Linux

Correct IP logging with sslh

2 minute read Modified:

Logging when using sslh

On a server I use sslh to allow ssh to port 443 and allow serving https sites at the same time. But when this is used, the logging for the TLS/SSL vhosts all show 127.0.0.1 as the source IP. This post will fix this problem

Needed changes

The original documentation mentioned the transparent mode, but when I tried to set it up on a test system it didn’t work. After searching I found a good article which works and does not need iptables configuration.

eth0: mismatched read page pointers 4c vs ff

2 minute read Modified:

The situation

I still have an old 486SX25 system which I use to run multiple ssh sessions to different other systems. For instance to use IRC or view email. This way I can keep track of those things when doing things in fullscreen on my main desktop. The system started showing the following error on every virtual console:

eth0: mismatched read page pointers 4c vs ff

After a time I saw the connections to other systems fail.

How to make a file empty on linux

1 minute read Modified:

Why use :> instead of > ?

During a IRC conversation somebody mentioned that using :> was a better way than using >. So to make a file named testfile empty you would use

:> testfile

The explaination is that :> is more portable. Some shells (such as zsh) auto-instantiate a cat in the current shell and listen for stdin when given a redirect with no command. Rather than cat /dev/null, : is much simpler. Often this behavior is different in interactive shells rather than scripts, but if you write the script in a way that also works interactive, debuging by copy-paste is much easier.

iptables range is reversed and will never match

2 minute read Modified:

This blogpost was original posted on Capitar’s blog

The problem

When customers ask us to allow some IP addresses to their services they might give us an IP-range in the following way.

10.0.0.1-6

This means they want the following IP addresses to have access: 10.0.0.1, 10.0.0.2, 10.0.0.3, 10.0.0.4, 10.0.0.5 and 10.0.0.6. But when you use this notation with iptables it gives an warning.

# iptables -A INPUT -m iprange --src-range 10.0.0.1-6 -j ACCEPT
xt_iprange: range 10.0.0.1-6 is reversed and will never match

This message is not displayed when 10.0.0.1-16 is used, although this will not result in the expected result.

Recent posts
- full list -