-
rvedotrc
i.e. interface:vlan
2015-04-25 11521, 2015
-
ruaok
em2:0 -> eth1.0
2015-04-25 11538, 2015
-
ruaok
no. not correct.
2015-04-25 11545, 2015
-
ruaok
em2:0 -> eth1.1
2015-04-25 11556, 2015
-
ruaok
em2:2 -> eth1.3
2015-04-25 11520, 2015
-
ruaok
that all plays with how iptable rules are written.
2015-04-25 11522, 2015
-
ruaok
I've having to tweak a lot of things.
2015-04-25 11501, 2015
-
ruaok
and yes, I can ping 3.25 from carl
2015-04-25 11528, 2015
-
ruaok
the . notation is 1 based. the : notation is 0 based.
2015-04-25 11528, 2015
-
rvedotrc
dib config is still wrong.
2015-04-25 11531, 2015
-
rvedotrc
did you change it?
2015-04-25 11535, 2015
-
ruaok
nope.
2015-04-25 11547, 2015
-
rvedotrc
ah, that's why it's not working then. nor did I :-)
2015-04-25 11558, 2015
-
ruaok
oh.
2015-04-25 11559, 2015
-
rvedotrc
shall I?
2015-04-25 11502, 2015
-
ruaok
please. :)
2015-04-25 11521, 2015
-
rvedotrc
damn, my pseudo-ios-fu has left me. forgot how to save config :-(
2015-04-25 11507, 2015
-
rvedotrc
Hmm. github not allowing me access to syswiki (sure that's the right url?), and I've forgotten how to commit switch config changes.
2015-04-25 11511, 2015
-
rvedotrc
and I have to head into town.
2015-04-25 11530, 2015
-
ruaok
ok, I'll try and do it via the web interface.
2015-04-25 11543, 2015
-
ruaok
if you have some time later, I have a few more questions for you.
2015-04-25 11558, 2015
-
rvedotrc
Mayeb it'll all come back later, but right now, ... nada.
2015-04-25 11506, 2015
-
ruaok
understood.
2015-04-25 11518, 2015
-
rvedotrc
ok, sure I'll be back later.
2015-04-25 11520, 2015
-
rvedotrc
ttfn!
2015-04-25 11523, 2015
-
ruaok
bai
2015-04-25 11511, 2015
-
dufferzafar joined the channel
2015-04-25 11503, 2015
-
weeksio joined the channel
2015-04-25 11521, 2015
-
LordSputnik
reosarevok: sorry for the emails ;)
2015-04-25 11537, 2015
-
reosarevok
haha
2015-04-25 11553, 2015
-
reosarevok
It's not a problem in that way, it's good stuff is happening :)
2015-04-25 11515, 2015
-
reosarevok
I just don't have time to get involved in BB dev so I'd rather not get those - I could filter them out on my side but I suspect I'm not the only one
2015-04-25 11521, 2015
-
ruaok
chirlu`: may I borrow your iptables knowledge?
2015-04-25 11552, 2015
-
chirlu`
If you return it …
2015-04-25 11546, 2015
-
ruaok
crap. deal is off. :)
2015-04-25 11527, 2015
-
ruaok
I'm trying to move our mail related ips to the new gateway.
2015-04-25 11503, 2015
-
ruaok
the mail server sits on an internal ip, so we use SNAT routing to forward packets
2015-04-25 11509, 2015
-
ruaok
-A POSTROUTING -o em1 -s 10.1.1.242 -j SNAT --to-source 72.29.167.155
2015-04-25 11521, 2015
-
ruaok
-A PREROUTING ! -i em2:0 -p tcp -m tcp -d 72.29.167.155 --dport 25 -j DNAT --to-destination 10.1.1.242
2015-04-25 11521, 2015
-
ruaok
first issue: any rule that I've tested that used the em2:0 iface did not work. if I use em2 it works.
2015-04-25 11539, 2015
-
ruaok
so, I've been changing the interfaces, but in this case, it didn't work.
2015-04-25 11531, 2015
-
ruaok
so using em2:0 doesn't work either.
2015-04-25 11552, 2015
-
ruaok
I've never used {S|D}NAT rules before, so I have no idea what the issue might be.
2015-04-25 11531, 2015
-
chirlu`
The rules are on ernie/bert?
2015-04-25 11537, 2015
-
ruaok
yes
2015-04-25 11501, 2015
-
ruaok
there are the live rules on carl:
2015-04-25 11502, 2015
-
ruaok
-A PREROUTING -d 72.29.167.155/32 ! -i em2:0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 10.1.1.242
2015-04-25 11503, 2015
-
ruaok
-A POSTROUTING -s 10.1.1.242/32 -o em1 -j SNAT --to-source 72.29.167.155
2015-04-25 11517, 2015
-
ruaok
sorry, wrong window. ignore those.
