imap.domain.com - how to forward to port? - node.js

I'm trying to make an imap server from scratch in node.js (primarily to learn about node.js and imap protocol).
How do I direct traffic from the imap subdomain (imap.mydomain.com) to port 143 on the server (where my server code is listening). I've updated iptables with this rule:
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
But it still doesn't work.
My DNS is like this:
A record - mydomain.com => 1.1.1.1 (my example ip address)
CNAME record - mail.mydomain.com => mydomain.com
mydomain.com redirects and is handled by apache. Could apache be overruling it? Maybe I need to add a host in /etc/hosts for the sub-domain?
Also, when doing telnet:
telnet 1.1.1.1 143
I get a "no route to host" error. So that tells me the route direct via the ip from the sub-domain doesn't work either...
I've checked out dovecot and postfix and it seems like they handle the port listening internally, so I couldn't see any clues from their install / config instructions.
It would be great if anyone could offer instructions on how to make sure the imap.mydomain.com subdomain properly forwards to the imap server.
Thanks!!!

There is no redirection or forwarding. IMAP is simply a different protocol than HTTP (i.e. "web") and to use IMAP the server has to listen on port 143 and the client has to connect to this port. Just look at the settings of your mail client.

Related

Open ports only on specific domains

I am looking for the right command to open ports only to specific domains. The domain and its subdomain, go to the same server (CentOS)
However, for security reasons, I only want to open the posts on specific subdomains.
On the other domains the ports should not be reachable, so the ftp port 21 should only be open on ftp.domain.com and not on e.g. ssh.domain.com or mysql.domain.com
So I want to block everything (exclude port 80 and 443) and only allow specific ports to specific domains.
example
21 on ftp.domain.com
22 on ssh.domain.com
3306 on mysql.domain.com
I know it should work with iptables, but unfortunately I have trouble finding the right command.
I have found this only but i will only accept incoming ports.
iptables -A OUTPUT -p udp --sport 53 -m string --string "google.com" --algo bm -j ACCEPT
Maybe you have a more elegant solution than iptables.
You can do this by using some reverse proxy server. The proxy server can filter the desired traffic to the actual service.
So how it will work is -
Let all your request come to reverse proxy server. eg. HAPROXY or nginx (both work at Layer 4 and 7)
Put a rule for the hostname in the proxy server config.
Forward the desired traffic to the actual host.

Squid routing SSL traffic

Good day,
I have a setup in which I am routing my received packets at my Mikrotik router to a squid server.
I also can see the incoming traffic with Tcpdump that it is actually ariving # the correct port (443) on Squid Proxy server.
On the next step I have
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to 10.0.2.51:3127
(that is all I have on iptable rules)
Which routes the received 443 traffic to port 3127 which is my squid SSL port.
I am getting page not found error on my browser.
Now I know that my Squid is setup correctly, because when I input the proxy server adress manually 10.0.2.51:3127 for SSL in the Mozilla browser all is working great, all SSL pages are logged with SSLbump.
Could someone please help with figuring out why this isn't working correctly, I am quite new to proxies?
You are DNATing packets going to the proxy.
But are you SNATing the packets coming back from the proxy ?

Redirect outgoing connection to localhost

Is it possible to redirect outgoing connection back to localhost using iptables?
For example, if php script requests someonlinesite.com/bla.php then it would redirect to 127.0.0.1/bla.php
OS: Debian 7
The question does not really make much sense the way it currently is asked.
Most likely you are trying to redirect a http request? Then you should take a closer look at your systems name resolution, since that is the step that translates the host name someonlinesite.com to an ip address. So that is where you want to manipulate.
You might also want to consider using a proxy as an alternative. But a pure iptables based solution is questionable, since in typical setups the local http server will not react to incoming requests to a remote ip address...
try with:
iptables -t nat -A OUTPUT -d 0/0 -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80
Thank you for replies, i managed to do it with hosts file.
/etc/hosts
127.0.0.1 domain.com
Now it redirects always to localhost when script tryes to reach domain.com

Enable HTTP TCP connection requests in Arch Linux for neo4j

My laptop is running a local neo4j server. I can use it with localhost:7474 but when i try connecting it with 192.168.1.12:7474 it is unreacheable.
Turns out linux is blocking connections other than web server port 80. Because i can access my Apache server on 192.168.1.12/
I am trying to allow TCP connections on port 7474 by using
iptables -A TCP -p tcp --dport 7474 -j ACCEPT
but it gives a response as -
iptables: No chain/target/match by that name.
How can i make other clients access neo4j server running at my laptop on port 7474. My laptop IP addr is 192.168.1.12.
I doubt that it is blocking it. Probably your neo4j server is only running at 127.0.0.1. You can check this out with netstat -nplt: you will probably see something (the apache) listening on 0.0.0.0:80 or :::80 (e.g. catchall address) but on port 7474 you will probably only see 127.0.0.1:7474 or ::1:7474. If this is the case you need to reconfigure your neo4j server to listen not only on localhost (don't know how, checkout the documentation).
Okay. I had uncommented the webserver address line but it still wasn't working.
So i reinstalled neo4j. That solved it. Weird but worked.

Redirect a domain to a ip and port

I have a node.js server listening on port 4000
how can I redirect my domain name: www.mydomain.com to a ip and port? The domain provider only allows an ip address without a portnumber in the redirection field. If I do a URL redirect, then the name of my side is not shown.
Please let me know how can I redirect it to my domain?
121.12.12.123:4000 redirect to www.mydomain.com
HTTP requests usually come in on port 80. When you type in a domain and do not specify a port, it automatically connects to port 80. You have a few options. You can run your Node.js server as root and have it listen on port 80, but it's not recommended.
You can also setup a Nginx on port 80 and use it to reverse proxy requests to your Node.js process which is listening on port 4000, but this introduces another component in your stack to manage and introduces a little bit of overhead for each request.
The way I prefer to handle this is to setup a redirect in iptables (assuming you're using Linux).
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 4000
That will redirect all traffic from port 80 to port 4000, where you're listening Node.js process is.
That allows you to run your Node.js process as an unprivileged user, but still answer requests on port 80.
Once you've done that than you can simply point your domain to the IP address of the server and normal web requests should work. Just be sure you have port 80 open on any firewalls first.
try this code
var httpProxy = require('http-proxy');
httpProxy.createProxyServer({target:'http://localhost:4000'}).listen(80);

Resources