I have two computers, A and B.
On computer A, I want to be able to specify for certain ports that incoming traffic from computers will be automatically routed to a different port on computer B as if it was originally sent to B from .
I'm not really sure what I need here. I thought it might be port forwarding, bridge, ip routing or ip forwarding but was unable to come to a conclusion.
I'm trying to do this on a Windows 2008 machine, in order to shift traffic from an older software on one server to a newer software on a different server. I tested my trials using http://joncraton.org/blog/46/netcat-for-windows, trying to send stuff from my computer to another computer which was supposed to route it back to me, but nothing was received.
I have tried:
http://www.simpleportforwarding.com
but that didn't work for me.
I've also tried:
http://www.quantumg.net/portforward.php
but my Anti-virus blocks it (though it's not a malware, as far as I know).
I know Windows has the command "route" on the shell but I'm not really sure what to do with it as it requires a mask for the IP and doesn't seem to allow choosing ports (and it might not be what I need anyway).
I've also come across this:
http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html
and though I'm pretty sure NAT is not what I need, maybe that "Roles" configuration has something relevant.
Had anyone come across a similar situation and knows how to solve this? I'm pretty sure there's something ready which can do this and no software needs to be written.
EDIT:
I've discovered that netsh can do the above by:
C:\>netsh interface portproxy add v4tov4 listenport=12345 listenaddress=192.168.1.1 connectport=443 connectaddress=192.168.1.1
which is a command I found here:
http://www.rickwargo.com/2011/01/08/port-forwarding-port-mapping-on-windows-server-2008-r2/
But the problem is, and I forgot to mention this, I also need to be able to do this routing only for specific source IP addresses. I'm not sure if netsh can do this (maybe it can?) so is there any other way?
Related
I've found Koding on the interwebs and I really dig it. In fact, I dig it so much, that I want to write my game server solely in Koding, hence it is a reliable app on the net, so I can work from anywhere anytime. But my problem is there, that when I want to try things from outside Koding (the client) I cannot connect to server. Unfortunately I haven't found the IP of my machine (I tried all the citruslee.kd.io variants I have [vm-0.], ifconfig -a adresses, but nothing really happened). The question is, how can I get the somewhat public IP of my VM?
I hope I understood you correctly. If you want to see your VM in action you can just access the URL citruslee.kd.io and if you run some other server (other then Apache, that comes preinstalled on all VMs) on your VM you can type the port after the URL. Keep in mind that your VM shuts down after ~15 mins. Hope I answered your question.
If you have any more questions you can always email us at support#koding.com
I want to have background service written in Delphi 7, that stops a specific URL from being loaded by any browser. Is this possible?
Can anyone point me in a direction?
Thanks in advance.
Shane
There are two approaches of which the second one is technically the best:
Write a DLL that you inject into all processes and if these processes are for a browser you have to intercept and filter all traffic, e.g. using Windows sockets
Write a Layered service provider that works a bit like a firewall (at a lower level in the OS)
I've worked in internet filtering software and I can tell you both are big undertakings.
We initially took the first approach, then switched to the other because it's technically better. [And we never finished that transition because the company folded ;-(]
We did not write our own LSP (it's a big job in itself) but used the products from Komodia. Although they write for C, the people were very helpful answering our questions about porting to Delphi.
But as I said earlier, this is BIG: you have to deal with 32 and 64 bit code, http versus https, protecting services from being stopped, etc. Any non-programming solution that you can find is better (although easy to circumvent).
If you still want to program: prepare for 1 man-year of coding using LSP.
A service, no, I don't think so. But you can edit the 'hosts' file so that the domain of the url points to 127.0.0.1. You can make a service that 'guards' this file, although the service itself must have elevated rights to be able to edit it, and of course, the service itself can be killed as well, if the user has the rights to do so.
Anyway, if you manage to edit the file, the browser will not be able to find the server by domain name. Of course, urls with an IP address cannot be blocked this way and neither can you block specific urls, only the entire domain.
But in general, this is not something to solve using a custom service, but in the firewall on either the PC or the router.
For Internet Explorer, you can write a Browser Helper Object that IE itself loads and passes browser events to. The BHO can then accept/reject URLS on a per-request basis as needed.
