SMTP between two linux machines - linux

Is there are way to use SMTP to message pass between two linux servers? Even if they are not SMTP servers, I was wondering if I could just use SMTP to communicate between servers.
I have two ubuntu servers: 111.111.111.111 and 222.222.222.222. On each server I have set up user accounts master and node, respectively.
On 111.111.111.111, the file /var/spool/mail/master exists.
On 222.222.222.222, the file /var/spool/mail/node exists.
On 111.111.111.111, /etc/hosts has the line 222.222.222.222 node.us
On 222.222.222.222, /etc/hosts has the line 111.111.111.111 master.us
Assume that sudo iptables --list shows that port 25 is being accepted from all addresses
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp6 0 0 :::25 :::* LISTEN
Could I get something like this to work from the master (111.111.111.111) server?
sendmail -s "subject" node#node.us < sometextfile.txt
or some equivalent usint sendEmail or mutt, etc?

James -
Ideally you should be able to do what you are suggesting. You need to make sure that DNS resolution is working for those hosts files though - i did a quick test of this and I kept getting undeliverable for no AAAA (ipv6) record being found.
Also, the command to send you message should use the mail command instead of the sendmail, like this:
mail -s "subject" node#node.us < sometextfile.txt

Related

Netcat uses different port than requested

I have the following problem. I'm using Debian GNU/Linux Stretch and I am trying to use netcat as a simple server. I start it using following command:
$ netcat -l 127.0.0.1 33333
It starts just fine and accepts connections but on a different port than requested:
$ netstat -tulpn | grep netcat
tcp 0 0 0.0.0.0:38782 0.0.0.0:* LISTEN 2851/netcat
This behavior is independent of requested port, user or ufw status. Recently I installed LXC with following packages:
apparmor
bridge-utils
cgmanager
libapparmor-perl
lxc
All have been removed later, but somehow I feel like this behavior may be related to some changes in configuration.
It looks like you are using traditional netcat which requires providing -p argument for the listening port:
netcat -l 127.0.0.1 -p 33333
From nc -h:
-p port local port number
Syntax you use would work with OpenBSD netcat.

Close established TCP connection on Linux

I am not able to find an answer to a simple thing I will try to achive:
once a tcp connection is established to my linux server, let's say ssh / tcp 22 or x11 / tcp 6000 display -> how do I close this connection without killing the process (sshd / x11 display server).
I saw also some suggestoin to use iptables, but it does not work for me, the connection is still visible in netstat -an.
would be good if someone can point me to the right direction.
what I tried so far
tcpkill: kills the process, not good for me
iptables: does not close the established connection, but prevent further connections.
Thanks in adavnce
DJ
Ok, I found at least one solution (killcx) which is working. Maybe we will be able to find an easier solution.
Also, i saw the comment from "zb" - thanks - which might also work, but I was not able to find a working syntax, since this tool seems to be really useful but complex.
So here is an example how to work with the 1. solution which is working for me:
netstat -anp | grep 22
output: tcp 0 0 192.168.0.82:22 192.168.0.77:33597 VERBUNDEN 25258/0
iptables -A INPUT -j DROP -s 192.168.0.77 (to prevent reconnect)
perl killcx.pl 192.168.0.77:33597 (to kill the tcp connection)
killcx can be found here: http://killcx.sourceforge.net/
it "steals" the connection from the foreign host (192.168.0.77) and close it. So that solution is working fine, but to complex to setup quickly if you are under stress. Here are the required packages:
apt-get install libnetpacket-perl libnet-pcap-perl libnet-rawip-perl
wget http://killcx.sourceforge.net/killcx.txt -O killcx.pl
however, would be good to have an easier solution.
tcpkill wont work, since it will only kill any new connection, it doesnt kill existing ESTABLISHED connections
heres how you remove an Established TCP connection
find the PID of the process and the IP of the client connecting,
lets say you are on serverA and someone is connecting from serverB
root#A> netstat -tulpan | grep ssh | grep serverB
should see something like,
tcp 0 0 <serverA IP>:<port> <serverB>:<port> ESTABLISHED 221955/sshd
use lsof utility to get the File Descriptor of this connection using the parent PID
root#A> lsof -np 221995 | grep serverB IP
should see something like this
sshd 221955 <user> 17u IPv4 2857516568 0t0 TCP <serverA IP>:<port>-><serverB IP>:<port> (ESTABLISHED)
get the File Descriptor number (4th column) = 17u
use GDB to shut down this connection, w/out killing sshd
root#A> gdb -p 211955 --batch -ex 'call shutdown(17u, 2)'
should see something similar,
0x00007f0b138c0b40 in __read_nocancel () from /usr/lib64/libc.so.6
$1 = 0
[Inferior 1 (process 211955) detached]
that TCP connection should now be closed

Is it possible to deterministically trace how port 80 is forwarded and where the configuration is on a given system?

