Monthly Archives: November 2014

iptables SNAT vs MASQUERADE

Posted by on November 25, 2014 No comments

What is a difference and why should we use SNAT instead of MASQUERADE.

According to official documentation:

There is a specialized case of Source NAT called masquerading: it should only be used for dynamically-assigned IP addresses, such as standard dialups (for static IP addresses, use SNAT above).

With SNAT, the kernel’s connection tracking keeps track of all the connections when the interface is taken down and brought back up. For the MASQUERADE target connection will be lost.

With MASQUERADE some issues can occur if your have more than one ip on outgoing interface.

With MASQUERADE kernel determine nat outgoing ip address for every connection (it looks for interface IP) it`s rather expensive operation.

But in 99.99% cases MASQUERADE is o.k.

I Use following iptables construction to nat rear outgoing SMTP connections. (postfix started at physical server, and lxc containers relay mail to base system via ssmtp or nullmailer).

/sbin/iptables -t nat -A POSTROUTING -s 10.2.1.254/32  -o eth0 -j MASQUERADE

It`s universal chain, works great at number of servers, and you should not determine outgoing interface address. (as for -j SNAT –to-source X.X.X.X)

bind GENERATE and CDN

Posted by on November 10, 2014 No comments

In our advertising network we use landing page with great number of images.

And previous team use domain static.OURDOMAIN.net for CDN. But modern browsers open from 4 to 6 simultaneous connections to one domain name. So it takes huge ammount of time to load all page.

i.e. 4 images start loading, browser waits for 1 image load complete, next image loading.
Damn not good and extremely slow 🙂
so use force Luke:

bind zone:

$GENERATE 1-64 static$      IN  A   1.1.1.1     ;s7
$GENERATE 1-64 static$      IN  A   2.2.2.2     ;sgr1
$GENERATE 1-64 static$      IN  A   3.3.3.3     ;sf6
$GENERATE 1-64 static$      IN  A   4.4.4.4     ;sf31

And Use something like http://static.’random(1-64)’.OURDOMAIN.net/IMAGE.PNG in application code.

We significantly speed up page loading. (up to 3 times).

my OsX bash .profile

Posted by on November 3, 2014 No comments

Just to remember. I add some locale settings to avoid ????? instead of letters in console Unicode programms (such as MC)

# MacPorts Installer addition on 2013-01-22_at_14:43:51: adding an appropriate PATH variable for use with MacPorts.
export PATH=/opt/local/bin:/opt/local/sbin:$PATH
# Finished adapting your PATH environment variable for use with MacPorts.

HISTCONTROL=ignoredups:ignorespace

# for setting history length see HISTSIZE and HISTFILESIZE in bash
HISTSIZE=2500
HISTFILESIZE=5000

export LANG=en_US.UTF-8
export LANGUAGE=en_US.UTF-8
export LC_MESSAGES=POSIX
export LC_ALL=en_US.UTF-8

export editor=/usr/bin/vim

export PS1='\[\e]0;\u@\h: \w\a\]\[\033[01;31m\]\u\[\033[01;33m\]@\[\033[01;36m\]\h \[\033[01;33m\]\w \[\033[01;35m\]\$ \[\033[00m\]'

export force_color_prompt=yes
export HISTTIMEFORMAT="%h/%d - %H:%M:%S "

    #color ls
    alias ls='ls -G'
    alias grep='grep --color=auto'
    alias fgrep='fgrep --color=auto'
    alias egrep='egrep --color=auto'
 
    alias ll='ls -alF'
    alias la='ls -A'
    alias l='ls -CF'