On a server I use sslh to allow ssh to
port 443 and allow serving https sites at the same time.
But when this is used, the logging for the TLS/SSL vhosts all show
127.0.0.1 as the source IP.
This post will fix this problem
Needed changes
The original documentation
mentioned the transparent mode, but when I tried to set it up on a test
system it didn’t work. After searching I found a good
article which works
and does not need iptables configuration.
I still have an old 486SX25 system which I use to run multiple ssh
sessions to different other systems. For instance to use IRC or view
email. This way I can keep track of those things when doing things in
fullscreen on my main desktop.
The system started showing the following error on every virtual console:
eth0: mismatched read page pointers 4c vs ff
After a time I saw the connections to other systems fail.
During a IRC conversation somebody mentioned that using :> was a
better way than using >.
So to make a file named testfile empty you would use
:> testfile
The explaination is that :> is more portable. Some shells (such as
zsh) auto-instantiate a cat in the current shell and listen for stdin
when given a redirect with no command. Rather than cat /dev/null, : is
much simpler. Often this behavior is different in interactive shells
rather than scripts, but if you write the script in a way that also
works interactive, debuging by copy-paste is much easier.
When customers ask us to allow some IP addresses to their services they
might give us an IP-range in the following way.
10.0.0.1-6
This means they want the following IP addresses to have access:
10.0.0.1, 10.0.0.2, 10.0.0.3, 10.0.0.4, 10.0.0.5 and 10.0.0.6. But when
you use this notation with iptables it gives an warning.
# iptables -A INPUT -m iprange --src-range 10.0.0.1-6 -j ACCEPT
xt_iprange: range 10.0.0.1-6 is reversed and will never match
This message is not displayed when 10.0.0.1-16 is used, although this
will not result in the expected result.