From shuntim.luk at polyu.edu.hk  Tue Feb 13 00:17:58 2007
From: shuntim.luk at polyu.edu.hk (LUK ShunTim)
Date: Tue, 13 Feb 2007 16:17:58 +0800
Subject: [cAos] yum --installroot to non-standard location fails
Message-ID: <45D17436.2080601@polyu.edu.hk>

Hello,

I encountered this problem when trying to install a package in a
non-standard location.

/etc/caos-release is:
cAos: Community Linux release 2.0 (Lorien) 2006.09.09

This is what I did to install which into /opt/yum_test:

<quote>
$ sudo yum --installroot=/opt/yum_test install which

...
[lots of output, setting up initial repos, downloading 55 packages]
...
[tail of output showing traceback]
(51/55): libgcc-3.4.3-4.c 100% |=========================|  59 kB    00:00
(52/55): e2fsprogs-1.35-9 100% |=========================| 797 kB    00:00
(53/55): nscd-2.3.3-73.i3 100% |=========================| 214 kB    00:00
(54/55): sed-4.0.7-3.i386 100% |=========================| 111 kB    00:00
(55/55): libtermcap-2.0.8 100% |=========================|  13 kB    00:00
Running Transaction Test
Traceback (most recent call last):
  File "/usr/bin/yum", line 7, in ?
  File "yummain.py", line 156, in main
  File "cli.py", line 673, in doTransaction
  File "transaction.py", line 286, in test
  File "callback.py", line 87, in callback
OSError: [Errno 2] No such file or directory:
'/opt/yum_test/var/cache/yum/core/packages/termcap-11.0.1-17.1.noarch.rpm'
</quote>

However, the file *is* there:
<quote>
$ ls -al
/opt/yum_test/var/cache/yum/core/packages/termcap-11.0.1-17.1.noarch.rpm

-rw-r--r--  1 root root 246184 Feb  6 01:30
/opt/yum_test/var/cache/yum/core/packages/termcap-11.0.1-17.1.noarch.rpm
</quote>

My /etc/yum.conf is:
<quote>
[main]
cachedir=/var/cache/yum
debuglevel=2
logfile=/var/log/yum.log
pkgpolicy=newest
distroverpkg=caos-release
installonlypkgs=linux linux-smp kernel kernel-smp
exactarch=1
</quote>
with caos-2-core and caos-2-current enabled in /etc/yum.repos.d/

Thanks in advance for your help,
ST
--




From mej at caoslinux.org  Tue Feb 13 03:35:51 2007
From: mej at caoslinux.org (Michael Jennings)
Date: Tue, 13 Feb 2007 06:35:51 -0500
Subject: [cAos] yum --installroot to non-standard location fails
In-Reply-To: <45D17436.2080601@polyu.edu.hk>
References: <45D17436.2080601@polyu.edu.hk>
Message-ID: <20070213113551.GH7919@kainx.org>

On Tuesday, 13 February 2007, at 16:17:58 (+0800),
LUK ShunTim wrote:

> $ sudo yum --installroot=/opt/yum_test install which
> 
> ...
> [lots of output, setting up initial repos, downloading 55 packages]
> ...
> [tail of output showing traceback]
> (51/55): libgcc-3.4.3-4.c 100% |=========================|  59 kB    00:00
> (52/55): e2fsprogs-1.35-9 100% |=========================| 797 kB    00:00
> (53/55): nscd-2.3.3-73.i3 100% |=========================| 214 kB    00:00
> (54/55): sed-4.0.7-3.i386 100% |=========================| 111 kB    00:00
> (55/55): libtermcap-2.0.8 100% |=========================|  13 kB    00:00
> Running Transaction Test
> Traceback (most recent call last):
>   File "/usr/bin/yum", line 7, in ?
>   File "yummain.py", line 156, in main
>   File "cli.py", line 673, in doTransaction
>   File "transaction.py", line 286, in test
>   File "callback.py", line 87, in callback
> OSError: [Errno 2] No such file or directory:
> '/opt/yum_test/var/cache/yum/core/packages/termcap-11.0.1-17.1.noarch.rpm'
> </quote>

This is a yum issue.  cd into /opt/yum_test, mkdir opt, and then ln -s
../.. yum_test.  Then you'll have /opt/yum_test/opt/yum_test as a
symlink to the top level of the chroot (/opt/yum_test).  The packages
will be found properly after that.

