LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Blogs
User Name
Password

Notices


Old

Docker, systemd-resolved and corporate VPN

Posted 04-29-2021 at 11:44 AM by serafean
Tags docker, systemd

There's no going around it, I really need that docker image now. Unfortunately everything is corporate. apt repositories, conan repositories. Docker needs resolve and contact machines through the local openconnect vpn0 interface.

1. Docker kills my internet

My LAN runs in the 172.17.0.0/16 range. Docker uses that same range.
Easy fix. Set it in daemon.json
Code:
{
  "default-address-pools": [
    {
      "base": "172.22.24.0/24",
...
Member
Posted in Uncategorized
Views 887 Comments 0 serafean is offline
Old

Setting up DNS in 2017 - A record to TLSA

Posted 03-23-2017 at 02:28 PM by serafean
Updated 03-23-2017 at 03:14 PM by serafean

I set off on the journey to set up DNS as correctly as I could. After reading through a lot of stuff, here are my findings:
This example server will have on IP, and will run a web server, and an email server.
This is more of a setup dump than tutorial, but might point someone in the right direction...

Prequisites:

First, create an A (AAAA for ipv6 ) record for the domain :
Code:
example.net. 1800 IN A 127.0.0.1
Basic explanation of the entry
  • example.net.
...
Member
Posted in Uncategorized
Views 2566 Comments 0 serafean is offline
Old

nftables NAT

Posted 10-03-2016 at 04:04 PM by serafean
Updated 10-03-2016 at 04:08 PM by serafean

Finally getting around to writing the continuation of this howto. Now lets take a look at a basic router firewall.
Basic ruleset configuration is described here.
This ruleset only sets up ipv4 nating, no filtering is set up (that will be covered later)
The following is an nft configuration file. To be loaded with nft -f.
Code:
define if_wan = eth0
table ip filter {
        map tcp_nat_map {type inet_service : ipv4_addr;}
        map udp_nat_map
...
Member
Posted in nftables
Views 3792 Comments 0 serafean is offline
Old

systemd yacy "hardened" unit

Posted 08-31-2016 at 01:51 PM by serafean

This is more of an archive for my yacy service file
Code:
[Unit]
Description=Yacy distributed search engine

[Service]

#Service
Type=forking
GuessMainPID=yes
ExecStart=/opt/yacy/startYACY.sh
ExecStop=/opt/yacy/stopYACY.sh
User=yacy
Group=yacy
WorkingDirectory=/opt/yacy

# Hardening
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
ProtectHome=yes
NoNewPrivileges=yes
...
Member
Posted in Uncategorized
Views 828 Comments 0 serafean is offline
Old

systemd 219 && systemd-networkd changes

Posted 02-22-2015 at 07:45 AM by serafean
Tags systemd

The recent update to systemd sent it to version 219. Per the changelog, .network files gained two new configuration values
Code:
IPForward
IPMasquerade
After the upgrade, my Gentoo box stopped routing packets to the internet. NAT was setup correctly, so the issue couldn't be there.

It appears that systemd by default sets the forwarding sysctl of each interface to 0. In order for packets to be forwarded, this must be set to 1. /etc/sysctl.conf was of no help.
...
Member
Posted in Uncategorized
Views 1614 Comments 0 serafean is offline

  



All times are GMT -5. The time now is 10:19 PM.

Main Menu
Advertisement
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration