Recent searches
Search options
#nat
Qiita - 人気の記事 
Parece una chorrada pero hay tela de operadores hoy en día detrás de una #NAT que no te sacan o te cobran por ello. Incluso más que antes con xDLS y el añorado cable coaxial; por nostalgia solo.
Interessante Beobachtung: Der Airbnb Hotspot verwendet irgendeine interessante Technologie um IPv6-Seiten zu erreichen:
$ curl -v -6 https://icanhazip.com
* Host icanhazip.com:443 was resolved.
* IPv6: ::ffff:104.16.184.241, ::ffff:104.16.185.241
* IPv4: (none)
* Trying [::ffff:104.16.184.241]:443...
Mein Gerät hat keine eigene IPv6-Adresse, dennoch funktioniert die Verbindung.
Ist das sowas wie DNS64 und NAT64 nur andersrum?
Ole Trøan discusses mistakes and missed opportunities with #IPv6 design. https://medium.com/@oletroan/the-mistakes-and-missed-opportunities-in-ipv6-d88ceb3d7feb #nat
any application needing to communicate large messages with UDP must implement packetization, retransmission, reordering, etc-- the same things that TCP already implements for us. Many applications that have 'rolled their own TCP' in userspace have ended up with exploitable bugs in them, so it isn't something that should be done without good cause.
#UDP also has the issue of #NAT traversal: Getting bidirectional communication across a NAT with UDP is not a simple matter. Crossing anything more complicated than a full cone nat requires considerable amounts of special code but without it there will be a many hosts that just can't talk to other peers with UDP.
https://bitcoin.stackexchange.com/questions/56485/can-someone-please-explain-fibre-to-me-like-im-5-and-why-is-it-useful
stdin:2: syntax error
pfctl: Syntax error in config file: pf rules not loaded
Here my pf.conf
lo_if="lo1"
ext_if="vmx0"
jail_if="vmx0bridge"
#set block-policy return
scrub in on $ext_if all fragment reassemble
set skip on lo
set skip on $jail_if
table <jails> persist
nat on $ext_if from <jails> to any -> ($ext_if:0)
#nat on $ext_if from $jail_if:network to any -> ($ext_if)
#nat on $jail_if from $jail_if:network to any -> ($jail_if)
#nat on $lo_if from $jail_if:network to any -> ($lo_if)
rdr-anchor "rdr/*"
#block in all
pass out quick keep state
#antispoof for $ext_if inet
pass in inet proto tcp from any to any port ssh flags S/SA keep state
pass in on $ext_if inet proto icmp to ($ext_if) icmp-type { unreach, redir, timex, echoreq }
pass in on $ext_if inet proto icmp to ($jail_if) icmp-type { unreach, redir, timex, echoreq }
pass in on $jail_if inet proto icmp to $jail_if:network icmp-type { unreach, redir, timex, echoreq }
My BastilleBSD version is 0.13.20250126
DNATの先はDNATにできない? ~iptablesの制約とKubernetesの裏側~
https://qiita.com/reoring/items/730f9b221cb6104d46bf?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items
Finally run debian12 with gui thanks to vm-bhyve on freebsd14 after several month of tweaking and learning. Really big thank to @vermaden and his article https://vermaden.wordpress.com/2023/08/18/freebsd-bhyve-virtualization/ 
But one thing I still dont get it. I have a problem with resolving a DNS on the VM. IP addreses works well but domain names like google.com not at all. I solved it by adding "nameserver 8.8.8.8" in /etc/resolv.conf in VM, but I am not sure if I solve it well and dont understabd why I have to solve it anyway, I do not remeber that I would have to set it.
I se vm-bhyve with host wifi wlan interface so I had to set NAT in PF, in article it is a section laptop wifi nat. Is it normal to set resolv.conf file in VM?
FUCK NAT MODE, FUCK BRIDGE MODE, FUCK VIRTUALIZATION, FUCK DOCKER, FUCK CONTAINIZATION, FUCK VMWARE, FUCK VIRTUALBOX, FUCK LXC, FUCK PROXMOX, FUCK FIREWALLS, FUCK NETWORKING, AND FINNALY FUCK COMPUTERS.
Here's a great clip from the #NatKingCole Show in the 50's featuring musicians from #NormanGranz 's #JazzAtThePhilharmonic #JATP group including but not limited to Oscar Peterson, Ray Brown, Herb Ellis, Stan Getz, Illinois Jacquet, Coleman Hawkins, Jo Jones & Roy Eldridge.
Most people don't know that #Nat got his start in jazz as a piano player & transitioned to being popular music singer.
There are some get sets w/Nat featuring a variety of JATP musicians which are timeless.
This early 50' period in jazz is called #Modern but I call it #Timeless bc it is my favorite period in American jazz history.
Nat's performance of "Paper Moon" & "Tenderly" are classic.
My journey through the #Jellyfin ecosystem continues. Yesterday I tried out #Manet (iPhone Jellyfin client that works with #CarPlay w/ local file downloads). Works great! I need to get more playlists organized for easier nav though. An album/artist 'coverflow' view would be cool.
Now to implement a reverse proxy on one of my #cloud services so I can get Jellyfin exposed outside of carrier grade #NAT (#Bell Canada #CGNAT).
Also, converting my #DMZ #Docker host to #Podman (as one does).
The only place NAT should be allowed is lab/experiment networks, where you might need to duplicate a production IP range.
"But what about the office network, there is no reason that anyone should ever need to connect directly to an office PC". Once you use NAT there, your IP telephony software needs fragile workarounds just for Sally in marketing to be able to call Alice in legal. And in the next version, those fragile workarounds will be replaced with a cloud service that sells your trade secrets to your competitor.
"But Skype just works". Skype is a great example of the above, it used to have all kinds of NAT workarounds, now it goes via a server where Microsoft listens in on your calls.
On the state of #IPv6, well worth the long read
> Silicon abundance has enabled a few select content and service operators to privatise much of the former public communications platform, and in so doing they have managed to shrink the public Internet to a set of margins at the edges. That implies that the answer to the IPv6 transition question may soon be: “Who cares anyway?”
After adding a new penguin to my zoo and moving around a few services, I had the need to re-route HTTPS traffic to a different host for doing all the SSL handling (which would then send a request back – but via HTTP on a different port). The simplest way to do this is to use the built-in capabilities of the default packet filter. In my case this is nftables.
A quick search brought up Jens Depuydt’s very detailed post. It’s easy to follow and after some tweaking I ended up running these commands to setup my forwarding:
# sudo nft flush ruleset# sudo nft add table nat# sudo nft 'add chain nat prerouting { type nat hook prerouting priority -100 ; }'# sudo nft 'add rule nat prerouting ip daddr 192.168.0.XXX tcp dport { 443 } dnat 192.168.0.YYY:443'(Masquerading messed with Docker containers on that system not being able to reach external destinations properly. And it wasn’t needed for my use-case anyways.)
Due to Docker being installed on that host, my net.ipv4.ip_forward value was already set to 1.
After verifying that the forwarding works as expected, it was time to make this config permanent. There were already a few lines in my /etc/nftables.conf, so I’ve decided to append this new config by running:
# sudo nft list ruleset | sudo tee -a /etc/nftables.confAnd, finally, I needed to enable the nftables service so the config is properly read and applied at bootup:
# sudo systemctl enable nftablesAfter a proper reboot (and getting a bit nervous because Docker took its bloody time to start) everything was still working as expected – including the new port forwarding.
https://blog.mbirth.uk/2024/10/24/simple-port-forwarding-using-nftables.html