Not to be that guy, but Mint might not be the best choice for gaming anyway considering they are usually on fairly old builds of Kernel, Drivers, and Mesa (if applicable), and as you can tell also sometimes tend to mess with things in unexpected ways.
I have a small Linux problem.
Iām wondering if there is a way to get the correct IP address behind a NAT. My current setup works like this; My host computer has a public IPv4(e.g. 37.221.192.52) address and some LXC containers on a default LXC bridge network(masqueraded bridge, 10.0.3.0/24).
In one of those containers I host my Webserver, which works great.
I add a āport forwardā using iptables: iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to 10.0.3.189:80
Now my only problem is that the web server does not get the correct IP for itās access log. But I would like it to, for log analysis including banning misbehaving IP(-ranges).
Is there a neat way to fix this other than running a web proxy on the host just for logging(that would kind of ignores the privilege separation between the container and host)?
If itās relevant, both guest and host are Debian 10. Iām currently redoing the hosting for my website and other services and testing the new setup in a VM. I can provide the automated setup scripts for the host and containers if needed.
I was unable to load a kernel image from grub with the listed commands. I kept trying to āsetā variables, as well, but that did not help either (each partition was a different type of file system. H0 was ext2, H1 was ext3, etc). After reboot, I was forced back into grub terminal.
I believe it does not have a kernel image present.
Iām going to try a new install & see what happens.
Thereās no way a system (or container) behind a NAT can tell the true origins of traffic without help from outside. You could either have the system doing the NATāing tell it, typically with proxying and an x-forwarded-for header. But you could also transmit the NAT IP log info from the host with the real IP (see: netstat-nat) into the container somehow, and match things up in an ad-hoc matter that way. Maybe the container listens on a port, and the NAT box streams current IP translation tables to it?
I donāt know if itās possible to have iptables add an x-forwarded-for or similar information to HTTP requests instead of using an actual proxy, but I know itās certainly not possible with HTTPS/TLS/SSL, and as thatās the way the web is going, you should get comfortable with the use of HA-Proxy.
If you are using POSIX-compliant C then you should be able to do this:
printf(" foo1: %1$s \n foo2: %1$s \n ", "bar")
Whereas % populates in order, %1$ takes the first argument, %2$ takes the second, and so-on.
$ man 3 printf on a Ubuntu box reveals:
By default, the arguments are used in the order given,
where each '*' (see Field width and Precision below) and each conversion
specifier asks for the next argument (and it is an error if insufficiently
many arguments are given). One can also specify explicitly which argument
is taken, at each place where an argument is required, by writing "%m$"
instead of '%' and "*m$" instead of '*', where the decimal integer m
denotes the position in the argument list of the desired argument, indexed
starting from 1. Thus,
printf("%*d", width, num);
and
printf("%2$*1$d", width, num);
are equivalent. The second style allows repeated references to the same
argument. The C99 standard does not include the style using '$', which
comes from the Single UNIX Specification.
I was going to need a proxy webserver anyway(reverse proxy for e.g. gitea/minecraft dynamp etc. running in different containers without their own SSL certificates), but for privilege separation and administration reasons Iād like it to run in a container(I donāt want any network listeners on the host except for SSH).
I was hoping maybe it would be possible to ātagā the packages somehow(like VLANs, but with origin IPās) using iptables/something.
Would something like hosting my web server VM behind a SOCKS proxy be possible? Iām not sure how SOCKS deals with listening sockets, but I was planning on adding wireguard/other VPN to that container bridge anyway for easy administration access. Iāve never used SOCKS for something like this.
I feel like the setup Iām running canāt be that uncommon. Does somebody here use such a setup?
Anyway, for know Iāll just have to host a proxy on the host. I guess weāre all screwed anyway if there is an nginx/apache2 RCE.
Ignore what I said, Iām just stupid. Donāt you love it when your problem turns out to be you? I mixed up the VMās with my test setup (not in a VM) on the hostā¦ It worked all along. Iām just stupid. In my defense, SSH aliases are dangerous.
Worst part is, Iāve been using this setup the entire time, and just didnāt care to check the (fully working) logs on my actual web server running basically the same setup(Using LXD instead of LXC).
Hi all, I have an issue that I canāt find any fixes for.
After upgrading to a 3440x1440, 144Hz monitor, I canāt set the refresh rate beyond 100Hz in Manjaro (KDE). Iām connected via DisplayPort 1.4, and 144Hz works in Windows.
I rather like Linux Mint. TBH, if I could just get rid of the stupid apt search formatting, itād be perfect. That or if I could install Ubuntu from CLI like I can Arch so that I can customize my installation. I also have an Nvidia card, but Iād like to move over to Radeon if/when availability is good enough to drive the price down. As for the Kernel Build, itās on 5.4.0-70-generic which isnāt that old. The newest LTS release is 5.10; so reason tells me this is probably one LTS behind that. That being said, firmware isnāt that much of an issue to me since firmware is dependent upon the kernel.
At any rate, i found a perfect DDG search query that helped me find a solution of the problem: fix apt search formatting in linux mint; which lead me to APT search output format - Linux Mint Forums.
Just FYI: debootstrap --arch=amd64 xenial /install/dir http://archive.ubuntu.com/ubuntu/ (man debootstrap)
If youāre scripting the package search, try apt-cache search <package name>. (man apt-cache)
If youāre missing firmware, make sure you have firmware-linux-nonfree installed(you might need to enable the contrib and non-free package sources)
Iām confused as to why youāre telling me this because I never complained about missing firmware. Also apt-cache is deprecated and my first Linux distro was Debian in 2016.
apt is the suggested tool for end users manually doing things with packages. But it is just a wrapper on top of apt-get, apt-cache, etc. So the lower level commands will still exist, and should be used for scripting, but they have an easier to use alternative now.
Could someone help me figure out how to prevent a package from being updated in Pop OS? I have a friend who needs a really old NVidia driver, and Pop OS keeps wanting to update it as part of the Operating System Updates in the Pop Shop.
To help walk him through what I thought would work, I tested using Synaptic to lock a package, but the Pop Shop will ignore these and updates the package.
I also tried apt-mark hold on a package, and the Pop Shop will still update that package as well.
Iāve never had to do this before, so Iām just trying things Iāve found in DuckDuckGo thus far.
Is there a simple/quick way to lock packages from updating?