Comments (0)

By Matthieu, 2010-11-27 22:53

I have a strange situation where I want to redirect a specific port on one host to another host. That is, traffic to 192.168.1.100:8080 => 192.168.1.101:8080.

Found the answer on LQ forums.

iptables -A PREROUTING -t nat -p tcp -d 192.168.1.100 --dport 8080 -j DNAT --to-destination 192.168.1.101 iptables -A POSTROUTING -t nat -p tcp -d 192.168.1.101 --dport 8080 -j SNAT --to-source 192.168.1.100

iptables -A PREROUTING -t nat -p tcp -d 192.168.1.100 --dport 8080 -j DNAT --to-destination 192.168.1.101 iptables -A POSTROUTING -t nat -p tcp -d 192.168.1.101 --dport 8080 -j SNAT --to-source 192.168.1.100

Don’t ask me why this works. It just does. Well, the first line makes sense, but I have no idea what the second is doing.

After looking at the rule in Webmin, I think I figured it out.

1. When a packet arrives at this computer, if protocol is TCP and destination is 192.168.1.100/32 (local IP) and destination port is 8080 then Destination NAT (change destination IP) to 192.168.1.101
2. When a packet leaves this computer, if protocol is TCP and destination is 192.168.1.101/32 and destination port is 8080 (as would be the case for any packet modified by the above rule), then Source NAT (change source IP) to 192.168.1.100. (This ensures that the remote host .101 returns any packets via this computer, .100, rather than simply attempting to send them to the original requesting host.)

Update: This even works on an OpenVZ container! Just need to enable iptables nat in the vz config on the hardware node (VM host) [source].

nano /etc/vz/vz.conf

Then do Control W and SEARCH for IPTABLES

Comment out (by adding a # symbol to the line ) the current IPTABLES= line

and then copy/paste and add this line directly underneath the line you just commented out.

IPTABLES="ipt_REJECT ipt_recent ipt_owner ipt_REDIRECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

It is important to make sure this is all in 1 line and that it does not wrap.

Now Control-S and save – overwriting the current file.

Finally do an /etc/init.d/vz restart
to restart openVZ.

Comments (1)

By Matthieu, 2010-11-26 22:49

YOU SUCK AT POWERPOINT!.

A nicely designed presentation about PowerPoint presentations.

Comments (2)

By Matthieu, 2010-11-23 22:48

Just reorganized my desk at home.

Lesson learned: Halogen desk lamps and plastic monitor bezels don’t mix.

Comments (0)

By Matthieu, 2010-11-23 22:41

So it’s the end of November. Haven’t written a post in the “Life” category in ages. Anyway, finally got my car stuff sorted out, and got my new workstation at work. Helped a few people out, cleaned up my desk, finalized the new FreeBSD-based captive portal… I did manage to miss lunch, which I regret now. I really like hanging out in our depressing little lunch room at work, because while the room might be a bit of a downer, the company is good. Overall, I must say I had a pretty good day today.

Would have been nicer if the temperature didn’t just drop like 20 degrees between 8am and 8pm. Anyway, I suppose it is November after all.

Isn’t it strange that Americans are celebrating Thanksgiving this week? Pumpkins and fall foliage and turkey and all that seems like ages ago for us in Canada. Everything here is cold and frozen, albeit with Christmas just out of sight around the corner. I really could use an apple cider right now.

Another thing I find strange (well not really strange, but kind of wrong) is how Thanksgiving has been turned into another excuse to watch football and go shopping. Black Friday sales anyone? So much for “thanks”.

And what about this Macy’s parade? What’s that all about? This past weekend we had the Santa Claus parade in both Brampton and Toronto (the latter of which I stumbled into whilst on my way to a beautiful choir performance).

My final thought for today: I really need to take to writing more. I’m completely out of practice. Fragmented sentences, unorganized thoughts… ugh. Speaking a random combination of English and French at work can’t be helping either.

Comments (0)

By Matthieu, 2010-11-13 23:17

Was a bit bored, and just set up my Asterisk PBX with outbound calling via Google Voice. As such, I decided to abuse the free calling service to contact a few major American tech companies. Here’s what their IVRs said.

Apple (408-996-1010):

Thank you for calling Apple. We are closed. Apple’s normal business hours are 8AM to 5PM Pacific Time, Monday to Friday. If you are calling for Product Sales, press 1. Technical Support,  2. If you are calling for any other reason, please call back during normal business hours and thank you for calling Apple.

Google (650-253-0000):

Thank you for calling Google! If you know the extension of the person you would like to reach, dial it now, followed by the # key. Press 8 to dial by name. At any time during this greeting Press 9 for the main menu. Most of your questions can be answered by using one of the following 5 options: Interested in advertising, call….

Microsoft (1-800-642-7676):

Thanks for calling Microsoft! Your call may be monitored and recorded. To get started, tell me what you’d like help with. You can say Tech support, pre-sales information, security, partner support, or Call an employee.

I think all 3 of these messages really say what each company’s attitude is.

First Apple. Their message says “We’re closed. Don’t bother us. Call us back at a time that’s more convenient for us here at Apple. Or, if you’d like to buy stuff, press 1. If your Apple stuff is broken, press 2. Otherwise, bug off.” Also, note this message is said in a rather unwelcoming voice.

Second, Google. Their voice is considerably more friendly. And, true to their roots in search/information, they provide you with a bunch of options which hopefully will get you what you want, with the least amount of effort from them or you.

Finally, Microsoft. Again, a happy voice that sounds excited that you called. Then, the legal disclaimer about call recording before anything starts. Also, note the very familiar tone, using words such as “Thanks” and “tell me what you’d like help with”. Very Windows 7. It’s interesting to note this is the only one of the three that uses voice recognition technology. And of course, the menu options correspond to the things Microsoft values most. Tech support (probably for a fee), sales, “security”, and business partners.

Comments (1)

By Matthieu, 2010-11-10 12:13

A handy, colourful guide to configuring cron, the *nix task scheduler.

Stolen from: http://www.notesbit.com/index.php/scripts-unix/crontab-quick-complete-reference-setting-up-cronjobs-in-unix-and-linux/

Comments (0)

By Matthieu, 2010-11-02 16:33

Last week, I went to watch The Social Network with my cousin. I was quite impressed with the lines they gave Mark Zuckerberg when he was describing how he “hacked” together facemesh. I never imagined anyone in hollywood would know what Apache or wget was, much less mention it in a film. Turns out they aren’t that creative, they just pulled the lines from Mark Zuckerberg’s Online Diary.

Oh well.

At least they paid enough attention to use KDE3 on the screens in the movies, instead of one of those bogus future-computer interfaces.