Michael

-- 
Michael Jennings (a.k.a. KainX)  http://www.kainx.org/  <mej at kainx.org>
n + 1, Inc., http://www.nplus1.net/       Author, Eterm (www.eterm.org)
-----------------------------------------------------------------------
 "Take me in to the Holy of Holies.  Take me in by the blood of the
  Lamb.  Take me in to the Holy of Holies.  Take the coal; cleanse
  my lips; here I am."                                        -- Petra


From benjamin at py-soft.co.uk  Tue Feb 20 04:31:39 2007
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Tue, 20 Feb 2007 12:31:39 +0000
Subject: [cAos] cAos-3 problems.
Message-ID: <45DAEA2B.2020101@py-soft.co.uk>


I recently executed grab update on my devel box which successfully
updated quite a few packages.  However, now when I try grab update I get
the following error:

ERROR: Could not download:

'http://www.caoslinux.org/cgi-bin/mirror.pl?hostname=colin&username=anonymous&password=anonymous&distro=caos-3&edition=server'
404 Not Found


I've installed squid on this box and I would like to use it as a
transparent proxy.  It's not running NAT, so I've set it to be the
default gateway with intention of redirecting all traffic for port 80 to
squid on localhost, but iptables barfs as follows:

iptables -t mangle -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port
3128 --destination 127.0.0.1
iptables: Unknown error 4294967295

And various combinations, eg:

iptables -I FORWARD -p tcp --dport 80 -j REDIRECT --to-port 3128
--destination 127.0.0.1
iptables: Unknown error 4294967295

This link suggests that the solution is a kernel recompile:

"I got this message with the PSD and UNCLEAN modules, but I succeeded by
reconfiguring and compiling my kernel again.
Try to recompile your kernel source with CONFIG_IP_NF_TARGET_NETMAP=y
option in your .config file".

But reading further on and other links, maybe not...


I'd be grateful for any help resolving these issues (and help with the
iptables rules!).

Take care,

Ben



From benjamin at py-soft.co.uk  Tue Feb 20 04:38:53 2007
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Tue, 20 Feb 2007 12:38:53 +0000
Subject: [cAos] [Fwd: Your message to cAos awaits moderator approval]
Message-ID: <45DAEBDD.8080400@py-soft.co.uk>


... and I just had to resubscribe! :-/

Ben

-------- Original Message --------
Subject: Your message to cAos awaits moderator approval
From: caos-bounces at caoslinux.org

Your mail to 'cAos' with the subject

    cAos-3 problems.

Is being held until the list moderator can review it for approval.

The reason it is being held:

    Post by non-member to a members-only list

Either the message will get posted to the list, or you will receive
notification of the moderator's decision.  If you would like to cancel
this posting, please visit the following URL:


http://lists.caosity.org/mailman/confirm/caos/03b01a4a304537dc5bc7a00ff5b24b918b874b64




From benjamin at py-soft.co.uk  Tue Feb 20 07:28:19 2007
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Tue, 20 Feb 2007 15:28:19 +0000
Subject: [cAos] cAos-3 problems.
In-Reply-To: <45DAEA2B.2020101@py-soft.co.uk>
References: <45DAEA2B.2020101@py-soft.co.uk>
Message-ID: <45DB1393.3090701@py-soft.co.uk>

Benjamin Donnachie wrote:
> I've installed squid on this box and I would like to use it as a
> transparent proxy.  It's not running NAT, so I've set it to be the
> default gateway with intention of redirecting all traffic for port 80 to
> squid on localhost, but iptables barfs as follows:
> 
> iptables -t mangle -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port
> 3128 --destination 127.0.0.1
> iptables: Unknown error 4294967295

Ah!  I normally fiddle with this box over ssh, but plugging a monitor in
reveals a series of error messages to the effect that REDIRECT is only
valid for -t NAT...

