Archive for the ‘Internet’ Category
Sunday, November 16th, 2008
It is a lot easier than you think.
OpenSSH, which can only be described as the best utility of all time, is quite a versatile tool one feature people use frequently is port forwarding. This allows you to open a port on your computer that forwards the data over the SSH connection to the destination you specify, very useful when needing access to the an intranet web server when you don’t have a proper VPN set up for example. However, SSH can also do this in reverse! It opens a listening port up on the remote machine which then relays data to the destination you specify. For example you can SSH into a remote host and get SSH to open a port on that host which relays data back to the SSH port on the machine you are connection from, thereby allowing SSH access to a machine where it would normally be impossible.
A practical example:
chris@ktulu:~$ ssh sandman.cs278.org -R 2222:localhost:22
This connects to the server sandman.cs278.org and opens port 2222 which forwards traffic to localhost:22 (localhost is the machine I am connecting from). Once logged into the server I can do this:
chris@sandman:~$ ssh localhost -p 2222
Which opens a connection back to the remote machine.
Tags: firewall, howto, ssh
Posted in Internet, Linux, Security | No Comments »
Saturday, January 12th, 2008
After my recent break in I have looked into ways of protecting SSH and my server resources. I employ fail2ban on my main server, it has the resources to run such a programme – my Linksys NSLU2’s however do not. The solution is to use iptables to limit the number of connections any host can make in a given time frame. I wrote up a quick how to on this over at my wiki. Enjoy.
Tags: howto, iptables, kernel, Security, ssh
Posted in Debian, Internet, Linux, Security, Ubuntu | 1 Comment »
Thursday, January 10th, 2008
So today I come to you with a confession, I discovered one of my boxen had been successfully attacked and the attacker had by the looks of things used it for launching DDoS attacks. I feel particularly stupid because the entire thing was my fault, I left the root password as root. Although I must stress I didn’t set it to this, I was using a pre-build debian install because the d-i installer was broken under arm and forgot to change the root password to something a little more secure.
Tags: confession, Debian, hacked
Posted in Debian, Internet, Network | 2 Comments »
Thursday, November 29th, 2007
Ekiga is a VoIP client for GNOME. I recently registered with SIPGate.co.uk as I am planning to have a go at setting up Asterisk sometime in the near future. Sadly it wasn’t a well documented process and after searching Google, SIPGate’s website and Ubuntu Forums for help I found some tips on debugging Ekiga. Armed with this knowledge ekiga --debug=[1-6] I managed to discover the required ports for successful NAT traversal. They are as follows:
- 5060 – 5100/udp
- 8000 – 8012/udp
- 5004/udp
- 10000/udp
- 3478 – 3497/udp
- 3478 – 3497/tcp
- 1720/udp
- 30000 – 30010/tcp
I am sure they could be refined and there maybe some that are unnecessary but it Works or Me™, use them at your own risk.
Tags: ekiga, networking, problems, voip
Posted in Internet, Linux, Network | No Comments »
Thursday, November 29th, 2007
So, this is the second time I have tried to address the problem I was getting with some Subversion repositories I was trying to configure to be served by Apache. I was trying to use the SVNPath directive to serve one repository but it was not having any of it, so instead I ended up serving them as a temporary measure using SVNParentPath in the format http://svn.example.com/~name/repos/ which is not what I wanted. I am using the Location container in Apache configuration to configure up my repositories, the path I had specified was /~name/. This is where the problem comes in, I would try to checkout the repository over the network and be greeted with a 405 Method Not Allowed error like so:
svn: PROPFIND request failed on '/~name'
svn: PROPFIND of '/~name': 405 Method Not Allowed (http://svn.example.com)
This stuck me as odd, it seemed the Apache was not serving the repository URI using the WebDAV module. When I gave up on an earlier attempt I reverted to using SVNParentPath and accessing the repository over the URI http://svn.example.com/~name/repos/ which worked perfectly and I couldn’t spot why. Turns out I made a single character mistake, my Apache configuration was set to use the path of /~name/ I should have used /~name because SVN truncates the trailing slash even if you specify it on the command line. Bugger!
Tags: apache, errors, Network, problems, Subversion
Posted in Internet, Linux, Network, Subversion | No Comments »
Thursday, November 22nd, 2007
Thunderbird’s default sorting is the wrong way around, IMHO. This has always annoyed me, I found out how to reverse it.
Tags: thunderbird
Posted in Internet, Linux, Windows | No Comments »
Wednesday, November 14th, 2007
Posted in Humour, Internet, Music, Videos | No Comments »
Friday, October 26th, 2007
So for ages I have been using Thunderbird combined with server side mail sorting, what has been annoying me for a year or so is that Thunderbird only checks the Inbox folder. I had to manually check all the others and that got a little tedious, fortunately I discovered how to get around this.
The trick is to open the configuration editor (Edit -> Preferences -> Advanced) and set the mail.check_all_imap_folders_for_new preference to true. Bingo!
Posted in Internet, Linux, Windows | No Comments »
Sunday, July 15th, 2007
I have been playing with packaging for Ubuntu and Debian for a while now and I have one fairly useful package called rsnapshot-scripts which contains a bunch of scripts for use with rsnapshot. It allows you to backup other data sources like MySQL, DPKG and Subversion.
Posted in Debian, Internet, Ubuntu | No Comments »
Friday, May 25th, 2007
So how do I get Postfix to verify and sign messages with the DKIM system, under Debian? Here is how.
- First we need to install the dependencies.
$ sudo aptitude install libdigest-sha{,1}-perl libemail-{address,mime-encodings}-perl libnet-{dns,server}-perl libcrypt-openssl-rsa-perl liberror-perl make libmailtools-perl
-
$ sudo cpan install Mail::DKIM
-
$ perl Makefile.PL
$ make
$ make install
-
$ ./configure --prefix=/usr/local
$ make install
-
$ sudo adduser --system --shell /bin/false --home /var/run/dkimproxy --group dkimproxy
-
$ sudo mkdir /etc/dkimproxy/
$ cd /etc/dkimproxy/
$ sudo openssl genrsa -out private.key 1024
$ sudo openssl rsa -in private.key -pubout -out public.key
$ sudo chown -R root:dkimproxy .
$ sudo chmod -R a=,u=rwX,g=rX,o=rX .
$ sudo chmod o= private.key
Sorry, this solution will not run nicely on my NSLU2 so I have abandoned the rest of this documentation – it should help you somewhat though, hence I am publishing it anyway.
Posted in Debian, Internet, Network | 2 Comments »