2015-04-25 11536, 2015
-
ruaok
-A POSTROUTING -s 10.1.1.242/32 -o eth0 -j SNAT --to-source 72.29.167.155
2015-04-25 11506, 2015
-
chirlu`
What are the various interfaces? em2 internal, em1 external?
2015-04-25 11543, 2015
-
ruaok
2015-04-25 11551, 2015
-
ruaok
that is for ernie
2015-04-25 11514, 2015
-
ruaok
2015-04-25 11507, 2015
-
chirlu`
I remember there was some confusion about the different tables yesterday, are those rules in the right section (i.e. “nat”)?
2015-04-25 11525, 2015
-
ruaok
yes
2015-04-25 11537, 2015
-
ruaok
would you like me to mail you the whole file?
2015-04-25 11506, 2015
-
chirlu`
Hm. Problem is I need to leave in five minutes or so, so not really enough time to look into a large file now. :)
2015-04-25 11539, 2015
-
ruaok
ok, np. poke me should you have time later.
2015-04-25 11551, 2015
-
ruaok
I'm hoping rvedotrc will be back before too long. :)
2015-04-25 11509, 2015
-
chirlu`
I won’t be back before midnight, so she has a good chance of being here earlier. :-)
2015-04-25 11517, 2015
-
ruaok
likely, yes.
2015-04-25 11536, 2015
-
ruaok
I'll try moving the lb1 point over. it shouldn't require iptables changes.
2015-04-25 11519, 2015
-
chirlu`
It seems interface aliases behave differently compared to VLANs, in any case.
2015-04-25 11521, 2015
-
chirlu`
Anyway, I have to go now. Viel Erfolg!
2015-04-25 11523, 2015
-
chirlu` has left the channel
2015-04-25 11526, 2015
-
ruaok
danke
2015-04-25 11533, 2015
-
ruaok
Mineo: still around?
2015-04-25 11534, 2015
-
JesseW joined the channel
2015-04-25 11508, 2015
-
MBChatLogger_1
is logging
2015-04-25 11508, 2015
-
rajaniemi.freenode.net
Users on #musicbrainz-devel: dom96 surtin Leo_Verto night199uk D4RK-PH0ENiX Leftmost legoktm michiwend adhawkins johtso Sebastinas Guest74450 pprkut kloeri _5moufl Muz mat_ kurros d356_ ocharles_
2015-04-25 11529, 2015
-
navap1 joined the channel
2015-04-25 11545, 2015
-
pprkut_ joined the channel
2015-04-25 11541, 2015
-
CallerNo7 joined the channel
2015-04-25 11502, 2015
-
kloeri_ joined the channel
2015-04-25 11524, 2015
-
_5moufl joined the channel
2015-04-25 11511, 2015
-
adhawkins joined the channel
2015-04-25 11530, 2015
-
djinni` joined the channel
2015-04-25 11531, 2015
-
ruaok
anyone know how to deal with a "TCP: too many orphaned sockets" message in syslog?
2015-04-25 11532, 2015
-
flamingspinach joined the channel
2015-04-25 11525, 2015
-
mat__ joined the channel
2015-04-25 11536, 2015
-
mb-chat-logger joined the channel
2015-04-25 11526, 2015
-
_5moufl joined the channel
2015-04-25 11529, 2015
-
MBChatLogger
is logging
2015-04-25 11529, 2015
-
kornbluth.freenode.net
Users on #musicbrainz-devel: D4RK-PH0ENiX Leftmost michiwend johtso ocharles_ d356_ kurros Muz Guest74450 Sebastinas
2015-04-25 11542, 2015
-
reosarevok
Gah, 502s like crazy
2015-04-25 11548, 2015
-
reosarevok
(assuming it's known, but just in case - beta)
2015-04-25 11558, 2015
-
ruaok knows
2015-04-25 11511, 2015
-
ruaok
I tried to flip back to the old gateway, but that didn
2015-04-25 11514, 2015
-
ruaok
't work.
2015-04-25 11517, 2015
-
zas
2015-04-25 11526, 2015
-
ruaok
now trying to figure out what I am getting so much packet loss
2015-04-25 11521, 2015
-
ruaok
91041 121388 182082
2015-04-25 11558, 2015
-
chirlu-mobile joined the channel
2015-04-25 11529, 2015
-
zas
those values look quite low imho
2015-04-25 11538, 2015
-
zas
cat /proc/net/sockstat ?
2015-04-25 11551, 2015
-
ruaok
sockets: used 17254
2015-04-25 11553, 2015
-
ruaok
UDP: inuse 19 mem 9
2015-04-25 11555, 2015
-
ruaok
RAW: inuse 0
2015-04-25 11557, 2015
-
ruaok
agreed.
