Posts Tagged ‘port’
Sunday, July 29th, 2012
A friend of mine (Dido) who is learning C programming, has written a tiny chat server / client (peer to peer) program in C. His program is a very good learning curve for anyone desiring to learn basic C socket programming.
The program is writen in a way so it can be easily modified to work over UDP protocol with code:
struct sockaddr_in a;
a_sin_family=AF_INET;
a_sin_socktype=SOCK_DGRAM;
Here are links to the code of the Chat server/client progs:
Tiny C Chat Server Client source code
Tiny C Chat Client source code
To Use the client/server compile on the server host tiny-chat-serer-client.c with:
$ cc -o tiny-chat-server tiny-chat-server.c
Then on the client host compile the client;
$ cc -o tiny-chat-client tiny-chat-client.c
On the server host tiny-chat-server should be ran with port as argument, e.g. ;
$ ./tiny-chat-server 8888
To chat with the person running tiny-chat-server the compiled server should be invoked with:
$ ./tiny-chat-client 123.123.123.123 8888
123.123.123.123 is the IP address of the host, where tiny-chat-server is executed.
The chat/server C programs are actually a primitive very raw version of talk.
The programs are in a very basic stage, there are no condition checks for incorrectly passed arguments and with wrongly passed arguments it segfaults. Still for C beginners its useful …
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
Tags: Auto, c programming, c programs, c socket programming, chat client, chat server, checks, client, client host, client server, client source code, codeTo, cThen, curve, dido, Draft, family, ip address, learning c, learning curve, mine, minimalistic, peer to peer program, person, port, program, programming, Protocol, raw version, server c, server client, server host, sockaddr, Socket, socktype, stage, struct, struct sockaddr, Tiny, tiny c, UDP, version, way, writen
Posted in Programming | No Comments »
Friday, December 30th, 2011
Earlier I've blogged about how to prevent brute force attacks with fail2ban, denohosts and blockhosts , however there is easier way to secure against basic brute force attacks by not installing or configuring any external programs.
The way I'm talking about uses simple iptables rules to filter out brute force attacks.
Here is a small script to stop ssh and FTP invaders which try to initiate more than 3 consequential connections in 5 minutes time to port 22 or port 23:
SERVER_MAIN_IP='AAA.BBB.CCC.DDD';/sbin/iptables -N SSH_WHITELIST
/sbin/iptables -A INPUT -p tcp --dport 22 --syn -m recent --name sshbr --set
/sbin/iptables -A INPUT -p tcp --dport 22 --syn -j SSH_WHITELIST
/sbin/iptables -A INPUT -p tcp --dport 22 --syn -m recent --name sshbr \
--update --rttl --hitcount 3 --seconds 300 -j REJECT --reject-with tcp-reset
/sbin/iptables -A SSH_WHITELIST -s $SERVER_MAIN_IP -p tcp --dport 22 --syn -m recent --rttl --remove
The only thinIf the rules are matched iptables filter rules will be added to the iptables CHAIN SSH_WHITELIST
In case if you want to add some more truested IPs add some more iptables rules, like:
ALLOW_IP='BBB.CCC.DDD.EEE';
/sbin/iptables -A SSH_WHITELIST -s $ALLOW_IP -p tcp --dport 22 --syn -m recent --rttl --remove
Each filtered IP that matches the rules will be filtered for 5 minutes, if 5 minutes is enough, the 300 value has to be increased.
Tags: AAA, ALLOW, BBB, blogged, brute force, CCC, ddd, dport, EEE, filter rules, INPUT, ips, iptables, Linux, Main, name, nbsp, port, port 22, port 23, removeEach, sbin, server, ssh, sshbr, SYN, time, value, way, whitelist
Posted in Computer Security, Linux, System Administration | 2 Comments »
Saturday, November 26th, 2011
SSH tunneling allows to send and receive traffic using a dedicated port. Using an ssh traffic can have many reasons one most common usage reason is to protect the traffic from a host to a remote server or to access port numbers which are by other means blocked by firewall, e.g.: (get around firewall filtering)
SSH tunneling works only with TCP traffic. The way to make ssh tunnel is with cmds:
host:/root# ssh -L localhost:deshost:destport username@remote-server.net
host:/root# ssh -R restport:desthost:localport username@remote-server.net
host:/root# ssh -X username@remote-server.net
This command will make ssh to bind a port on localhost of the host host:/root# machine to the host desthost:destport (destination host : destinationport). Important to say deshost is the host destination visible from the remote-server.net therefore if the connection is originating from remote-server.net this means desthost will be localhost.
