💾 Archived View for moonbootlabs.net › allie › log › 2020-10-24.gmi captured on 2020-11-07 at 01:03:45. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
So this is my first blog (glog?) entry within geminispace. I don't necessarily know what I'm doing or if anybody will find anything I say useful, but I figured I'd give it a go and see what happens.
I ran into some interesting issues trying to get this running. While it should be crazy simple, the fact that the software I set up (shavit) listens on localhost by default caused me way more trouble than I'd like to admit. By default it seems to bind to localhost. That's totally not a problem, except when you can't figure out why iptables and DNAT rules don't seem to forward an external port to the local port. I fought with this for an hour or so, completely stumped, until learning about the route_localnet sysctl option.
I've been using iptables for years and years, but apparently I haven't forwarded any external ports to services listening on localhost in a long, long time. It seems sometime in the 3.x branch of the Linux kernel (maybe 3.6? I don't wanna go look it back up right now) they introduced this option and otherwise treat packets originating from localhost as martian packets. So if you want to be able to forward ports to localhost, the option has to be enabled for the interface whose packets you're forwarding. Talk about feeling silly when I didn't even realize that option existed, but I guess it's just never come up.
I do think this is somewhat indicative of the whole systems administration field. So much stuff changes so quickly at times, but you also run into situations where new things have been created/released/implemented ages ago that you've never even heard of because you simply hadn't yet had a need for them.