So I can get X11 forwarding working in WSL2 following e.g., How to set up working X11 forwarding on WSL2. Then I had issues getting networking to function after connecting to a Cisco AnyConnect server, but I solved that using, e.g., WSL 2 Cisco AnyConnect Networking Workaround. This included manually setting up /etc/resolv.conf to include the DNS nameservers I need, although the DISPLAY variable for X11 should then be set via this answer to the X11 question.
But as soon as I connect to AnyConnect, I can no longer forward X11 apps, which even includes vim unless I add the -X argument (seemed odd, but what do I know). The apps don't show an error in display setting, they just don't show up. The same commands work fine as soon as I disconnect from the VPN. This happens regardless of the networking settings that need to happen, so I think it's only related to the AnyConnect itself, but perhaps there are additional Powershell commands I need to run so the display works? Any ideas?
I had the same concern in my WSL2 environment. Once I opened a VPN connection via Cisco AnyConnect, the default network interface I had set within DISPLAY environment variable for X11 forwarding (which I retrieved from /etc/resolv.conf - same method as the one you pointed out) wasn't accessible anymore.
I looked then for any Windows network interface ping-able from WSL2 side and with a 6000 port reachable (since this port seems to be the one used by default to establish X11 connections with X servers like VcXsrv). And by luck, I found the virtual network interface opened for the Windows host on the VPN, which matches these criteria:
Name : Ethernet 2
InterfaceDescription : Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
InterfaceIndex : 4
MacAddress : [...]
MediaType : 802.3
PhysicalMediaType : Unspecified
InterfaceOperationalStatus : Up
AdminStatus : Up
LinkSpeed(Mbps) : 862.4
MediaConnectionState : Connected
ConnectorPresent : False
DriverInformation : [...]
To be able to use it from WSL2 side, I used the following Powershell command to retrieve the interface's IP address:
Get-NetAdapter |
Where-Object InterfaceDescription -like "*AnyConnect*Virtual*Adapter*" |
Get-NetIPAddress -AddressFamily IPv4 |
Select-Object -ExpandProperty IPAddress
which can be wrapped into a Powershell call from WSL2, like following:
/mnt/c/Windows/System32/WindowsPowerShell/v1.0/powershell.exe -Command '<the_command_above>'
Once I got this IP address, I only had left to re-export my DISPLAY environment variable with it:
export DISPLAY="<vpn_ip_address>:0"
And that was it, I could enjoy X11 forwarding back again!
Related
I got a notification from my kaspersky antivirus on my windows 10 (which is always on)
Apparently, there was a port scan and it was blocked.
User: NT AUTHORITY\SYSTEM
User type: System user
Component: Network Attack Blocker
Result description: Blocked
Name: Scan.Generic.PortScan.TCP
Object: TCP from 104.152.52.xxx at 192.168.0.10:1701
Additional: 192.168.0.10
Databases release date: Yesterday, 1/19/2022 12:34:00 PM
192.168.0.10 is a virtual machine running debian; I have UFW on this debian and port 1701 is not in any UFW rules. (so it's not allowed)
I have done a grep on the ports of the debian VM using: sudo netstat -tulpn | grep 1701 Found nothing
I assume the port scan has been done on all the machines in my network?
How can I find out where the scan comes from?
What are the consequences? What should I do next?
So from what i understand of what you published, 104.152.52.xxx made a scan. What's odd is how could he effectively reach your machine at 192.168.0.10, so i believe you have port forwarding enabled on your router. *-{see edit}
I also assume that the IP address of your VM is bind directly to your home network 192.168.0.0\24 (and not in a sub network on Windows 10). So your router should be accessible at 192.168.0.1 (or 192.168.0.254 sometimes)
Consequences of a scan ?
most likely, none, except if you have some port opens, kaspersky blocked the 1701, but probably other ports have been scanned. So verify the configuration of your router
Is it normal ?
Yes. Every device accessible from internet is constantly scanned. Always.
What to do next ?
Make sure no port-forwarding is enabled on your router
If port forwarding is enable, and needed. Make sure the software behind it is secured and up to date. if you have a password access, the password should be strong. If you have an SSH server, deactivate the authentication by password and activate the authentication by public key.
== EDIT ==
Other possibility than port forwarding and seems to be the answer:
If the VM is in a DMZ, then all unassigned ports on the router may be (depends on the router) redirected to the VM, therefore, a scan on the public ip address, would result on a scan on the VM.
I cannot connect to redis server (ubuntu server 16.04 LTS 64 bits on separate PC) from windows 8.1 64-bits. Redis is well documented, however I found very little information how to connect redis server from separate machine.
I have installed latest version of redis into linux and locally everything works fine. I start server via redis-server and also I start redis-cli and after that I am able to add information into server and retrieve it. The same situation is in windows - everything works locally.
In order to connect from windows into linux redis server I did these changes.
