I'd like to use a server between two machines (with no static IP). The only IP known to me is the server's IP address. I'd like to build/use a system that listens to 2 different ports within the server and whatever is received from localhost:portA is sent to localhost:portB and vise versa. Consequently, both machines (with java apps) can communicate through the server in the middle.
Please what is the best solution to do this. I'm working on linux system and I thought of using an SSH java API (hudson / ganymed-ssh-2) to build a port forwarding server application.
Some issue:
1) determining the size of the data transmitted to buffer read or not to forward it to the other port.
2)The speed of reading/writing bytes.
If you can use ssh protocol you can tunnel local or remote ports (this need support on server side). You can also think about an OpenSSH VPN (take a look on ssh -w option, this will create a real VPN (TUN/TAP device is required). ).
You can use the the ssh program. Take a look at the -L and -R options specifically.
Related
We have a system that implements reverse ssh tunnel to enable remote port forwarding.
This enables to expose devices on local network via a Public IP.
However, we're achieving this by a static port allocation, i.e. We've mapped Serial No.s of devices to Ports and each time a request comes to our server with Serial No. , we forward it to the designated port.
Obviously this design isn't scalable and we want to replace it with dynamic port allocation, such that the server itself takes care of allocating the port and freeing it once the device goes offline.
It'd be great to have suggestions on how this can be achieved.
Thanks in anticipation and apologies for my lack of knowledge in case I didn't explain it better (I'm new to this)
This can be solved by using a ssh command script in ~/.ssh/authorized_keys on your server.
command="reverse_server.py" ssh-rsa <publicKey>
First, a client has to connect to the script and send it's own serial (in my case a use the MAC-adress of one NIC).
The server looks into a database and tell the assigned port number or creates a new one for an unknown serial.
In the next step, the client can connect, using the reported port number as reverse port.
Btw. You should add some logic to monitor and recreate the tunnel if it disconnects or get stuck.
I want to make my site available world wide. Im using xampp server for hosting. I have no access to any kind of servers and modems. Situation is shown below:
My site server has local ip assigned by wifi router and it runs Windows 8.
Remember I have no access on any kind of servers and modems so port port-forwarding is impossible (out of my scope).
Its actually difficult, but not impossible.
One way, I would approach this is:
I would host a page on internet.
Then take request and store it in database.
One of my program will always be running from my computer.
Then check for request and curl the request to localhost. For this you may use Node.js (taking data from database using GET method and curl it to localhost).
This is the best I could think of. And I am working on it, when the code is ready I'll make it open source and notify you :)
But still, it's difficult, as you need to put user's request to sleep for 2 seconds and then transferring it.
Its slow, but may work out for you.
Disadvantages:
Program will be very slow and memory usage will be more.
Breaking may happen many times.
High bandwidth wastage
If not encrypted, MIM (Men in Middle) may possible.
Advantages:
Indirect method of hosting
Need not to worry about your code being lost.
I am looking forward for a better alternative and I would like to keep this question for bounty once again.
If you cannot open the necessary ports within your LAN you will require access to an external server. However, the external server does not need to host any code, e.g.
Create a Linux based ec2 instance using Amazon's free tier.
Install a package to redirect remote to local ports:
a. using socat:
Install socat using your distributions package manager
Connect via SSH: ssh -N -R 42500:127.0.0.1:80 -o ServerAliveInterval=60 ubuntu#xxx.xxx.xxx.xxx -N -R 8080:localhost:80 "socat TCP-LISTEN:8080,fork TCP:127.0.0.1:42500"
b. using a webserver and reverse proxy:
Install apache or nginx and any required reverse proxy modules and configure your VirtualHost to proxy requests to a local port, e.g. :8080 -> 127.0.0.1:42500
Connect via SSH: ssh -N -R 42500:127.0.0.1:80 -o ServerAliveInterval=60 ubuntu#xxx.xxx.xxx.xxx
Your machine is now reachable via the ec2 instance http://xxx.xxx.xxx.xxx:8080/.
I occasionally use this technique when debugging web service callbacks.
Update 17-02-2014
If you are a Windows user you will need to install a third-party tool to support ssh. Options include:
cygwin
git bash
PuTTY
PuTTY is the easiest choice if you are not familiar with *nix tools. To configure remote port forwarding in PuTTY expand the following setting: Connection -> SSH -> Tunnels. Given the previously described scenario, populate Source port as 42500, Desination as 127.0.0.1:80 and tick the Remote option. (You may also need to add the path to a PuTTY compatible private key in the Connection -> SSH -> Auth tab depending on your server configuration.
To test you have successfully forwarded a port, execute the command netstat -lnt on your server. You will see output similar to:
tcp 0 0 127.0.0.1:42500 0.0.0.0:* LISTEN
Finally you can test with curl http://127.0.0.1:42500. You will see the output of your own machines web root running on port 80.
if you don't have a public IP address and cannot use port forwarding it is impossible to host the site
As people have said you need a public IP address. However, even if you did you should not use xampp as a public server, as it is designed for development and therefore has some security settings disabled.
I would recommend buying some shared web hosting, and uploading it to that. (you can get cheap hosting if you google 'shared web hosting', plus free .tk domains are avaliable: http://www.dot.tk/)
Do your company has any vpn network?
If it does and you have access to the vpn network, you can include your server to the vpn network and your guest will only need to login to your company vpn network then access your site like in a local network without using port forwarding. And since your data is very confidential, I assume that using vpn will also help to increase the security of your data.
