Zsub's questions

I seem to have encountered a bug in vzctl's installation. Upon installing it in a clean CentOS6.5-minimal installation according to the official wiki, network connectivity is limited to pinging IP addresses (I suspect ICMP traffic only).

I have created a bugreport with steps to reproduce, also copied here:

1. Install node with CentOS-6.5-x86_64-minimal.iso
2. ifup eth0 and ping google.com to observe DNS resolution and network connectivity.
3. Install wget (yum install wget).
4. Follow steps on http://wiki.openvz.org/Quick_installation to install vzkernel, vzctl, vzquota, and ploop.
5. reboot
6. ifup eth0 and ping google.com to observe NO DNS resolution and network connectivity.
7. Edit /etc/modprobe.d/openvz.conf to options nf_conntrack ip_conntrack_disable_ve0=0 and save.
8. reboot
9. ifup eth0 and ping google.com to observe DNS resolution and network connectivity.

Note that disabling iptables via service iptables stop restores connectivity, but that is a 'suboptimal' (hum hum :P ) workaround.

This is the output from iptables-save:

# iptables-save
# Generated by iptables-save v1.4.7 on Wed Apr 30 12:50:00 2014
*mangle
:PREROUTING ACCEPT [110:16800]
:INPUT ACCEPT [107:15810]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [35:4954]
:POSTROUTING ACCEPT [35:4954]
COMMIT
# Completed on Wed Apr 30 12:50:00 2014
# Generated by iptables-save v1.4.7 on Wed Apr 30 12:50:00 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [35:4954]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Apr 30 12:50:00 2014

I have a running ProxmoxVE 3.1 cluster which is up-to-date and can reach all destinations.

I have installed the default debian-7 template to a node, with bridged network via a veth interface. The guest gets its IP via DHCP on a separate router (which I tested), but it can only reach the node it is residing on. I have run tcpdump on the node for the veth of that guest and I see a lot of ARP traffic that goes unanswered.

There is no firewall running.

I have cloned a module for virtual machines, but when I try to apply a virtual machine to a node, I get Error: Could not find a suitable provider for virt, which is understandable given that the contents of init.pp specify that a virtualization-capable kernel should already be running (a Xen or OpenVZ kernel).

However, with the included init.pp, I'd expect a failure message somewhere when running puppet agent --test --debug on the node:

class virt {

  fail "testfail"

  case $::virtual {
    /^xen/: { include virt::xen }
    #/^kvm/: { include virt::kvm }
    /^openvzhn/: { include virt::openvz }
  }
}

But it fails with the error above, Error: Could not find a suitable provider for virt. My node definition:

node 'hostname' {

  # common is a custom module including SSH keys, works fine
  include common

  virt { "1001":
    memory => 1024,
    cpus => 4,
    tmpl_cache => "debian-6.0-x86_64",
    ensure => running,
    virt_type => "openvz"
  }
}

EDIT: I know how to use NAT, I specifically want the server to be reachable on two IP's, one private, one public, with the firewall of the OpenWRT in between, if feasible.

At the office we have recieved a /29 from our ISP. The first address is reserved for their endpoint, so I'm free to use five addresses.

We run a local network, so of course there is a router in between running OpenWRT to provide all hosts with (W)LAN (dhcp from a private range).

However, we also have a server running OS X Server 10.6 (Snow Leopard) and I'd like that server to be accessible both from the LAN using a private IP as well as from the WAN on it's own public IP.

Point of note is that the server only has one network port, so multiple NICs is not an option, unfortunately.

How would I go about doing this?

I have a Mac Mini server running Snow Leopard and installed Redmine.

I would now like my users to be able to authenticate against the Open Directory server, but can't get it to work.

Here's how I set up Redmine (please forgive me for slightly altering the domainnames):

Name     = My Directory
Host     = host.subdomain.domain.org
Port     = 389
LDAPS    = no
Account  = uid=root
Password = $rootpassword
Base DN  = DC=host,DC=subdomain,DC=domain,DC=org

On-the-fly user creation = yes
Attributes
  Login     = sAMAccountName
  Firstname = givenName
  Lastname  = sN
  Email     = mail

But everytime I try to log in with an account that is in the open directory it'll tell me Invalid user or password and the login attempt doesn't even show up in the ldap logs.

Variations of the account I've been through:

root                            did nothing, 'wrong dn' in ldap logs
[email protected]       Can't login: "Invalid user or password", nothing in logs
[email protected]  Can't login: "Invalid user or password", nothing in logs
uid=root                        Can't login: "Invalid user or password", nothing in logs
cn=root                         Can't login: "Invalid user or password", nothing in logs

Variations of the Login attribute:

sAMAccountName "Invalid user or password"
uid            "Invalid user or password"

For the office we recently bought a WNDR3700 (v1) to accomodate our growing (from one wired and about four wireless to four wired and about eight wireless clients, so not really large) network. We have a Mac Mini server set up as DHCP and DNS server (it has a static IP), so it serves IPs and sets itself as the DNS. I have disabled the DHCP server on the WNDR3700.

What happens is that sometimes the DNS server is not reachable by most (but not all) clients.

I have verified that all clients can ping all other clients, the gateway and hosts on the internet, except that some clients cannot ping to the DNS/DHCP server. Those clients also cannot use nslookup (or dig).

I do not know about any restrictions on the DNS/DHCP server. It's logs don't state anything out of the ordinary and there are no (obvious?) errors.

Update

So the connection was lost again so I tried pinging the DNS server from a PC.

ping 192.168.1.255

gave replies from 192.168.1.2 (the DNS server), but no other machine.

ping 192.168.1.2

gives only timeouts.

Pinging 192.168.1.255 from a working machine gives replies from all other working machines on the network.

When I open Workgroup Manager on the mac mini server it takes forever to load. I have changed the servers DNS to it's 'public' IP instead of it's loopback address, but that didn't work.

I'm trying to stream (multicast) a x264 encoded file using VLC. This in itself succeeds, but the stream has a huge lot of artifacts. This seems to suggest that the data cannot be transported fast enough. If I check network usage, though, it's only using about 15 mbit.

I have a similar SD stream which functions perfectly. I think I could improve stream performance by not streaming the raw data, but I cannot seem to get this working. It seems that on keyframes all artifacts are removed for a short while (less than a second).

This is the command I use:

vlc -vv hdtest.mkv --sout '#duplicate{dst=rtp{dst=ff02::1%eth1,mux=ts,port=5678,sap,group="Testgroup",name="TeststreamHD"}}' --loop

Which is all one long line.

I really do not want to transcode the stream. In the future this box would have to offer multiple streams. We're talking about a P4 2,8 gHz with 2 GBs of memory.

I am trying to set up a CentOS 5.4 box to use a static IPv4 address, while getting a dynamic IPv6 address at boot time.

I have only one interface, apart from the loopback interface, eth0. It has a static v4 and internet connectivity (I can SSH in). However, it doesn't get an IPv6 by default.

I have enabled IPv6 in /etc/sysconfig/network and I have added IPV6INIT=yes to the config in /etc/sysconfig/networking/devices/.

If I use dhcp6c it does get a valid IPv6 address, but the main question is how do I configure it to get one at boot-time?