Archive for the ‘Uncategorized’ category

How to route a docker container’s traffic through a Wireguard container

December 3rd, 2021

This seemed really difficult to find all of the information in one place on how to properly configure this setup. Here’s what my compose file looks like to make this happen:

version: "3"
image: linuxserver/wireguard
container_name: wireguard-torguard
restart: unless-stopped
- '/etc/WireguardData/config:/config'
- '/etc/WireguardData/lib/modules:/lib/modules:ro'
- PUID=1003
- PGID=1004
- net.ipv4.conf.all.src_valid_mark=1
- "8080:8080" #qBittorrent

container_name: qbittorrent
- wireguard-torguard
network_mode: service:wireguard-torguard
# - 6881:6881
# - 6881:6881/udp
# - 8080:8080
- PUID=987
- PGID=1001
- TZ=America/Chicago
- /mnt/QBittorrentData:/config
- /mnt/Torrents/Completed:/downloads
- /mnt/Torrents/Downloading:/incomplete
- /etc/localtime:/etc/localtime:ro
restart: unless-stopped


Add the following to wg0.conf for your Wireguard container if you want to make port 8080 accessible on your LAN (you probably do):

PostUp = DROUTE=$(ip route | grep default | awk ‘{print $3}’); HOMENET=; HOMENET2=; HOMENET3=; ip route add $HOMENET3 via $DROUTE;ip route add $HOMENET2 via $DROUTE; ip route add $HOMENET via $DROUTE;iptables -I OUTPUT -d $HOMENET -j ACCEPT;iptables -A OUTPUT -d $HOMENET2 -j ACCEPT; iptables -A OUTPUT -d $HOMENET3 -j ACCEPT; iptables -A OUTPUT ! -o %i -m mark ! –mark $(wg show %i fwmark) -m addrtype ! –dst-type LOCAL -j REJECT

PreDown = HOMENET=; HOMENET2=; HOMENET3=; ip route del $HOMENET3 via $DROUTE;ip route del $HOMENET2 via $DROUTE; ip route del $HOMENET via $DROUTE; iptables -D OUTPUT ! -o %i -m mark ! –mark $(wg show %i fwmark) -m addrtype ! –dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPT; iptables -D OUTPUT -d $HOMENET2 -j ACCEPT; iptables -D OUTPUT -d $HOMENET3 -j ACCEPT

Postfix round-robin outgoing IP address the easy way

January 29th, 2016

Needed to add a second IP to my single Postfix instance and have it round-robin which IP address it sends from. Not so much for load balancing (both addresses are on the same physical server after all), but to avoid getting blocked by ISP’s from the large amount of mail being sent from one of my servers.

Through some searching, trial, and error, found out that this is really easy to do with iptables SNAT rules:

-A POSTROUTING -o eth0 -p tcp -m state –state NEW -m tcp –dport 25 -m statistic –mode nth –every 2 –packet 1 -j SNAT –to-source
-A POSTROUTING -o eth0 -p tcp -m state –state NEW -m tcp –dport 25 -m statistic –mode nth –every 2 –packet 0 -j SNAT –to-source

What this tells it to do is for every packet with a destination of port 25, rewrite the source IP to be either or, depending on which count you are at.

No Postfix configuration changes necessary at all!

Windows, PHP, and Image Magick “side-by-side configuration error”

September 18th, 2015

What a pain!

In order to get past this error you have to install the Microsoft Visual C++ 2008 Redistributable Package x86. Even if you have a 64bit Windows install, Image Magick requires the 32bit package.

My awesome Steambox / Big Picture setup

August 1st, 2015

This is to help document my Steambox / Steam Big Picture setup. I invested a lot of research and energy into getting this guy going 🙂

Main Hardware:
Intel Core i7-4770K
GTX 960
Windows 7 x64

What I have going on:
TV is configured on HDMI 3 to receive input from my gaming PC as a third monitor. Gaming PC is in my office, TV is in my den. In order to “start gaming” you set the TV to HDMI 3, hit Back + A on the wireless Xbox controller to enable the third monitor, then hold down the Xbox middle button for 5 seconds to launch Steam. It’s now gaming time, all without touching the PC’s keyboard or mouse, or configuring anything manually!

Required additional hardware purchases (for me):

Required software:

  • Ice – Allows you to include Emulators and ROMs into your Steam Big Picture. Super helpful for one-click launching of ROMs. (
  • AutoHotKey – I created hotkey combos to do things such as expand and (un?)expand my desktop to my TV, enable the sound output to go over HDMI to the TV, etc. (
  • JoyToKey – I mapped several key combos from my XBox controller to my keyboard. I then mapped those same keyboard keys to actions in AutoHotKey. The result? I can now press button combos on the controller and have it expand my desktop to my PC without me ever having to touch the keyboard! Cool stuff! (
  • EndPointController – This allows you to control your sound output via CLI. I use this in conjunction with JoyToKey and AutoHotKey to change my playback device in Windows to the HDMI device automatically. (
  • NoMousy – This hides the mouse cursor via CLI. Very useful for keeping the mouse cursor out of the middle of the TV.