Mutiple ssh tunnels to multiple ports using the above example commands is possible. Here is one example of ssh tunneling
Let's say its necessery to access an FTP port (21) and an http port (80), listening on remote-server.net In that case desthost will be localhost , we can use locally the port (8080) insetad of 80, so it will be no necessery to make the ssh tunnel with root (admin privileges). After the ssh session gets opened both services will be accessible on the local ports.
host:/home/user$ ssh -L 21:localhost:21 -L 8080:localhost:80 user@remote-server.net
That's all enjoy 
Tags: command, connection, deshost, destination host, destport, firewall, Ftp, ftp port, home, host, host host, host root, Important, localhost, machine, Mutiple, necessery, nethost, netThat, port, port 8080, port numbers, ports, Privileges, reason, remote server, restport, root, root admin, ssh, ssh session, ssh tunneling, traffic, tunnels, username, way
Posted in Computer Security, FreeBSD, Linux, System Administration | No Comments »
Thursday, August 25th, 2011
Sysctl is a great way to optimize Linux. sysctl has a dozens of values which could drastically improve server networking and overall performance.
One of the many heplful variables to optimize the way the Linuz kernel works on busy servers is net.ipv4.ip_local_port_range .
The default sysctl setting for net.ipv4.ip_local_port_range on Debian, Ubuntu Fedora, RHEL, CentOS is:
net.ipv4.ip_local_port_range = 32768 65536
This means that the kernel and the corresponding server running services instructing the Linuz kernel open new port sockets can only open local ports in the range of 32768 – 65536 .
On a regular Desktop GNU/Linux machine or a not high iron server this settins is perfectly fine, however on a high scale servers the local port range in the interval of 32768-65536 might be insufficient at times, especially if there are programs which require binding of many local ports.
Therefore on a high load servers, generally it’s a good to raise the port range to be assigned by kernel to 8912 – 65536 , to do so the setting has to be changed like shown below:
linux:~# sysctl -w net.ipv4.ip_local_port_range = 8192 65536
...
If changing this setting on the server doesn’t show any negative impact on performance in few hours time or a day or even better decreases the server average load, it’s a good idea that it be added to sysctl.conf to load up the setting on next kernel boot.
linux:~# echo 'net.ipv4.ip_local_port_range' >> /etc/sysctl.conf
Enjoy
Tags: boot linux, CentOS, conf, confEnjoy, dozens, fedora, gnu linux, good, idea, impact, interval, ip port, ipv, iron, kernel works, Linux, linux machine, negative impact, net, performance, port, ports, range, scale, scale servers, server networking, setting, sockets, sysctl, thoroughput, time, Ubuntu, variables, way
Posted in Linux, Linux and FreeBSD Desktop, System Administration | 1 Comment »
Wednesday, August 24th, 2011
I’ve been playing with configuring a new nagios running on a Linux host which’s aim is to monitor few Windows servers.
The Linux host’s exim is configured to act as relay host to another SMTP server, so all email ending up in the Linux localhost on port 25 is forwarded to the remote SMTP.
The remote smtp only allows the Linux to send email only in case if a real existing username@theserverhostname.com is passed it, otherwise it rejects mail and does not sent properly the email.
As the newly configured Nagios installatio is supposed to do e-mail notification, I was looking for a way to change the default user with which Nagios sends mails, which is inherited directly after the username with which /usr/sbin/nagios3 and /usr/sbin/nrpe are running (on Debian this is nagios@theserverhostname.com).
Thanksfully, there is a work around, I’ve red some forum threads explaning that the username with whch nagios sends mail can be easily changed from /etc/nagios3/commands.cfg by passing the -a “From: custom_user@myserverhostname.com” to all occurance of /usr/bin/mail -s , its preferrable that the -a custom_user@myserverhostname.com is inserted before the -s “” subject option. Hence the occurance of mail command should be changed from:
| /usr/bin/mail -s "** $NOTIFICATIONTYPE$
To:
| /usr/bin/mail -a "From: custom_user@theserverhostname.com" -s "** $NOTIFICATIONTYPE$
Now to read it’s new configurations nagios requirs restart:
debian:~# /etc/init.d/nagios3 restart
...
Now in case of failed services or Hosts Down nagios will send it’s mail from the custom user custom_user@theserverhostname.com and nagios can can send mail properly via the remote relay SMTP host
Tags: aim, com, command, custom, debian gnu, default user, e mail notification, email, exim, forum, forum threads, gnu linux, hosts, Linux, linux host, localhost, mail command, myserverhostname, nagios, notification, NOTIFICATIONTYPE, occurance, option, port, preferrable, relay, smtp server, Thanksfully, theserverhostname, username, usr, way, whch, windows servers, work
Posted in FreeBSD, Linux, System Administration | No Comments »
Wednesday, August 17th, 2011
One server recently installed with Qmail + Vpopmail and Squirrelmail had just been reported to me that the webmail is failing to properly login existent users on the server via the IMAP protocol.
