Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
is it possible to use transaction layer security (tls) to secure an external client/server application without modifying the code of the application itself?
Say a client application on a machine connects to several servers on several machines over an unsecured connection. I want to encrypt this connection using openssl/tls, but I can't modify neither client nor servers, but the machine configurations (linux os running underneath). I just found stunnel but it seems that it just supports a 1:1 connection.
Thanks in advance.
If you have a finite (and reasonably small) number of servers and you can configure the port number on your client for each connection, you could run stunnel on multiple ports, each one corresponding to a different destination.
However, it sounds like setting up a VPN between all these machines would be a better option. Some VPN implementations rely on TLS, but I'm not sure it would be the best choice here. You might want to investigate other methods, such as IPSec too.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I have a Virtual Private Server (VPS) running Debian 10. On this server there is an application (its code rather cannot be modified) which creates an open TCP/IP port (let's say 6000). The application has a simple database with users and passwords and all incoming messages MUST be HTTP.
Obviously, at this point I am more than worried about the security of the communication (which in fact does not exist due to the plain nature of HTTP).
My first thought would be to drop all packets on the mentioned port for the eth0 iface (which is exposed to Internet), create OpenVPN server on my VPS and connect to this VPN all clients that would like to use my application. The problem here is that these clients will most likely be Android devices and it will not be possible to upload certificates for each device and do other configuration magic to establish the VPN connection. I also would not like to implement OpenVPN in a dedicated Android app.
My another though was that there is maybe an application which I would start on the VPS and it would implement such logic:
Android app <--HTTPS--> UnknownApp(on VPS side) <--HTTP--> port6000(My original unsafe app also on the VPS side)
Is it feasible to implement such scenario? Ofc I could write such app on my own but I would prefer to use tested and reliable solutions.
The application you are looking for is stunnel. It does exactly what you described, it is well tested, based on well-known libraries, and production ready.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I would like to set up a VPN server, however it means ipv4 forwarding. Is it possible to set up a VPN without shutting down web services or should i use 2 separate servers ?
Thanks for reading ;)
Setting up a VPN server should not affect your web services. The only limitation is that you cannot use an HTTP(S) port (80 or 443), which I personally find practical (I have already seen Wi-Fi hotspots blocking all the ports except 80 and 443). However, if you get along with another port, you will do fine.
There is a good article about setting up an OpenVPN server on Debian Wiki (here). I have managed to set up the server using only this article.
Wishing you good luck.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
How can I hide IP from Nmap scanning?
Thanks in advance (sorry if my English so bad)
The most popular services are: Tor, Proxy Chains and Privoxy.
If you want to prevent your IP Address from being leaked, you could use a proxy, VPN, or other service.
A proxy simply forwards your traffic through another server. There are web proxies and proxies for your whole system. Hide.Me and HMA both have web proxies. SamAir.RU has proxies that you can set up through your proxy settings. Proxies are typically free, but not as secure as VPNs.
A VPN (Virtual Private Network) sets up a secure, encrypted connection between you and another target, which your traffic is tunneled through. Some popular VPNs are PIA, ExpressVPN, NordVPN, Hotspot Shield, and VyprVPN. These all provide different costs and security, do some research before using one. Some keep IP/history logs, which kind of defeats the purpose.
You can also use other services, like Tor (The Onion Router) and FreeNet. Tor uses onion routering, or multiple layers of encryption, goes through multiple servers, etc., and has been super secure for years. However, the NSA cracked Tor and can now view people's browsing and IPs. FreeNet is similar to Tor, but hasn't been cracked by the NSA (yet).
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
One doubt I have is since in my old project whenever we used to write shell scripts on thee server, we just used various mail utilities of linux (sendmail, mail). We never configured any SMTP.
Suppose I have a new server with all these utilities installed, should I worry about configuring smtp?
Usually you can use typical cli utilities without any configuration required, provided you have sendmail installed (or something compatible) and your network configuration is ok. That is because the responsible server the utility has to use to send the email can be retrieved via DNS lookup.
This is different however if you want to use an outgoing smtp server, then you have to configure which one and how it can be used. This makes a lot of sense, since it allows more fine grained control and can prevent certain unwanted message details getting accepted like for example an invalid sender address. Also it can help improve the acceptance of your message by remote smtp servers which might not always work when your network setup is non-trivial.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I use an Linux Server for nat device.
Currently it looks like [PC1,2,3]--[Linux]--[Internet]
There is no issue at all , but I'm curious about , when I open a service (ex: FTP WWW ) on my PC1 , did my [Linux] also opened a port service on it ?
I did trace code for the
CONFIG_NF_CONNTRACK_FTP
CONFIG_NF_NAT_FTP
but I cant find related code about port open.
Thanks for your read.
There are various techniques used the make a router/firewall automatically forward ports to its clients. For example there are some protocols like: IGD, NAT-PMP et similia.
But those protocol need to be implemented both on router and on client. So automatic port-mapping won't work out of the box in many cases.
The lines in kernel config you are referring to CONFIG_NF_CONNTRACK_FTP CONFIG_NF_NAT_FTP are used for another reason: due to the fact that FTP protocol use two different tcp streams for comunication (one of which does not have to be "listened" by the server) your firewall needs extra "effort" to track the connection and act accordingly.