Computer

Logging when using sslh

On a server I use sslh to allow ssh to port 443 and allow serving https sites at the same time. But when this is used, the logging for the TLS/SSL vhosts all show 127.0.0.1 as the source IP. This post will fix this problem

Needed changes

The original documentation mentioned the transparent mode, but when I tried to set it up on a test system it didn’t work. After searching I found a good article which works and does not need iptables configuration.

Why an IPsec tunnel?

Previously I used a tinc tunnel between me and my parents’ server. This situation was not ideal because my parents’ server had to be the gateway for some things to be able to use them via the tunnel, while the FRITZ!Box was the real gateway. Since I wanted to replace my gateway with an EdgeRouter Lite, I used this to setup an IPsec tunnel with the FRITZ!Box.

merge does not work via scp

When I was testing something with my EdgeRouter Lite, I saw some command that might help me create a config outside the router itself and then load it. One of them was the merge command, so I tried to use it. The help information on the CLI was the following:

# merg<tab><tab>
Possible completions:
  merge         Load configuration from a file and merge running configuration
      
[edit]
# merge <tab>
Possible completions:
  <Enter>                               Merge from system config file
  <file>                                Merge from file on local machine
  scp://<user>:<passwd>@<host>/<file>   Merge from file on remote machine
  ftp://<user>:<passwd>@<host>/<file>   Merge from file on remote machine
  http://<host>/<file>                  Merge from file on remote machine
  tftp://<host>/<file>                  Merge from file on remote machine

      
[edit]
#

Why this item

When I was searching how to setup my new EdgeRouter Lite, I came across a link that would explain why using a zone based firewall is better than a per-interface firewall. Unfortually the webpage was no longer reachable, but at least google cache still had the text available. Because it is a good article, I put the text here as a backup. The original also has some pictures as can be seen by the archived page.

Per Interface vs. Zone Based Firewall

Every so often, I get asked the question of why I feel a Zone based firewall is better than a per-interface firewall. It can be a complicated question to answer depending on the asker’s level of understanding. So my goal here is to provide a simple and clear description of why a zone based firewall is the more secure solution.

In all firewall variants, we do matching against multiple attributes of a packet. Source IP, Source Port, Destination IP, Destination Port, session state, protocol and various other logical values depending on the implementation. The primary difference between ACLs and Zones are how they apply to the physical or layer 2 characteristics.

Using dnstop

When analysing a problem at work a colleague mentioned dnstop. So I decided to run it on my local DNS server. Then I noticed an Ubuntu system doing a lot of DNS queries when it wasn’t really used.

When using tcpdump on the DNS server I noticed the system dit a query for daisy.ubuntu.com every 10 seconds.