I've checked on port 143 to see if couriertpcd process is properly listening with netstat -tlnp as well as used telnet to check if I can normally connect with telnet to the imap port and it seemed there is no issue with IMAP
Further on I checked /var/log/mail.log and there I found the following error message popping up:
Aug 17 08:56:27 mail-serv imapd: LOGIN FAILED, user=hipo@mail-serv.com, ip=[::ffff:127.0.0.1]
Aug 17 08:56:27 mail-serv imapd: authentication error: Connection refused
Aug 17 08:56:29 mail-serv imapd: Connection, ip=[::ffff:127.0.0.1]
Aug 17 08:56:29 mail-serv imapd: authdaemon: s_connect() failed: Connection refused
Aug 17 08:56:29 mail-serv imapd: [Hint: perhaps authdaemond is not running?]
The error was shown each time I do get a failure in Squirrelmail in my browser to connect to IMAP with the error:
ERROR: Connection dropped by IMAP server.
As the log revealed the courier-authdaemond was not up and running on the system. I thus launched it :
qmail:~# /usr/local/sbin/authdaemond stop
qmail:~# /usr/local/sbin/authdaemond start
qmail:~# /etc/init.d/imap start
I've later on figured out the strange, was caused because of a server reboot, during boot process authdaemond did not properly load up, therefore to prevent future problems like this one, I've put authdaemond and /etc/init.d/imap scripts to load up via /etc/rc.local :
qmail:~# echo '/usr/local/sbin/authdaemond stop' >> /etc/rc.local
qmail:~# echo '/usr/local/sbin/authdaemond start' >> /etc/rc.local
qmail:~# echo '/etc/init.d/imap start' >> /etc/rc.local
Tags: authdaemon, authentication error, boot, boot process, browser, com, connection, connection ip, ERROR, error error, error message, failure, ffff, imap port, imap protocol, IMAPFurther, issue, localqmail, login, mail, mail log, nbsp, port, port 143, Protocol, Qmail, Reboot, sbin, scripts, squirrelmail, startI, startqmail, Stop, time, usr, var, vpopmail
Posted in Linux, Qmail, System Administration | No Comments »
Tuesday, August 2nd, 2011
Today I’ve learned from a admin colleague, a handy tip.
I’m administrating some Linux servers which are configured on purpose not to run on the default ssh port number (22) and therefore each time I connect to a host I have to invoke the ssh command with -p PORT_NUMBER option.
This is not such a problem, however when one has to administrate a dozen of servers each of which is configured to listen for ssh connections on various port numbers, every now and then I had to check in my notes which was the correct ssh port number I’m supposed to connect to.
To get around this silly annoyance the ssh client has a feature, whether a number of ssh server hosts can be preconfigured from the ~/.ssh/config in order to later automatically recognize the port number to which the corresponding host will be connecting (whenever) using the ssh user@somehost without any -p argument specified.
In order to make the “auto detection” of the ssh port number, the ~/.ssh/config file should look something similar to:
hipo@noah:~$ cat ~/.ssh/config
Host home.*.pc-freak.net
User root
Port 2020
Host www.remotesystemadministration.com
User root
Port 1212
Host sub.pc-freak.net
User root
Port 2222
Host www.example-server-host.com
User root
Port 1234
The *.pc-freak.net specifies that all ssh-able subdomains belonging to my domain pc-freak.net should be by default sshed to port 2020
Now I can simply use:
hipo@noah:~$ ssh root@myhosts.com
And I can connect without bothering to remember port numbers or dig into an old notes.
Hope this ssh tip is helpful.
Tags: administrate, annoyance, auto detection, cat, client, com, configHost, domain pc, example server, file, freak, handy tip, home, linux servers, net, noah, number 22, number option, order, port, port 22, port numbers, purpose, remotesystemadministration, root, root port, server host, server hosts, somehost, ssh, ssh client, ssh command, ssh connections, ssh port number, sub, subdomains, time, tip, www
Posted in Linux, System Administration | 1 Comment »
Saturday, June 18th, 2011
After installing the Tweet Old Post wordpress plugin and giving it, I've been returned an error of my PHP code interpreter:
Call to undefined function: curl_init()
As I've consulted with uncle Google's indexed forums discussing the issues, I've found out the whole issues are caused by a missing php curl module
My current PHP installation is installed from the port tree on FreeBSD 7.2. Thus in order to include support for php curl it was necessery to install the port /usr/ports/ftp/php5-curl :
freebsd# cd /usr/ports/ftp/php5-curl
freebsd# make install clean
(note that I'm using the php5 port and it's surrounding modules).