Please correct me if I'm wrong.
Thank You.
What you are asking is not possible without port forwarding.
Lets break it into steps.
To host your site locally you will need a IP that is static so that
users can access it specifically.
You will need a domain so that it can be converted into user friendly name.
A 24x7 Internet Connection is must! You added a Wifi Router in your Diagram and most of today's router are capable of port forwarding.
What i will do in your scenario is:
Instead of using XAMP, i will install WAMP because i am more familiar with it and easy to configure.(totally personal preference)
Then i would set my server "ONLINE".(Google how to set WAMP server online)
Forward port "80" from router settings to my local computer ip address.(mostly it is tagged as "Virtual Server","Firewall","Port Forwarding",etc vary router to router in settings)
Suppose you have a local ip "192.168.1.3" and global/router IP "254.232.123.232" then you would redirect all the HTTP request done towards router to your local IP.
[[[[254.232.123.232]]]] --+ :80 +-- --------->192.168.1.3
That is good for now, but then you will need to tackle dynamic IP problem of router. But don't worry, thanks to some free sites that will be easy!
Go to no-ip.org -> Setup Account -> and create a entry, just a subdomain for now to test whether everything is working fine.(subdomain like mysite.no-ip.org, later purchase a real Domain)
Input your IP address there(Router IP) and download its application which will automatically update their server if your local IP changes.
Wait for some minutes and Voila! Your site is live.
I'm using winexe to communicate with Windows running inside a virtual machine on my Linux system, to perform various test scenarios. I really don't want to have to be root to start the VMs.
When I start my Linux virtual machines, which I control with SSH, I simply map the SSH port (22) to a different, non-reserved port (>1024; say 19000). So I can start the VM without requiring root privileges. Then I use ssh -p 19000 ... when I want to ssh to the VM, and it works great.
But I cannot find a way to have winexe choose a different port than the default (I'm not sure what the default port is, actually; does it use 445 like SMB?). Is there a way to do it?
Note I cannot run an SSH server on Windows; because of my test environment requirements I can't add an SSH server to the virtual machines. Plus even if I were allowed I've had nothing but pain trying to get an SSH server to work reliably on Windows.
Winexe source code shows that the client-server communications happen over SMB in named pipes. As if you would write into unix pipes over nfs.
This results that it is very unlikely, that you can change the port. Maybe you can do that on the Linux side, but you have probably no way to do that in your Windows VM.
Could someone please help me to configure UDP in web server to accept connection from GPRS mobile device. The GPRS mobile device will send data packets which i need to write as a file in web server to process a web page. Please help.
i need to know the following:
1) How to configure UDP in web server
2) How can a GPRS mobile device get connected to the server using UDP
3) Write the data packets to a txt file
Please help.
A "web server" usually means am "http-server", which is a process listening for incoming "http"-requests.
Now http is a protocol that is standardized to be accessed via TCP/IP port 80.
Therefore most webserver implementations will implement a TCP/IP server that listens to port 80 by default. Usually you can change the port if need be, but usually you cannot change the transport layer to e.g. UDP.
Therefore it might not really be possible to make your "web-server" react on UDP packets.
If, however, by "web server" you mean a host accesible on the internet (that eventually might happen to run an http-daemon), you might have more luck: simply run a small server-application on that machine that listens to incoming UDP traffic on a given port, and do "something" with it (e.g. forward it to an http-daemon to display the current location)
Answers to your 3 questions:
Creating a small application listening on UDP-traffic:
a trivial server could be:
`netcat -l -u -p 8888`
This will create a UDP-server listening on port 8888, using netcat.
Whatever client connects to your server, everything that the client sends to the server will be output via stdout, and you can talk back to the client via stdin.
You shouldn't use netcat in a production environment; but it is a good and simple tool to check whether a connetion can be established and whether the protocol works.
In production, you will probably want to use a "real" UDP-server, e.g. by writing your own in the language of your choice.
How to make your gprs device talk to your server? This is impossible to answer without knowing more about the device, it's OS and the software installed that produces the data and is supposed to send it to the.
netcat -l -u -p 8888 > myfile.txt
I want to create a service that will allow me to display documents and media (think PDF and JPEG) that are stored in the filesystem of a remote server to which I connect by ssh. X11 forwarding doesn't cut it because it's too slow. Instead I want to design a protocol that will copy files from the remote system on demand, then display them.
My question is twofold:
How do I acquire a port on the remote machine? Since I may have multiple connections going, I cannot simply use a single well-known port—I will have to allocate a port dynamically.
Once I have my port, how do I communicate it to the display applications on the remote machine? SSH X11 forwarding communicates by setting the DISPLAY environment variable, and agent forwarding communicates by setting the SSH_AUTH_SOCK environment variable. Perhaps I can do something creative with a remote command?
I welcome any ideas.
Do you really need a remote port? If you can ssh into the remote machine, why not run a command and send data back over the ssh command, like rsync, Mercurial, Git, and so on do. SSH can provide an 8-bit clean connection, so it's just like having a socket connection.
To be clear, what i am suggesting is:
SSH from origin to the destination
In the SSH session, run a command on the destination that writes data to its standard output
The standard output is sent over the SSH connection from destination to origin
Collect the data that emerges from the standard output of SSH on the origin machine
There is then no need to open a particular port on either the origin or the destination.
Indeed, if what you really want is "a protocol that will copy files from the remote system on demand", how about SCP, SFTP, or rsync over SSH?