Sunday, July 20, 2025

prosody and mod_groups

I spent some time trying to make mod_groups to work in prosody and the problem was that it must reside under VirtualHost It sounds oblivious, but no place where is is written.

Tuesday, July 8, 2025

NAT port redirections vs TCP tunnel with socat: the difference

There is a difference in making TCP port redirection via iptables/nftables/pf firewall NAT and via a dedicated TCP tunnel process, such as socat.
Let's say we face the setup -- firewall A, server B, and -- server B has a defaultroute elsewhere, not via firewall A In case of tcp tube, the connection from a firewall goes via socat with the source address of LAN of the firewall. Server B sees A's LAN address and sends data back there happily.
In case of nat redirection, the connection via filewall A comes from external addresses to server B, and it replies to that external address via server's B defaultroute (and in case it is elsewhere this connection cannot be established: even it sends packets to the source, they are coming from another IP).
I wish there had been someone several years ago that could explain that to me ;-)