Comments (0)

By Matthieu, 2012-12-29 23:46

Once again, my dear old WordPress blog has been terribly negelected for the past little while. I do however have good reasons for this.

1. Life and stuff has been busy this past year. This has given me a lot of new material to write about, but I’ve lacked the will to actually spend time and write any posts.
2. I spend a lot less time tinkering with computers in my free time. When I do, a lot of it has to do with enterprise software and such which is not as fun to write about.
3. OSx86 is no longer a part of my day-to-day. Since getting a job, and hence having the $ to be able to buy legit Apple products, there isn’t as much incentive for getting Mac OS X running on commodity PC hardware. Also, I’m not sure I like where Apple is going with their 10.7+ OS releases, so my hackintoshes and real Macs remain on 10.6.x.
4. There are too many ways to post things on the Internet. Twitter. Tumblr. Google+. Facebook. Pinterest. LinkedIn. WordPress. Posterous. Evernote. imgur. reddit. Springpad. the list goes on and on. I can’t decide what medium to use and what I actually want out of the whole thing.
5. My Internet “image”.  I have a pretty unique name – pretty sure I’m the only “Matthieu Yiptong” on the planet. So, when anyone googles my name, this blog is usually the top result. Nowadays it’s common practice for everyone from parents to employers to new acquaintances to girlfriends to google peoples’ names. Being slightly paranoid, I’ve been over-analyzing every potential idea I’ve had for a new blog post this year.
6. Platform choice. This blog probably has more technical posts than anything else. One of my colleagues at work has switched to using MediaWiki for his personal technical documentation. This makes sense because it’s easier to organize and format documentation on a wiki than on a blog. There are even wikis designed for documentation. This may be something to consider.
7. Domain name. I own matthieu.yiptong.ca, matthieuyiptong.ca and a few other domains. I’m trying to decide what the url for my blog should be –  whether or not changing it would be worth it and should I decide to change it, if there’s anyway to keep my google ranking and permalinks.

Hopefully now that I’ve gotten these reasons written down, I can get around to addressing each of them and streamline my blogging/posting/documentation in 2013!

Comments (0)

By Matthieu, 2010-11-27 22:53

I have a strange situation where I want to redirect a specific port on one host to another host. That is, traffic to 192.168.1.100:8080 => 192.168.1.101:8080.

Found the answer on LQ forums.

iptables -A PREROUTING -t nat -p tcp -d 192.168.1.100 --dport 8080 -j DNAT --to-destination 192.168.1.101 iptables -A POSTROUTING -t nat -p tcp -d 192.168.1.101 --dport 8080 -j SNAT --to-source 192.168.1.100

iptables -A PREROUTING -t nat -p tcp -d 192.168.1.100 --dport 8080 -j DNAT --to-destination 192.168.1.101 iptables -A POSTROUTING -t nat -p tcp -d 192.168.1.101 --dport 8080 -j SNAT --to-source 192.168.1.100

Don’t ask me why this works. It just does. Well, the first line makes sense, but I have no idea what the second is doing.

After looking at the rule in Webmin, I think I figured it out.

1. When a packet arrives at this computer, if protocol is TCP and destination is 192.168.1.100/32 (local IP) and destination port is 8080 then Destination NAT (change destination IP) to 192.168.1.101
2. When a packet leaves this computer, if protocol is TCP and destination is 192.168.1.101/32 and destination port is 8080 (as would be the case for any packet modified by the above rule), then Source NAT (change source IP) to 192.168.1.100. (This ensures that the remote host .101 returns any packets via this computer, .100, rather than simply attempting to send them to the original requesting host.)

Update: This even works on an OpenVZ container! Just need to enable iptables nat in the vz config on the hardware node (VM host) [source].

nano /etc/vz/vz.conf

Then do Control W and SEARCH for IPTABLES

Comment out (by adding a # symbol to the line ) the current IPTABLES= line

and then copy/paste and add this line directly underneath the line you just commented out.

IPTABLES="ipt_REJECT ipt_recent ipt_owner ipt_REDIRECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

It is important to make sure this is all in 1 line and that it does not wrap.

Now Control-S and save – overwriting the current file.

Finally do an /etc/init.d/vz restart
to restart openVZ.