In linux I set the static local IP via sudo nano /etc/network/interfaces
address 192.186.xxx.xxx
netmask 255.255.255.0
network 192.168.xxx.xxx
broadcast 192.168.xxx.xxx
gateway 192.168.xxx.xxx
dns-nameservers 8.8.8.8
In redis.conf file I bind my windows PC IP which is given by my internet service provider. I also opened TCP 6379 port in my router GUI. In windows I modify redis.windows-service.conf and redis.windows.conf files. In both of them I bind my IP address given by my internet service provider. After this I cannot start redis-cli properly (empty black cmd window is visible)
What I am doing wrong? I would be very grateful for any help.
You should modify the redis conf, my redis conf is located at /etc/redis/6379.conf.
And you should comment the line "bind 127.0.0.1" Or change to bind 0.0.0.0.
The bind specify which network interface the redis server should listen to. The default is localhost.
And also Change the protected-mode to no :
Protected mode is a layer of security protection, in order to avoid that
Redis instances left open on the internet are accessed and exploited.
When protected mode is on and if:
1) The server is not binding explicitly to a set of addresses using the
"bind" directive.
2) No password is configured.
The server only accepts connections from clients connecting from the
IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain
sockets.
By default protected mode is enabled. You should disable it only if
you are sure you want clients from other hosts to connect to Redis
even if no authentication is configured, nor a specific set of interfaces
are explicitly listed using the "bind" directive.
protected-mode yes
If you don't disable the protected-mode, your redis server will not listen public ip interface. more detail see above.
If you can access the remote server from your machine, your problem is most probably with redis security config, read the Securing Redis section in this document
I found that most of the time people don't change the "bind" directive value in redis config, you can test that by setting bind 0.0.0.0 and restarting redis server, if that's the issue, you can then allow whatever subnets you need to access the server.
I have also experience the same issue trying to connect to Redis (MSOpenTech 3.0.5 and 3.2.1) By default if no binding is stated then redis(according to the comments in the conf file) will listen to all available interfaces. That said, v 3.2.1 does have 'bind 127.0.0.1' already set... in 3.0.5 Setting the binding to 'bind 127.0.0.1' still allows the redis-cli to be used. Binding to 192.168.1.2 renders the redis-cli unusable with both versions - there is no IP and Port prompt, simply a carat and the cli does not accept keyboard input. Binging to an external IP the MSOpenTech fork service will not restart and throws an error(nice). Clearing all bindings and reverting back to original state, the redis-cli becomes usable again. Also, on the MS OpenTech fork there is no 'ProtectedMode' setting in either config file. Not sure whether this can actually be set.
Have raised this as an issue on the MSOpenTech fork via github but expecting silence to be the only reply...
I'm not sure this helps you in any way other than knowing that you are not alone. I am trying to pub from PHP to AS3 subscribers - it works great in the Flash IDE but from the localhost browser, redis appears to go decididly deaf.
I am not finding this question in SF history, which was a surprise, so I'll go ahead and ask it.
I am working on an IoT Raspberry Pi project with Windows 10 and need to connect it to the internet via an Ethernet/USB adapter. The adapter itself is made by Belkin. Using this, I can see an ip of 169.stuff get generated for my Pi, which is a private ip. I can deploy code to that from my connected box, however other devices are not able to reach it, and it is not able to make connections out to any servers.
I'm wondering if anybody knows how to bridge the connection.
I am attempting to use the new Azure IoT Hub and the SDK with this in case that makes any differences as that is not a simple rest interface and I believe is some form of socket connection.
Additional Notes:
I have installed a DCHP Server and the Pi gets the ip address: 192.168.0.3 assigned to it. Unfortunately the Pi still can not ping external sites, such as google.com
Latest Discoveries:
I am on a corporate box, which has internet sharing disabled by the system admin. Following these instructions: http://zizhujy.com/blog/post/2013/07/07/Solved-Internet-Connection-Sharing-has-been-disabled-by-the-Network-Administrator.aspx Fails. It shuts down all connectivity to my box and I cannot ping anything or reach the internet or anything.
Thanks,
~David
The 169 address means it isn’t getting a DHCP address assigned.
Since you don't have a router for the Ethernet, you can use Internet Connection Sharing, however we will need to run the following commands against the Pi to set a static IP, gateway, and dns server, since internet connection sharing botches this up a bit at times:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value 192.168.137.2
Enter-PSSession -ComputerName 192.168.137.2 -Credential 192.168.137.2\Administrator
set-executionpolicy unrestricted
netsh int ip set address "Ethernet" static 192.168.137.2 255.255.255.0 192.168.137.1
netsh int ip set dns "Ethernet" static 8.8.8.8
netsh interface ipv4 show config
set-executionpolicy remotesigned
You may need to reboot the Pi at this point then test pinging 8.8.8.8 and google.com to make sure resolution is working. You should be all set!