Damned thing... :-)

Ben


From gmkurtzer at gmail.com  Tue Feb 20 08:19:14 2007
From: gmkurtzer at gmail.com (Greg Kurtzer)
Date: Tue, 20 Feb 2007 08:19:14 -0800
Subject: [cAos] cAos-3 problems.
In-Reply-To: <45DAEA2B.2020101@py-soft.co.uk>
References: <45DAEA2B.2020101@py-soft.co.uk>
Message-ID: <FD2A05D5-BAC4-43AB-9100-65C887F9DF91@gmail.com>

You will have to update "grab" with "caos-utils" found at:

    http://mirror.caoslinux.org/caos-3/packages/*/caos- 
utils-0.9.37-1.caos.i386.rpm

Then try:

    # caos upgrade

Let me know how that works for ya! :)

Greg

On Feb 20, 2007, at 4:31 AM, Benjamin Donnachie wrote:

>
> I recently executed grab update on my devel box which successfully
> updated quite a few packages.  However, now when I try grab update  
> I get
> the following error:
>
> ERROR: Could not download:
>
> 'http://www.caoslinux.org/cgi-bin/mirror.pl? 
> hostname=colin&username=anonymous&password=anonymous&distro=caos-3&edi 
> tion=server'
> 404 Not Found
>
>
> I've installed squid on this box and I would like to use it as a
> transparent proxy.  It's not running NAT, so I've set it to be the
> default gateway with intention of redirecting all traffic for port  
> 80 to
> squid on localhost, but iptables barfs as follows:
>
> iptables -t mangle -I PREROUTING -p tcp --dport 80 -j REDIRECT --to- 
> port
> 3128 --destination 127.0.0.1
> iptables: Unknown error 4294967295
>
> And various combinations, eg:
>
> iptables -I FORWARD -p tcp --dport 80 -j REDIRECT --to-port 3128
> --destination 127.0.0.1
> iptables: Unknown error 4294967295
>
> This link suggests that the solution is a kernel recompile:
>
> "I got this message with the PSD and UNCLEAN modules, but I  
> succeeded by
> reconfiguring and compiling my kernel again.
> Try to recompile your kernel source with CONFIG_IP_NF_TARGET_NETMAP=y
> option in your .config file".
>
> But reading further on and other links, maybe not...
>
>
> I'd be grateful for any help resolving these issues (and help with the
> iptables rules!).
>
> Take care,
>
> Ben
>
> _______________________________________________
> cAos mailing list
> cAos at caoslinux.org
> http://lists.caosity.org/mailman/listinfo/caos

--
Greg Kurtzer

    I believe the world would be a better place if people didn't  
believe in their beliefs. -- gmk




From mej at caoslinux.org  Tue Feb 20 08:47:03 2007
From: mej at caoslinux.org (Michael Jennings)
Date: Tue, 20 Feb 2007 11:47:03 -0500
Subject: [cAos] cAos-3 problems.
In-Reply-To: <45DAEA2B.2020101@py-soft.co.uk>
References: <45DAEA2B.2020101@py-soft.co.uk>
Message-ID: <20070220164703.GK24805@kainx.org>

On Tuesday, 20 February 2007, at 12:31:39 (+0000),
Benjamin Donnachie wrote:

> iptables -t mangle -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port
> 3128 --destination 127.0.0.1
> iptables: Unknown error 4294967295

It's -t nat, not -t mangle, and --destination is not necessary.
OUTPUT is the correct chain.

iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3128

Michael

-- 
Michael Jennings (a.k.a. KainX)  http://www.kainx.org/  <mej at kainx.org>
n + 1, Inc., http://www.nplus1.net/       Author, Eterm (www.eterm.org)
-----------------------------------------------------------------------
 "But when two people are at one in their inmost hearts, they shatter
  even the strength of iron or of bronze."              -- The I Ching


From benjamin at py-soft.co.uk  Tue Feb 20 09:40:53 2007
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Tue, 20 Feb 2007 17:40:53 +0000
Subject: [cAos] cAos-3 problems.
In-Reply-To: <20070220164703.GK24805@kainx.org>
References: <45DAEA2B.2020101@py-soft.co.uk> <20070220164703.GK24805@kainx.org>
Message-ID: <45DB32A5.60506@py-soft.co.uk>

Michael Jennings wrote:
> It's -t nat, not -t mangle, and --destination is not necessary.
> OUTPUT is the correct chain.