2015-04-25 11505, 2015
-
chirlu-mobile
So I suspect that the .1 interfaces on carl were VLANs, but the :1 interfaces on ernie are just aliases.
2015-04-25 11536, 2015
-
chirlu-mobile
And by dropping the suffix from the iptables rule, it becomes too general.
2015-04-25 11533, 2015
-
zas
mem 4084 << 182082 , so it isnt the cause (tcp mem is enough), what does cat /proc/sys/net/ipv4/tcp_max_orphans give ?
2015-04-25 11551, 2015
-
ruaok
65535
2015-04-25 11525, 2015
-
kepstin joined the channel
2015-04-25 11530, 2015
-
ruaok
chirlu-mobile: sorry, but now we're trying to tweak the TCP stack on ernie to give better performance than the shit we have now. :(
2015-04-25 11510, 2015
-
legoktm joined the channel
2015-04-25 11515, 2015
-
chirlu-mobile
Yeah, I'm just writing for later reference.
2015-04-25 11516, 2015
-
zas
ruaok: looks enough according to "orphan 1293", the document recommends x4 to be safe
2015-04-25 11536, 2015
-
ruaok
yeah, I increased it and the warnings went away.
2015-04-25 11551, 2015
-
ruaok
now I'm not getting much in syslog
2015-04-25 11502, 2015
-
chirlu-mobile
The train will soon pass through an area without network anyway. :-)
2015-04-25 11557, 2015
-
alastairp joined the channel
2015-04-25 11516, 2015
-
ruaok
hey alastairp. how is your TCP stack tuning foo?
2015-04-25 11559, 2015
-
ruaok
the network to ernie used to be really bad and laggy. its fine now.
2015-04-25 11502, 2015
-
ruaok
so, something has improved.
2015-04-25 11504, 2015
-
chirlu-mobile
But if I'm right, NAT might be working for traffic coming from the Internet side, just not from internal.
2015-04-25 11555, 2015
-
ruaok
huh. I can't ssh from carl to ernie.
2015-04-25 11559, 2015
-
ruaok
that's weird.
2015-04-25 11545, 2015
-
CallerNo6 joined the channel
2015-04-25 11510, 2015
-
ruaok
bitmap: you around?
2015-04-25 11559, 2015
-
mb-chat-logger joined the channel
2015-04-25 11508, 2015
-
MBJenkins joined the channel
2015-04-25 11501, 2015
-
JesseW joined the channel
2015-04-25 11514, 2015
-
kahu joined the channel
2015-04-25 11514, 2015
-
alastairp
ruaok: not done it
2015-04-25 11516, 2015
-
alastairp
sorry
2015-04-25 11523, 2015
-
ruaok
no worries.
2015-04-25 11555, 2015
-
bitmap
ruaok: yep
2015-04-25 11507, 2015
-
ruaok
kewl. got a minute to help?
2015-04-25 11522, 2015
-
ruaok
the main traffic is now running via the new gateway.
2015-04-25 11535, 2015
-
ruaok
but we're getting MASSIVE numbers of 502s
2015-04-25 11501, 2015
-
bitmap
hm...
2015-04-25 11515, 2015
-
ruaok
I'm wondering if restarting the web front ends would help.
2015-04-25 11521, 2015
-
ruaok
not sure though.
2015-04-25 11502, 2015
-
bitmap
yeah, not sure but we could try
2015-04-25 11515, 2015
-
ruaok
:/ws/2/recording/?query=artist:Miley+Cyrus+recording:See+You+Again", host: "www.musicbrainz.org"
2015-04-25 11521, 2015
-
ruaok
astro has loads of these.
2015-04-25 11509, 2015
-
ruaok
let me know when you want me to take a server out.
2015-04-25 11518, 2015
-
bitmap
you can take astro out
2015-04-25 11540, 2015
-
ruaok
should be out.
2015-04-25 11542, 2015
-
bitmap twiddles thumbs...
2015-04-25 11556, 2015
-
ruaok
it appears search or search load balance related.
2015-04-25 11545, 2015
-
ruaok
how is it going?
2015-04-25 11550, 2015
-
bitmap
astro should be good now, it looked like there were a lot of old starman processes lying around
2015-04-25 11544, 2015
-
ruaok
astro in, pingu out
2015-04-25 11518, 2015
-
bitmap
hm, the provisions all hangs on 'git pull' now
2015-04-25 11530, 2015
-
bitmap
I can just restart the service but that seems bad
2015-04-25 11558, 2015
-
ruaok
please do a restart.
2015-04-25 11559, 2015
-
bitmap
ok, done
