needs a new ivtv version, etc. You should package.mask the versions you don't want. Not the version you do want. So =media-tv/ivtv-0.9.1 seems to be what you're looking for. Or media-tv/ivtv-0.9.0... That was my thought too, based on the manual, but an entry (without a version) in package.keywords takes precident over package.mask (which I did not know). After adding your suggestion to package.mask (=sys-kernel/gentoo-sources-2.6.19-r2 and =media-tv/ivtv-0.9.1) in addition to ~sys-kernel/gentoo-sources-2.6.19 and =media-tv/ivtv-0.9.0 in package.keywords, I tried emerge -pv itvt and got the results I wanted ... nothing (even though version 0.9.1 is out there). Now I am also confident that when these packages go stable, they will be masked on my system ... perfect. Using package.provided is a *really* bad idea! It will bite you eventually... This is all documented in `man portage` and the handbook... Yes, from what I've read avoiding package.provided is a good practice. Thank you Steve Neil, and Bo, I have achieved what I aimed for. -- Travis -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: [FIXED] Protecting a package in package.keywords?
[SNIP] Hmm... If you put ~media-tv/ivtv-0.9.0 in both package.mask and package.keywords then you will find that ~media-tv/ivtv-0.9.0 cannot be installed because it is masked by: package.mask. Hence I would say that package.mask takes precedence over package.keywords... I suppose what you wanted to say was that a package can be masked by: ~arch keyword without being in package.mask and hence won't be installed because it's masked by something... I was speaking more of the following situation: # cat /etc/portage/package.keywords | grep ivtv media-tv/ivtv # cat /etc/portage/package.mask | grep ivtv ~media-tv/ivtv-0.9.0 # emerge -pv ivtv [ebuild N] media-tv/ivtv-0.9.1 But I see you are correct with this: # cat /etc/portage/package.keywords | grep ivtv ~media-tv/ivtv-0.9.0 # cat /etc/portage/package.mask | grep ivtv ~media-tv/ivtv-0.9.0 # emerge -pv ivtv [ebuild N] media-tv/ivtv-0.8.0 I guess I learned a few new things today. Thanks for all the information. -- Travis -- gentoo-user@gentoo.org mailing list
Re: [FIXED] Re: [gentoo-user] newbie livecd installation dual boot problems
I am a jfs user as well and would recommend (especially on a laptop) to add the line that was recommended above: root (hd0,1) kernel /boot/kernel-genkernel-x86-2.6.15-gentoo-r5 root=/dev/hda2 to the bottom of your /boot/grub/grub.conf. Often when I hard reboot (power failures, etc), reading the bootsplash stuff seems to take priority over checking the fs. The simple solution for me is to leave a non-nonsense 'failsafe' line in grub and boot into it so that my fs gets repaired and then reboot normally. You could achieve the same thing by editting the grub command at boot, but this seems like a simple alternative. HTH. -- Travis -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] unkillable processes
Sometimes something about her setup goes haywire and she loses all her desktop icons and her wallpaper. I've had a similar issue and, for me, it's usually nautilus erroring. If I run '$ nautilus ' that usually fixes things (brings back wallpaper, icons, panels, etc).. HTH -- Travis -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Syslog startup
If you edit the depend() functions in your /etc/init.d/OTHER_PROCESSES you should be able to make them depend on syslog starting. -- TravisOn 11/13/05, Alan E. Davis [EMAIL PROTECTED] wrote: Can I move the startup of syslog-ng up to earlier in the boot sequence? What's the earliest? Alan
Re: [gentoo-user] Gentoo box w/ 2 pci slots?