One other thing, if you have a group policy on the machine that is restricting Internet Connection Sharing then take a look at this article to fix the issue. Note if your organization is constantly sending down the policy then you may have to re-enable Internet Connection Sharing often which is aggravating but at least it will work.
http://zizhujy.com/blog/post/2013/07/07/Solved-Internet-Connection-Sharing-has-been-disabled-by-the-Network-Administrator.aspx
I do this by creating a DHCP server on my laptop and connecting the Pi directly to it. I followed these instructions to get it working:
Download DHCP Server for Windows. It is a 100kB download.
Go to the IPv4 properties page of the Ethernet adapter and set a fixed IP address, say 192.168.2.1
Run the DHCP Server Wizard (downloaded above)
Select the Ethernet adapter from the list shown
Save the configuration file and start up the DHCP Server
Click the 'Continue as tray app' button in the server control panel.
Boot up the Raspberry Pi
A popup notification shows the IP address assigned by the DHCP server to the Raspberry Pi.
Use a SSH client, like PuTTy, to connect to the IP address shown
Hope this works!
I am trying to connect Monetdb database, and I would like to use it with a node.js server app.
I currently set up a VirtualBox environment with monetdb package, as described here, and it works well: https://www.monetdbsolutions.com/solutions/cloud/vm
I can connect to this VM with putty with root#localhost:2222, and it works.
However, I cannot find the way to connect to the VM and to my database using node monetdb package: https://www.npmjs.com/package/monetdb
I used:
var options = {
host : 'localhost',
port : 2222,
dbname : 'mydb',
user : 'root',
password : 'monetdb'
};
I cannot find the way to make it work.
When I use:
var conn = require('monetdb').connect(options , function(err) {
if (!err) console.log('connected');
});
It does not trigger any error, nor launches any connection.
I think I am missing something when I access to the Virtual machine root#localhost:2222. It works with SSH, but I am not sure the access with monetdb node package is similar.
Is it even possible to connect to this VM from node.js? Maybe I should try another way to try this database with node.
They made a "docker container". I never used that kind of thing, but it may be suitable as well...
Any help on how I can solve this would be a lot appreciated!
Thanks very much on this.
Best regards
The port 2222 that is linked to port 22 on the virtual machine is for ssh only. The instructions show how to use monetdb on the virtual machine, and not from the host system.
The instruction page mentions:
Alternatively you can create a tunnel over SSH to access the database using the MonetDB MAPI protocol.
So that should be your first attempt. If you are on Linux/Unix or OSX you can set up a tunnel to the default monetdb port like this:
ssh root#localhost:2222 -L 50000:localhost:50000
Alternatively you can use VirtualBox to setup the port forwarding, as explained in the manual in paragraph 6.3.1:
To configure Port Forwarding you can use the graphical Port Forwarding editor which can be found in the Network Settings dialog for Network Adaptors configured to use NAT. Here you can map host ports to guest ports to allow network traffic to be routed to a specific port in the guest.
Now assuming monetdb is running on the virtual host you could connect to it on port 50000 on localhost. You have to check the instructions for username/password, they are probably not the same as the ssh credentials used to set up the tunnel.
Another soluction might be to change the virtualbox config from NAT (where port 2222 on your machine is forwarded to 22 on the virtual computer) to a bridged setup where you can access the virtual machine on its own ip address. This is assuming you have a dhcp server running and dhcp is configured correctly on the virtual os. If this is not the case you need server admin knowledge to get all this set up.
I am writing an application for deployment on desktop computers and using ServiceStack to expose json services to a central application which will consume them. I'm using ServiceStack self hosting and I've pretty much just followed along with the ServiceStack wiki examples to get basic connectivity up and running.
This is used to start the server and bind it
appHost.Init();
appHost.Start("http://server_ip:port/");
Windows also needs to be configured so a non administrator can accept incoming requests; with this command from an administrator command prompt
netsh http add urlacl=http://server_ip:port/ user=desktopMachineName\desktopUserName listen=yes
note: this seems to be fragile. If the urlBase in the appHost.Start(urlBase) command is different to the urlacl parameter in the netsh command then connections are refused by Windows. btw I've only tried this with Windows 8.
Is there an alternate approach so that the application can withstand changes to the desktop computers ip address (e.g. caused by DHCP)?
This is a desktop environment so I don't expect users to have hostnames setup or static ip addresses for their computers. I'm also trying to not require them to type in commands at a command prompt.
It kinda depends on how the central application locates the apps on the desktop computers.
If you only have a list of static IP addresses, you will need the desktops to have static IP addresses.
If somehow your central app knows what the current IP address is (or maybe this is in a network and you can use the machine's name) then try urlacl=http://+:port.
This basically sets a wild card saying that anything coming in on this port via http goes to this app.
Then apphost.Start("http://locahost:port/") should work.