Skip to content

Instantly share code, notes, and snippets.

@NiceRath
NiceRath / nftables_tproxy_example.nft
Last active November 10, 2024 19:46
NFTables TPROXY - proxy input and output
#!/usr/sbin/nft -f
# see also:
# https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks
# https://docs.kernel.org/networking/tproxy.html
# https://powerdns.org/tproxydoc/tproxy.md.html
# http://git.netfilter.org/nftables/commit/?id=2be1d52644cf77bb2634fb504a265da480c5e901
# http://wiki.squid-cache.org/Features/Tproxy4
# https://serverfault.com/questions/1052717/how-to-translate-ip-route-add-local-0-0-0-0-0-dev-lo-table-100-to-systemd-netw
# https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/net/netfilter/nft_tproxy.c
@acj
acj / microk8s_in_lxc.md
Last active November 2, 2024 09:03
Installing microk8s in an LXC container

Installing microk8s in an LXC container

I wanted to run Microk8s on a Proxmox 6 host inside of an LXC container. These are my notes from the journey.

  1. Create a privileged LXC container through the Proxmox web interface
  • Enable nesting and FUSE
    • In Proxmox UI, select container, then Options > Features > Check nesting and FUSE boxes
  1. SSH into the Proxmox host and edit the container's config in /etc/pve/lxc/.conf
    • Add the following lines
  • lxc.apparmor.profile: unconfined