Thanks !

Gotta punch holes in the screen and hammer the keyboard a bit haha. But remember friends, Hardware is forever.

Easy, become a Magnetic Nymph today !

The real answer here.

endlessh was pretty cool and a more modern version is even better ! I’ll give it a shot !

On a side note, I found a way to trap HTTP connections too while working on my cyb.farm project. The go implementation is ridiculously simple: tarpit.go. It works by providing an endless stream of custom headers to the client, which it is supposed to ingest before getting to the content itself.

I didn’t come up with this idea myself, this is straight from OpenBSD disk setup guide (which I personally trust as a good source of info) :

Encrypting External Disks

This section explains how to set up a cryptographic softraid volume for an external USB drive. An outline of the steps is as follows:

• Overwrite the drive’s contents with random data

[…]

# dd if=/dev/urandom of=/dev/rsd3c bs=1m

/usr/share/language/pack/français: Permission refusée

Well as I see it, it will just do a lot of write operations to your disk, which might eventually damage it if you do it a lot (just like any write operation done on a disk). However, this specific command isn’t bad per se, and is even technically a good thing to do for preparing to full disk encryption.

sudo cat is pointless here, better do

</dev/urandom sudo tee /dev/sd*

As a bonus it’ll scramble your terminal 💪

Not with busybox’s rm 🤘

Nevermind I figured it out, you gotta use sudo for it to work properly !

Nevermind I figured what went wrong, I mistyped it initially ! It would have been much easier to copy paste it if it wasn’t a picture…

Fun fact, the command displays a nice cat picture in ASCII :)

Edit: screenshot

I just tried your command and it yields a lot of Permission denied. Is it expected or your command is incomplete ?

I tried but got an error:

:& : Command not found

Is it expected ? Did I type something wrong ? I’m confused…

Just like stabbing yourself if the eye is better with a fork than with a rusty fork.

pf gang rise up !

Keeping the source IP intact means you’ll have troubles routing back the traffic through host B.

Basically host A won’t be able to access the internet without going through B, which could not be what you want.

Here’s how it works:

On host A:

• add a /32 route to host B public IP through your local ISP gateway (eg. 192.168.1.1)
• setup a wireguard tunnel between A and B
• host A: 172.17.0.1/30
• host B: 172.17.0.2/30
• add a default route to host B wireguard IP

On host B:

• setup wireguard (same config)
• add PAT rules to the firewall so to DNAT incoming requests on the ports you need to 172.17.0.1
• add an SNAT masquerade rule so all outbound request from 172.17.0.1 are NATed with host B public address.

This should do what you need. However, if I may comment it out, I’d say you should give up on carrying the source IP address down to host A. This setup I described is clunky and can fail in many ways. Also I can see no benefits of doing that besides having “pretty logs” on host A. If you really need good logs, I’d suggest setting up a good reverse proxy on host B and forwarding it’s logs to a collector on host A.

OpenBSD is the most pleasing expérience I’ve had with an OS. It’s fully contained and has all the tools you need without needing to install anything (eg a DNS, HTTP, SMTP servers, a proxy, a good firewall). All config files look alike and use the same keywords for the same things, making it straightforward to configure everything.

And regarding RAID 1, I’ve never done it myself, but it totally works out of the box (as well as full disk encryption).

OpenBSD for all of them.

One could argue that people who say PHP is fine only suffer Stockholm syndrome !

Okay, good to know. I guess using a shared system remotely overseas doesn’t help with fast loading times ^^