The geoip iptables extension allows you to filter, nat or mangle packets based on the country’s source or destination. This does exactly what the geoip apache module does, or the regular geoip binary, but at the iptables level. I would not go into the details why you would want to use that, but there are many ‘positive’ ways it can be useful… For example myself I use it in a project where we want to serve customized content for different countries. Since this is a high traffic site running on many web servers behind a loadbalanced setup, we prefer to split this at the loadbalancer level and not at apache level, to simplify our setup. We serve customized content to the US based visitors, while for the other countries we serve another international site.

Now this has been working fine for a long time now, using the original geoip module and patch-o-matic-ng method of installation (similar to what is very well described here). Still, this is unmaintained, and starting with kernel 2.6.22 it is no longer working. There is a patch that will make it work with a newer kernel, but if you run iptables 1.4.x this will again fail and even if there are some manual walkarounds this is still not the best solution.

The solution is called Xtables-addons. Xtables-addons is the successor to patch-o-matic-ng. Likewise, it contains extensions that were not, or are not yet, accepted in the main kernel/iptables packages. Xtables-addons is different from patch-o-matic in that you do not have to patch or recompile the kernel, sometimes recompiling iptables is also not needed.
The latest version 1.12 supports: iptables >= 1.4.1 and kernel-source >= 2.6.17.

Read the rest of this entry »

Even though at some point it looked like debian lenny will not have full xen support (for the 2.6.26 amd64 kernel) in the end this was fixed and lenny supports fully Xen ever on amd64. Upgrading from 2.6.18 to 2.6.26 is very straightforward (though we were using xen-hypervisor 3.2-1 already) and the only problem noticed was that the console on the domU machines was no longer working: it was showing the output correctly, but you could not enter anything on the console.

This is caused by the ‘new Xen console’ (xen now uses hvc0 for its console) and to fix it you have to add to your virtual machine xen configuration file one line: extra = “console=hvc0 xencons=tty”, restart the vm and it should be fine. In /etc/xen/<myvm>.cfg add this line:
extra = "console=hvc0 xencons=tty"

Read the rest of this entry »

The latest MySQL Community Edition release, 5.0.67 will not be included in Debian Lenny as the distribution is frozen meaning no upstream new releases are going to be included into testing before lenny is released. Lenny will ship with MySQL 5.0.51a, while 5.0.67 (or a newer version if that will be the case) will be added to debian testing right after the release.

In the meantime, if you want to use 5.0.67 you can either download the source packages from MySQL or use the packages Norbert Tretkowski (one of the mysql package maintainers) has made available. The deb sources allow you to recompile the package on any architecture you might need it (only amd64 binary packages are provided).

Source: http://tretkowski.de/blog/archives/418-MySQL-5.0.67-not-uploaded-to-Debian.html

Debian GNU/Linux has published a new release update outlining the current status and upcoming goals of the project before the expected September release of version 5.0 “Lenny”.

Among the more interesting release goals:

• GCC 4.3 as the default compiler on all architectures
• Switch /bin/sh to dash
• Prepare init.d-Scripts for dependency-based init systems
• Support for python2.5
• Transition to Perl 5.10

Read the rest of this entry »

It seems that the Debian team doesn’t like to release minor versions anymore. After Debian 4.0 (code name “Etch”) released last year, the next Debian release (code name “Lenny“) will be numbered as Debian 5.0 as announced yesterday by Marc Brockschmidt: “For reading this far, you receive the small reward of the knowledge that Lenny will be shipped as Debian 5.0.”

Also interesting enough he mentioned that Lenny might be released with KDE4:
“There may be a possibility to include KDE 4 in Lenny. The efforts on KDE 4.1 have been quite promising and seem to be leading to a desktop environment which can fully replace KDE 3. The KDE team will provide betas and release candidates of the 4.1 release in experimental. In the event that KDE 4.1 is on time, and there are no major issues, an upload to unstable in order to include it in Lenny is possible.”

The development of Debian GNU/Linux 5.0 seems to be on track and the final release is still expected in September 2008.