I've searched this subject in stackoverflow and found out that a telnet library would help, and I found a telnet lib here: C# Telnet Library
but I don't know how I can use a telnet library to open a port in my router. I'm using an AT&T 2wire router. Any hints on how I can do this?
You can't. The 2wire router is an island unto itself, if it decides to block a port nothing external can (or should) be able to change that. You are on the wrong track, and would need to restate your goals in order to get a useful answer.
UPnP and other "Hole Punching" techniques do exist: but you'll be in a world of hurt if you try to reply on them for any widespread deployment.
Perhaps you meant to open a connection to a remote server and then establish two way communication. That is easy... and how other games and tools get the job done.
Technically speaking you should not be able to. You shouldn't have outside programatic access to a router to open a port if it's blocked.
If what you mean is opening a port for communication (that is not blocked) then you can simply create Sockets with the address and port (ex. localhost 7777) to establish inter process communication or simply communication with another server.
As I mentioned in a comment below there are ports that are available for use (in C# this can be easily tested, a quick google search will find you many snippets of code for testing if a port is open). A simple approach is to simply start at port 1024 (I believe this is the correct lower bound for ports that should be used by applications, someone correct me if I'm wrong) and just start counting up until you find a port that is available, if you find you've reached some upper limit you can simply report that a connection cannot be made. I hope this clears up a little more and if I have time I will try to find some code I have for this and edit it in but honestly a quick search can net you similar code for checking ports in C#.
So I have been looking every where, and so far i haven't been able to find anything that allows me to ssh from an iPhone app, and have finally resorted to posting a new pos.
So I am trying to make an app to manage servers and part of the tasks that I need to be able to do it to be able to some how remotely connect over the internet to a server with either an ip address or a DNS name.
The connection to the server does not necessarily need to be a SSH connection, it could be a telnet although because of the security issues i would prefer SSH (if it is a lot less code I would accept telnet), but on the other hand it could be some other type of connection.
The application just needs to be able to run a script on the server end and if a SSH or telnet I would not need any help but if some other type of connection i may need a bit of help. Also the server on the other end is intended to be linux server (either ubuntu or gentoo, but not sure which yet but all i can say is will almost certainly be a linux server operating system).
I have already looked at the libssh/2 and would welcome any other similar demos as have not been able to work out how get the frameworks to work as well as licensing issues with using the frameworks in it.
PS. I am relatively new to programming and although i have some basic knowledge of coding some type of tutorial or sample code would be greatly appreciated.
Many Thanks For Any Help
Thomas
SSH is a hugely complicated beast. As long as you only need to execute one command without interactivity, it sounds like you could achieve the same thing by running a web server on the server and posting the commands via HTTP from the device. You can use SSL to achieve security. You'll need a mechanism that allows you to authenticate the device (you'd need something with ssh, too). And you'll have to have something in the web server on the server that figures out and runs the desired script. But all that is still hugely easier than dealing with libssh.
I've been crashing around on the netfilter/iptables home page as well as beseeching The Google, but no luck so far.
I have a Rails application which needs to control packet filtering for its Linux host. It could do this by just dumping rules into /etc/sysconfig/iptables and bouncing the iptables startup script, of course. But it would be sweeter if it could just seamlessly make the calls via an API.
The app's requirements are actually very very simple; it only needs to add and delete ACCEPT rules for a given source IP address to a given TCP port on the server, to control access to that service.
I found references to a ruby-iptables project, but that apparently went moribund some years ago.
If I have to resort to raw getsocketopt() calls and the like, I'll just do the text-file-and-restart approach, which will offend my Slickness Sensor but make my customer smile, because he likes working software better than really elegant software that will work Very Soon Now.
If you search for "ruby netfilter" there's more to be found. NetFilter (http://netfilter.org/) is the underlying framework behind iptables.
http://rubyipq.rubyforge.org/ (traffic shaping)
https://github.com/johnl/netfilter.rb (DSL)
http://rubyforge.org/projects/iptcext/ (IPTC library interface)
The last is most like what you want, but while there's code, there doesn't seem to be a real release.