Is there a way to determine or trace how a port forwarding configuration is set up on a system running Ubuntu 14.04 LTS, on which there is a NodeJS service running and somehow accepting connections via port 80, although the service itself is running on port 8080, given that it's clear that port 80 connections are being handled by Apache (see details below)?
I have attempted to lsof -i :80 on the system, and according to lsof, there's no process running on port 80. Interestingly, though:
ubuntu#ip-***-**-**-***:~$ sudo netstat -anp | grep apache
tcp6 0 0 :::80 :::* LISTEN 10197/apache2
I have dug into the apache configuration, after determining that it is located at /etc/apache2/apache2.conf and have not been able to find any VirtualHost records, ProxyPass, or anything of the sort.
I have also checked iptables -L just in case.
Would httpry or something like it help figure out the port forwarding configuration and what running processes are responsible for the port forwarding?
iptables -L wouldn't answer the question (this lists the iptables filter table); you'd want to look at the nat table by running iptables -t nat -L (or iptables -t nat -S, which produces output in the format of iptables-save which I find much easier to read).
Typically Apache reads more than just /etc/apache2/apache2.conf, also, so there may be additional Apache config files under /etc/apache2 that you should check.

How to change the net-snmp trap sender port in linux?

I'm using the net-snmp for gather system information in linux.
but I found there is problem.
when I check port usage of Net-SNMP by netstat, I found net-snmp using 3 UDP port.
Here is the result.
[root# snmp]# netstat -anp | grep snmp
tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN 6392/snmpd
udp 0 0 0.0.0.0:49005 0.0.0.0:* 6392/snmpd
udp 0 0 0.0.0.0:161 0.0.0.0:* 6392/snmpd
udp 0 0 0.0.0.0:44837 0.0.0.0:* 6392/snmpd
as you can see, the snmpd using 2 more udp port without 161.
also I found why the 2 udp ports are randomly occupied by snmp.
those ports are using for sending snmp trap.
when I remove the tran2sink and informsink option, the 2 UDP ports are no more appear.
this is my part of configuration of snmpd.conf
###########################################################################
# SECTION: Trap Destinations
#
# Here we define who the agent will send traps to.
# trap2sink: A SNMPv2c trap receiver
# arguments: host [community] [portnum]
trap2sink 192.168.1.4
# informsink: A SNMPv2c inform (acknowledged trap) receiver
# arguments: host [community] [portnum]
informsink 192.168.1.4 NMS_COM
# trapcommunity: Default trap sink community to use
# arguments: community-string
trapcommunity NMS_COM
# authtrapenable: Should we send traps when authentication failures occur
# arguments: 1 | 2 (1 = yes, 2 = no)
authtrapenable 1
my program have to use 40000~50000 udp port.
so I want to use those trap options and change the ports.
how can I fix the ports?
You can try to set port for the directives as below:
trap2sink 1.1.1.1:port_num e.g. trap2sink 1.1.1.1:162
I hope I understood your question and this would help.
These are SNMP Ephemeral ports. Here is a quote from a Microsoft support page on them:
While SNMP service is running it may be noticed via the netstat
Command Line utility that in addition to the well known ports for
sending and receiving SNMP traps (161/162) that a random ephemeral
port has been created by the service as well.
The random port usage is intended behavior and is opened for the
purpose of sending "management" traps
...
This port will remain in
the system while the SNMP service is running, but is not actively used
unless a management trap is to be sent outbound. Since SNMP does not
listen for inbound packets on this random port, this does not present
a security vulnerability.

How to show which port is the database socket running by Linux command?

I have three MySQL database sockets running on a Linux machine. By the cmd "sudo netstat -npl|grep mysql", I can find the ports and db sockets. But I need to match them one to one by using pid.
Is there any cmd I can use to show the port number of a db socket directly in Linux?
The output looks like this:
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 3886/mysqld
The PID of the mysqld process is the number before /mysqld, i.e. 3886.
There's several different ways to do it, but for your purposes, I suggest simply looking at the output of the command you're already running.
$ sudo netstat -npl|grep mysql
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1124/mysqld
unix 2 [ ACC ] STREAM LISTENING 8713 1124/mysqld /var/run/mysqld/mysqld.sock
This is telling me that process 1124 is listening on 3306 and /var/run/mysqld/mysqld.sock

Resources