On 11/14/05, James [EMAIL PROTECTED] wrote: Hello,I need a x86 'thin client' or small form factor computer:(1) hard drive. (front-removable would be a bonus).(2) empty pci slots.(1 or more) RS232 9pin serial port.(1) ethernet 10 or 100 mbps. (1-2) ntsc inputs would eliminate the need for one of thepci slots. I have a MSI Hetis 865G (http://froogle.google.com/froogle?q=msi+hetis+865G+system) that runs Gentoo and MythTV nicely. It meets your criteria and s-video out is the only non-compliant feature I've found. -- Travis
Re: [gentoo-user] Cannot route dynamic dns name internally
On 6/27/05, Niklas Herder [EMAIL PROTECTED] wrote: Travis Osterman wrote: I recently switched from a linksys router to a gentoo-based system and have gotten along pretty well with it. One of the last things I have left to figure out is how to get dynamic dns name requests to the correct internal machine on my network. Here's the symptoms: my-dynamic-name.no-ip.com points to my current ip address http://my-server - works internally http://my-dynamic-name.no-ip.com - works from outside my network (through iptables) http://my-dynamic-name.no-ip.com from inside my network returns: connection was refused when attempting to contact my-dynamic-name.no-ip.com. I'm not sure whether this is an iptables issue or dns (or something else) which makes the problem hard to google for. Any leads, tips, or ideas would be much appreciated. -- Travis Osterman You could install dnsmasq and add the dynamic ip:s with their internal addresses to /etc/hosts on your DNS server. That's what I do, works like a charm. /N -- gentoo-user@gentoo.org mailing list I tried adding my-dynamic-name.no-ip.com to the /etc/hosts line that my server is on and still get the same error. This also isn't the ideal solution for me because I would like to route different protocols to different machines. Ideally, I just want all the internal traffic on its way to my-dynamic-name.no-ip.com to route through my WAN interface. -- Travis -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Cannot route dynamic dns name internally
You could post your iptables-save output here to allow us to give more specific hints... -hwh -- gentoo-user@gentoo.org mailing list I cut all port forwarding rules but port 80 and all mac filtering less one and commented as such to keep the length down. Thanks again for any suggestions. -- Travis # iptables-save # Generated by iptables-save v1.2.11 on Mon Jun 27 11:15:50 2005 *nat :PREROUTING ACCEPT [216087:13609285] :POSTROUTING ACCEPT [1770:106027] :OUTPUT ACCEPT [2452:149468] # snipped other DNAT -A PREROUTING -i ppp0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.20 -A PREROUTING -i ppp0 -p udp -m udp --dport 80 -j DNAT --to-destination 192.168.1.20 -A POSTROUTING -o ppp0 -j MASQUERADE COMMIT # Completed on Mon Jun 27 11:15:50 2005 # Generated by iptables-save v1.2.11 on Mon Jun 27 11:15:50 2005 *mangle :PREROUTING ACCEPT [9719337:5380558312] :INPUT ACCEPT [709772:240958250] :FORWARD ACCEPT [98811994:50860885137] :OUTPUT ACCEPT [217470:176831399] :POSTROUTING ACCEPT [99357297:51156775257] COMMIT # Completed on Mon Jun 27 11:15:50 2005 # Generated by iptables-save v1.2.11 on Mon Jun 27 11:15:50 2005 *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [217479:176832555] :mac_check - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -i eth1 -j ACCEPT -A INPUT -i ! eth1 -p udp -m udp --dport 67 -j REJECT --reject-with icmp-port-unreachable -A INPUT -i ! ppp0 -m state --state NEW -j ACCEPT -A INPUT -p udp -m udp --dport 123 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i ! eth1 -j DROP -A FORWARD -p udp -m udp --sport 123 --dport 123 -j ACCEPT -A FORWARD -s 192.168.1.0/255.255.255.0 -i eth1 -j ACCEPT -A FORWARD -d 192.168.1.0/255.255.255.0 -i ppp0 -j ACCEPT -A OUTPUT -p udp -m udp --sport 123 -j ACCEPT -A mac_check -m mac --mac-source 00:30:BD:B2:49:80 -j ACCEPT # snipped other mac filtering -A mac_check -j DROP COMMIT # Completed on Mon Jun 27 11:15:50 2005 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Cannot route dynamic dns name internally
On 6/27/05, Hans-Werner Hilse [EMAIL PROTECTED] wrote: Hi, On Mon, 27 Jun 2005 11:20:53 -0400 Travis Osterman [EMAIL PROTECTED] wrote: I cut all port forwarding rules but port 80 and all mac filtering less one and commented as such to keep the length down. Thanks again for any suggestions. I'll comment below... *nat # [...] # snipped other DNAT -A PREROUTING -i ppp0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.20 -A PREROUTING -i ppp0 -p udp -m udp --dport 80 -j DNAT --to-destination 192.168.1.20 Never heard of http-via-udp... But the problem will show up here: The PREROUTING should apply also for packets coming from eth1 (LAN). Otherwise they'll hit the router's own tcp stack - where there's supposedly no http and such the connection would be resetted. The problem atm seems to be, pointed out: 1. both external clients and internal clients can correctly resolve http://my-dynamic-name.no-ip.com to the ppp0's IP. 2.a. external