Will that work even if I'm not using nat on the box?

Take care,

Ben


From benjamin at py-soft.co.uk  Tue Feb 20 09:47:40 2007
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Tue, 20 Feb 2007 17:47:40 +0000
Subject: [cAos] cAos-3 problems.
In-Reply-To: <FD2A05D5-BAC4-43AB-9100-65C887F9DF91@gmail.com>
References: <45DAEA2B.2020101@py-soft.co.uk>
	<FD2A05D5-BAC4-43AB-9100-65C887F9DF91@gmail.com>
Message-ID: <45DB343C.5080100@py-soft.co.uk>

Greg Kurtzer wrote:
> You will have to update "grab" with "caos-utils" found at:
> 
>     http://mirror.caoslinux.org/caos-3/packages/*/caos- 
> utils-0.9.37-1.caos.i386.rpm

# rpm -Uvh caos-utils-0.9.37-1.caos.i386.rpm
rpmdb: Locker is not valid
rpmdb: Unknown locker ID: 11b8
error: db4 error(22) from db->close: Invalid argument
error: cannot open Packages index using db3 - Invalid argument (22)
error: cannot open Packages database in /var/lib/rpm
rpmdb: Locker is not valid
rpmdb: Unknown locker ID: 11ba
error: db4 error(22) from db->close: Invalid argument
error: cannot open Packages database in /var/lib/rpm

:-(

I've tried the windows approach of rebooting and then trying again...
I'll let you know if I manage to fix it! :)

Ben


From mej at caoslinux.org  Tue Feb 20 13:00:09 2007
From: mej at caoslinux.org (Michael Jennings)
Date: Tue, 20 Feb 2007 16:00:09 -0500
Subject: [cAos] cAos-3 problems.
In-Reply-To: <45DB32A5.60506@py-soft.co.uk>
References: <45DAEA2B.2020101@py-soft.co.uk> <20070220164703.GK24805@kainx.org>
	<45DB32A5.60506@py-soft.co.uk>
Message-ID: <20070220210009.GL24805@kainx.org>

On Tuesday, 20 February 2007, at 17:40:53 (+0000),
Benjamin Donnachie wrote:

> Will that work even if I'm not using nat on the box?

Technically you're "using NAT" the moment you fire up iptables.  The
iptables chain traversal pattern includes all built-in chains in all 3
tables (mangle, nat, and filter) regardless of whether or not any
particular chains are empty.  And also technically, once you use
REDIRECT, you're using NAT.

In other words, yes, it will work. :)

Michael

-- 
Michael Jennings (a.k.a. KainX)  http://www.kainx.org/  <mej at kainx.org>
n + 1, Inc., http://www.nplus1.net/       Author, Eterm (www.eterm.org)
-----------------------------------------------------------------------
 "Karate is a form of martial arts in which people who have had years
  and years of training can, using only their hands and feet, make
  some of the worst movies in the history of the world." -- Dave Barry


From benjamin at py-soft.co.uk  Tue Feb 20 18:41:48 2007
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Wed, 21 Feb 2007 02:41:48 +0000
Subject: [cAos] cAos-3 problems.
In-Reply-To: <20070220210009.GL24805@kainx.org>
References: <45DAEA2B.2020101@py-soft.co.uk>
	<20070220164703.GK24805@kainx.org>	<45DB32A5.60506@py-soft.co.uk>
	<20070220210009.GL24805@kainx.org>
Message-ID: <45DBB16C.60500@py-soft.co.uk>

Michael Jennings wrote:
> In other words, yes, it will work. :)

Ah...  The penny drops at last! :-)))

Finally got it working when I realised that I had a stray drop all in
the way!  D'oh!  It didn't seem to like the redirect on OUTPUT though
and would only behave if on the PREROUTING chain.