Software configuration:

  • Ice – Here is an example of how to configure the emulator launching for Wii: emulators.txt
  • AutoHotKey – Here are the hotkey configuration and batch files I am using for enabling / disabling my TV as a third monitor. I am also enabling/disabling the HDMI auto output as the default audio output, and hiding/unhiding the mouse cursor: GameOff.ahk GameOff.bat GameOn.ahk GameOn.bat
  • JoyToKey – Here’s the mapping I am using for Xbox controller-to-Keyboard mapping. AutoHotKey then picks up the keyboard keys and runs your scripts. I also included ExitCombination.cfg which allows you to press Back and Start at the same time on the Xbox Controller to exit out of Dolphin (the Wii emulator): JoyToKey.ini ExitCombination1.cfg
  • EndPointcontroller – No configuration for this one, the batch scripts that AutoHotKey executes uses it.
  • NoMousy – No configuration for this one either, the batch scripts that AutoHotKey executes uses it.

Upgrading Xtables problems

July 13th, 2015

If you are receiving the error “compat_xtables.c:633: error: too few arguments to function ‘ipv6_find_hdr’” when attempting to reinstall Xtables, comment out “#define CONFIG_IP6_NF_IPTABLES_MODULE 1” in /usr/src/kernels/2.6.32-504*/include/linux/autoconf.h and retry your ./configure; make; make install

UAuto v1

September 4th, 2014

After quite a bit of searching and trial and error, I was unhappy with the programs out there for automatically extracting rar files that are downloaded through utorrent, and/or sending emails when the downloads are complete. So, I made my own that can do both much more easily!

Please feel free to try UAuto out and let me know your thoughts. Be sure to edit the finished.bat, email_alert.bat, and email_alert_error.bat files and set the correct options for your system.

To configure this script to run in Utorrent when a download finishes, edit the “Run Program” preferences:


Download link below!
Download UAuto.rar

iptables + geoip blocking

March 31st, 2013

How to setup iptables on CentOS 6 to easily ACCEPT/DENY based on source country:

yum install gcc gcc-c++ make automake unzip zip xz kernel-devel-`uname -r` iptables-devel perl-Text-CSV_XS


tar xvf xtables*; cd xtables*; ./configure; make; make install

cd geoip/


./xt_geoip_build GeoIPCountryWhois.csv

mkdir -p /usr/share/xt_geoip/

cp -r {BE,LE} /usr/share/xt_geoip/

Test it like this:
iptables -I INPUT -m geoip –src-cc CN -j DROP

Windows 2008 R2 service + Mezzmo

December 3rd, 2012

Here’s how to get Mezzmo to work in Windows 2008 R2 under a normal user account (and not request admin permissions when starting/stopping a service)

1) Get subinacl here:
2) Run the following to grant your normal user account perms to start/stop/query the service: subinacl /service SERVICE_NAME /grant=COMPUTER_NAME\USERNAME=TOP
Ex: subinacl /service “\\MEDIA-SERVER\Mezzmo” /grant=\\MEDIA-SERVER\MEDIA=TOP

3) Extract patched Mezzmo files to install folder for Mezzmo (Ask Conceiva for the patched files)
4) Done!

WDTV + CIFS share on Window Server 2003

November 10th, 2012

Had an issue where my wdtv wouldn’t see any network shares – didn’t even show any servers as available. Enabling the “Computer Browser” service on my media server corrected the problem 🙂

Postfix + Dovecot + Multiple IP addresses and SSL certificates

July 29th, 2012

I recently had the privilege of needing to setup a completely new domain on a Postfix+Dovecot mail server, along with its own IP and custom SSL certificates depending on which IP you connected to.

Here’s how to do it for Dovecot + Postfix:

Dovecot (2.0+):
* Replace and with your two separate IP addresses on the same server
* Note that dovecot still requires a master ssl_cert and ssl_key, so don’t remove these.


local {
ssl_cert = Postfix:
* Remove smtpd_tls_key_file and smtpd_tls_cert_file from
* Add separate master instances for each IP in like so: inet n – n – – smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_key_file=/etc/postfix/domain1.key -o smtpd_tls_cert_file=/etc/postfix/domain1.crt inet n – n – – smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_key_file=/etc/postfix/domain1.key -o smtpd_tls_cert_file=/etc/postfix/domain1.crt inet n – n – – smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_key_file=/etc/postfix/domain2.key -o smtpd_tls_cert_file=/etc/postfix/domain2.crt inet n – n – – smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_key_file=/etc/postfix/domain2.key -o smtpd_tls_cert_file=/etc/postfix/domain2.crt

You can also add different SMTP banner greetings in postfix depending on which IP gets connected to. Just add -o on the end of each above line.

Outgoing Mail
If you want to also have mail that is sent from your new domain to leave the mail server utilizing the new IP, you need to utilize Postfix’s “sender_dependent_default_transport_maps” feature. One way of doing this is:

* Add to the top of your
new_domain unix – – n – – smtp -o -o

* Add to the bottom of
sender_dependent_default_transport_maps = hash:/etc/postfix/dependent

* Create a new file named “dependent” in /etc/postfix and inside of it add: new_domain

* Then hash it with postmap and reload Postfix.