clients' requests hit the router coming from ppp0 2.b. internal clients' requests hit the router coming from eth1 3. nat/PREROUTING: 3.a. The packets from 2.a. get rewritten to dst 192.168.1.20 3.b. The other ones don't get rewritten 4. Routing is performed (filter/FORWARD, nat/POSTROUTING): 4.a. The packets from 2.a. will get routed to 192.168.1.20 and leave the router if allowed by nat/OUTPUT. (it is) WWW server does its job then. 4.b. The packets from 2.b. will hit the router's tcp stack if allowed by filter/INPUT (it is). They'll get RSTed if there's no open port 80. Well, and we have some more problems. Your actual POSTROUTING chain only MASQUERADEs packets leaving through ppp0. With this, and the new rules, www packets from the LAN would get destination rewritten on the router and being routed there. The source address will still be set to the original source address. So the router would answer to that address. Problem here is the client: It expects an answer from the router's IP. So the web server's reply gets dropped at the client. To overcome this, you can setup routing on the web server to generally send packets via the router. I'd suggest placing it in a different subnet, e.g. 192.168.3./24, and have the router use an address in that range to. A little of a DMZ on the LAN wire (not suggested, but not different from you current solution). To-Do: - on the webserver: configure address to 192.168.3.20 - on the router: - configure a second address for eth1 in /etc/conf.d/net (192.168.3.1 assumed here) - modify iptables settings: You need to insert a new rule like the ones above but also for -i eth1. You'll further need to specify -d EXTERNAL_IP (well, of course with that IP instead) to not get all connections to a www port rewritten to that destination. I'd suggest using a new chain for this that you can flush in a script and just place a new rule there if the IP changes. e.g. global skript on boot up: iptables -t nat -A PREROUTING -i ppp0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.3.20 iptables -t nat -N internalwww iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j internalwww and e.g. in your dhcp-script: iptables -t nat -F internalwww iptables -t nat -A internalwww -d $EXTERNAL_IP -j DNAT --to-destination 192.168.3.20 -hwh -- gentoo-user@gentoo.org mailing list I had to read your reply about seven times until I could really grasp everything you were saying. My only concern is that while this will work for my web server, it appears as though I would have to put all my service-providing machines on different subnets and have rules for each of them ... am I understanding that correctly? Also, sadly, my webserver is doubling as a samba server right now and I'm not overly optimistic that windows will see it on the different subnet. Is there a way to check and see is local traffic is (terminally) destined for ppp0 and set up a chain to filter by port and reroute that traffic to the appropriate lan computer? Could dnsmasq point my-dynamic-name.no-ip.com to the address of eth1 instead of ppp0 to make the routing easier (bypassing NAT)? I'm still really green at network design issues, but this is a fasinating problem to me. Thanks for your input so far. -- Travis -- gentoo-user@gentoo.org mailing list
[gentoo-user] ssh problem (No such file or directory)
On my recent gentoo install, I can't get past the password prompt when trying to log into the box via ssh. $ ssh [EMAIL PROTECTED] (password: and hangs) $ ssh [EMAIL PROTECTED] bash --login --noprofile -i (works) /var/log/messages Jun 14 20:13:37 spot sshd[10366]: error: openpty: No such file or directory Jun 14 20:13:37 spot sshd[10366]: error: session_pty_req: session 0 alloc failed Thanks in advance for any tips/help. -- Travis Osterman -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ssh problem (No such file or directory)
On 6/15/05, Zac Medico [EMAIL PROTECTED] wrote: Travis Osterman wrote: On my recent gentoo install, I can't get past the password prompt when trying to log into the box via ssh. $ ssh [EMAIL PROTECTED] (password: and hangs) $ ssh [EMAIL PROTECTED] bash --login --noprofile -i (works) /var/log/messages Jun 14 20:13:37 spot sshd[10366]: error: openpty: No such file or directory Jun 14 20:13:37 spot sshd[10366]: error: session_pty_req: session 0 alloc failed Thanks in advance for any tips/help. -- Travis Osterman I searched for you: http://www.google.com/search?hl=enq=%22error%3A+openpty%3A+No+such+file+or+directory%22 Do you have CONFIG_UNIX98_PTYS and CONFIG_DEVPTS_FS in the kernel config? gzcat /proc/config.gz | grep CONFIG_UNIX98_PTYS gzcat /proc/config.gz | grep CONFIG_DEVPTS_FS Zac -- gentoo-user@gentoo.org mailing list [SOLVED] Thanks for helping to narrow my search. I had been focusing on devpts (which my kernel wasn't giving me an option for, but once I checked the unix98 pty stuff, it came up for selection. After compilation, all is well. Thank you. -- Travis -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] [OT] tips on my 1st try at iptables?