Fixing the Call to undefined function: curl_init() on Linux hosts I suppose should follow the same logic, e.g. one will have to install php5-curl to resolve the issue.
Fixing the missing curl_init() function support on Debian for example will be as easy as using apt to install the php5-curl package, like so:
debian:~# apt-get install php5-curl
...
Now my tweet-old-post curl requirement is matched and the error is gone, hooray
Tags: call to undefined function, Debian, ERROR, fatal error, freebsd, function, google, hooray, init function, installation, interpreter, issue, Linux, linux hosts, logic, Module, necessery, note, Old, order, package, php code, php installation, plugin, port, ports, post, requirement, support, tree, usr
Posted in FreeBSD, Linux, Wordpress | No Comments »
Wednesday, April 27th, 2011
As you can read in my few previous posts I have just installed a new Ubuntu 10.10 on a Toshiba Satellite L40 notebook.
Most of the things which are necessery for a fully working Linux desktop are already installed and the machine works fine, however I just noticed there is an issue with the default torrent gnome client and transmission unable to download files from torrent trackers.
Few minutes of playing with the transmission's settings has revealed what was causing my torrent download problems.
It seems on Ubuntu 10.10 (probably on other Ubuntus and Debians) by default the transmission bittorrent client is trying to use for torrent download connections an incoming port 53636 number.
As the computer is behind a firewall and does not have a real IP address seeders cannot properly connect to the notebook port 53636 and hence the transmission bittorrent client could not initialize any torrent downloads.
Fixing up the issue is rather easy to fix it I had to change the settings in transmission from the menus:
Edit -> Settings -> Network
You need to select the options:
- Pick a random port on startup
- Use UPnP or NAT-PMP to redirect connections
Next I had to restart transmission and my torrent downloads started
Tags: bittorrent, client, Computer, connectionsNext, Desktop, download, few minutes, fine, firewall, Gnome, gnome client, incoming port, Initialize, ip address, issue, Linux, maverick, menus, NAT-PMP, necessery, notebook, port, random port, redirect, Satellite, torrent download, torrent tracker, torrent trackers, toshiba, toshiba satellite, tracker, Ubuntu, Ubuntus, UPnP
Posted in Linux, Linux and FreeBSD Desktop | 5 Comments »
Monday, April 11th, 2011
If you’re experiencing problems with maximising flash (let’s say youtube) videos on your Debian or Ubuntu or any other debian derivative.
You’re not the only one! I myself has often experienced the same annoying issue.
The flash fullscreen failures or slownesses are caused by flash player’s attempts to use directly your machine hardware, as Linux kernel is rather different than Windows and the guys from Macromedia are creating always a way more buggy port of flash for unix than it’s windows versions, it’s quite normal that the flash player is unable to properly address the computer hardware on Linux.
As i’m not programmer and I couldn’t exactly explain the cause for the fullscreen flash player mishaps, I’ll skip this and right give you the two command lines solution:
debian:~# mkdir /etc/adobe
debian:~# echo "OverrideGPUValidation = 1" >> /etc/adobe/mms.cfg
This should fix it for, you now just restart your Icedove (Firefox), Epiphany Opera or whatever browser you’re used to and launch some random video in youtube to test the solution, hopefully it should be okay But you never know with flash let’s just hope that very soon the open flash alternative gnash will be production ready and at last we the free software users will be freed from the evil “slavery” of adobe’s non-free flash player!
Though this tip is tested on Debian based Linux distributions it should most likely work same in all kind of other Linuxes.
The tip should also probably have effect in FreeBSD, though the location of the adobe directory and mms.cfg should probably be /usr/local/etc/adobe, I’ll be glad to hear from some FreeBSD user if including the OverrideGPUValidation = 1 flash option to mms.cfg like below:
# mkdir /usr/local/etc/adobe
# echo "OverrideGPUValidation = 1" >> /usr/local/etc/adobe/mms.cfg
would have an impact on any flash player fullscreen issues on FreeBSD and other BSD direvative OSes that run the linux-flash port.
Tags: Adobe, adobe flash, adobedebian, browser, BSD, buggy, cause, cfg, command, Computer, computer hardware, derivative, Flash, flash fullscreen, flash issues, flash option, free flash player, free software users, freebsd user, fullscreen flash, gnash, hardware, Icedove, impact, issue, kernel, linux distributions, linux flash, linuxes, location, machine hardware, macromedia, mms, option, oses, player, port, production, programmer, Resolving, right, slavery, software, solution, sudo, tip, Ubuntu, video, way, windows versions, work, youtube, youtube videos
Posted in Linux, Linux and FreeBSD Desktop, Linux Audio & Video | No Comments »
on 
on 