Take care,

Ben


From benjamin at py-soft.co.uk  Tue Feb 20 18:43:01 2007
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Wed, 21 Feb 2007 02:43:01 +0000
Subject: [cAos] cAos-3 problems.
In-Reply-To: <45DB343C.5080100@py-soft.co.uk>
References: <45DAEA2B.2020101@py-soft.co.uk>	<FD2A05D5-BAC4-43AB-9100-65C887F9DF91@gmail.com>
	<45DB343C.5080100@py-soft.co.uk>
Message-ID: <45DBB1B5.9040504@py-soft.co.uk>

Benjamin Donnachie wrote:
> I've tried the windows approach of rebooting and then trying again...
> I'll let you know if I manage to fix it! :)

I'm beginning to suspect some sort of database mismatch now that I've
updated...

Ah well, the box is doing what I wanted now so it can wait...

Ben


From benjamin at py-soft.co.uk  Tue Feb 20 18:52:22 2007
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Wed, 21 Feb 2007 02:52:22 +0000
Subject: [cAos] cAos-3 problems.
In-Reply-To: <45DAEA2B.2020101@py-soft.co.uk>
References: <45DAEA2B.2020101@py-soft.co.uk>
Message-ID: <45DBB3E6.7050102@py-soft.co.uk>

Benjamin Donnachie wrote:
> I've installed squid on this box and I would like to use it as a
> transparent proxy.  It's not running NAT, so I've set it to be the
> default gateway with intention of redirecting all traffic for port 80 to
> squid on localhost, but iptables barfs as follows:

Any tips on blocking p2p?  I'm currently looking at the snort docs but
was wondering whether anyone had any experience on here...

(I've had a change of heart and will be making this box externally facing).

Ben


From mej at caoslinux.org  Tue Feb 20 19:00:20 2007
From: mej at caoslinux.org (Michael Jennings)
Date: Tue, 20 Feb 2007 22:00:20 -0500
Subject: [cAos] cAos-3 problems.
In-Reply-To: <45DBB16C.60500@py-soft.co.uk>
References: <45DAEA2B.2020101@py-soft.co.uk> <20070220164703.GK24805@kainx.org>
	<45DB32A5.60506@py-soft.co.uk> <20070220210009.GL24805@kainx.org>
	<45DBB16C.60500@py-soft.co.uk>
Message-ID: <20070221030020.GA11165@kainx.org>

On Wednesday, 21 February 2007, at 02:41:48 (+0000),
Benjamin Donnachie wrote:

> Finally got it working when I realised that I had a stray drop all
> in the way!  D'oh!  It didn't seem to like the redirect on OUTPUT
> though and would only behave if on the PREROUTING chain.

The OUTPUT chain is for locally-generated packets.  The PREROUTING
chain is for packets passing through.  It seemed from your e-mail that
you were wanting to redirect local packets; if this was a firewall
that you wanted to use as a transparent proxy, then yes, PREROUTING is
correct.

Michael

-- 
Michael Jennings (a.k.a. KainX)  http://www.kainx.org/  <mej at kainx.org>
n + 1, Inc., http://www.nplus1.net/       Author, Eterm (www.eterm.org)
-----------------------------------------------------------------------
 "I've been doing the Fonda workout:  the Peter Fonda workout.  That's
  where I wake up, take a hit of acid, smoke a joint, and go to my
  sister's house and ask her for money."               -- Kevin Meaney


From benjamin at py-soft.co.uk  Tue Feb 20 23:19:55 2007
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Wed, 21 Feb 2007 07:19:55 +0000
Subject: [cAos] cAos-3 problems.
In-Reply-To: <45DBB1B5.9040504@py-soft.co.uk>
References: <45DAEA2B.2020101@py-soft.co.uk>	<FD2A05D5-BAC4-43AB-9100-65C887F9DF91@gmail.com>	<45DB343C.5080100@py-soft.co.uk>
	<45DBB1B5.9040504@py-soft.co.uk>
Message-ID: <45DBF29B.3050807@py-soft.co.uk>

Benjamin Donnachie wrote:
> I'm beginning to suspect some sort of database mismatch now that I've
> updated...

In the end all it needed was rm -f /var/lib/rpm/__db* :-)

Ben