Frankly, I've stopped trying to grok iptables but rather I use a frontend like shorewall. It's much simpler than doing it all by yourself. I installed ipcop briefly (just to have a look) and between my lan network card not being supported and the additional features I wanted to put on the box (squid, local portage mirror, ntp server, etc). The project is actually coming along quite nicely so far, thanks for all the tips. -- Travis -- gentoo-user@gentoo.org mailing list
[gentoo-user] [OT] tips on my 1st try at iptables?
I've spent the weekend attempting to mold an old p3 400mHz machine into a firewall/router so I can replace my current linksys box. Basically, I read the howtos at netfilter.org and the gentoo-home-router-howto and put together the following script for loading my rules. This meets the functionality I need at this point in the project (ssh access from inside and outside, port forwarding, and masquerading), but I'm not well versed on security concerns so I'm hoping a few experienced users could point out redundancies and potential security issues. Thanks in advance for taking the time to help. #!/bin/bash IPT=/sbin/iptables WAN_IFACE=eth0 LAN_IFACE=eth1 LAN_ADDY=192.168.0.0/24 # flush and reset rules $IPT -F $IPT -t nat -F $IPT -t mangle -F $IPT -X $IPT -t nat -X $IPT -t mangle -X $IPT -P INPUT ACCEPT $IPT -P FORWARD ACCEPT $IPT -P OUTPUT ACCEPT $IPT -t nat -P PREROUTING ACCEPT $IPT -t nat -P POSTROUTING ACCEPT $IPT -t nat -P OUTPUT ACCEPT $IPT -t mangle -P PREROUTING ACCEPT $IPT -t mangle -P OUTPUT ACCEPT # begin rules $IPT -I INPUT 1 -i $LAN_IFACE -j ACCEPT $IPT -I INPUT 1 -i lo -j ACCEPT $IPT -A INPUT -p UDP --dport bootps -i ! $LAN_IFACE -j REJECT $IPT -A INPUT -p UDP --dport domain -i ! $LAN_IFACE -j REJECT $IPT -A INPUT -m state --state NEW -i ! $WAN_IFACE -j ACCEPT $IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $IPT -A INPUT --protocol tcp --dport 22 -i $WAN_IFACE -j ACCEPT $IPT -P INPUT DROP $IPT -A INPUT -i ! $LAN_IFACE -j DROP $IPT -A PREROUTING -t nat -p tcp -i $WAN_IFACE --dport 80 \ -j DNAT --to 192.168.0.20 $IPT -A PREROUTING -t nat -p tcp -i $WAN_IFACE --dport 1022 \ -j DNAT --to 192.168.0.20:22 $IPT -I FORWARD -i $LAN_IFACE -d $LAN_ADDY -j DROP $IPT -A FORWARD -i $LAN_IFACE -s $LAN_ADDY -j ACCEPT $IPT -A FORWARD -i $WAN_IFACE -d $LAN_ADDY -j ACCEPT $IPT -P FORWARD DROP $IPT -t nat -A POSTROUTING -o $WAN_IFACE -j MASQUERADE for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 $f done /etc/init.d/iptables save -- Travis Osterman -- gentoo-user@gentoo.org mailing list
[gentoo-user] Recommendation for online contact manager?
Does anyone have a good recommendation for a contact information management system for a relatively small group of people (~200)? I would prefer web-based and it should allow users to update their own information easily while allowing everyone easy access to searching and viewing the directory. Thanks for any input. -- Travis Osterman -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Recommendation for online contact manager?
Try Plaxo. Don't know about Linux compatibility but it should work with Wine... www.plaxo.com I was really hoping for more of a web application and I would rather host it myself if possible. -- Travis -- gentoo-user@gentoo.org mailing list
