Linux Sockets/Connections - linux

I have a gateway server that is also acting as a web proxy for clients and I need to get some information about the network connections. The gateway server has an internal and an external interface/IP-address.
If I use the 'netstat' or 'ss' command I get a display showing of all the clients' internal IP addresses/ports connecting to the gateway's internal IP address/squid-port. But if I run 'iftop' I get a display of the clients' internal IP addresses and the external IP address/port they are ultimately connecting to, it seems to ignore the proxy middleman.
The information from iftop is what I need, that is, internal ip:port to final ip:port ignoring the proxy, but I need to parse the output and can't seem to do that with iftop as it is interactive. Does anyone know a way to get iftop like information from a standard Linux command?
Thanks

If you are using a typical HTTP proxy setup, ss -at will show two entries: one for client--proxy, and one for proxy--webpage, just as it should, because two connections are live in such a case.

Related

Can I access to website using IP address

I recently got to know about DNS (Domain Name System Or Domain Name Server) and how it works. I want to know - can I access to a website by using its IP address and how?
-ThankYou
TL;DR: It depends how the server is configured but probably not and I would not rely on it.
This is because the website you are trying to access is likely behind a reverse proxy or load balancer. The load balancer acts like a railroad switch depending on the hostname you use to connect to it.
For simplicity, imagine that google.com and mail.google.com are on the same server with the same IP: 192.168.1.1.
If you were to try to connect directly to http://192.168.1.1/, how would the web server know which service you wanted? It wouldn't. In fact there are companies who's business is based solely around load balancing other companies' servers.
When you connect to a host with your browser, for example: https://www.google.com, your browser sends a special HOST=www.google.com header behind the scenes. The load balancer processes this header and routes the request to the correct server (which may be on a completely different server, network, etc).
Digital Ocean has a great tutorial on how to configure a basic virtual host for nginx. This demonstrates the basics of what a multi-host configuration might look like.
If you don't want to mess with DNS servers, you could set up a local lab environment on your desktop simply by modifying your hosts file. You can google where your operating systems hosts file is located.
If you have access to cURL, you can test the results like so:
# if you've configured a virtual host for mysite01.local on port 80
curl --verbose --header 'Host: mysite01.local' 'http://127.0.0.1'
# if you've configured a virtual host for mysite02.local on port 80
curl --verbose --header 'Host: mysite02.local' 'http://127.0.0.1'
# depending on your configuration this may return a 404 or point to one of your previous sites
curl --verbose 'http://127.0.0.1'
Yes, you can access any domain using IP address. Domain is just a name of website, IP address is the address of the page/website.
You can always ping website using command prompt:
ping www.google.com
You get one ip address which in this case is 216.58.197.78. Now when you hit the ip address in browser you will be redirected to google.com.
You can think of DNS (Domain Name System) as a table which provides mapping between IP address(216.58.197.78) and domain name(www.google.com)

How to forward incoming clients based on ip to a specific process

I have a server that has multiple ip addresses. It also has multiple web apps written in nodejs that I'm running.
In short I'd like to forward specific ip addresses to specific node applications. How is this done? Should I use apache or nginx?
running centos 7
Any running application can bind to either 0.0.0.0 (to catch all the packets) or to some specific IP (it must use this ip when it calls bind() on the socket). Thus almost any TCP/IP server application has option like "Listen" in it's config file or command line, so you should read your docs carefully to figure out how can it be made in your particular application. For Apache it's port-based virtual hosts.
If you want to route user requests to different application based on user's IP address, you should read about iptables nat table and REDIRECT target.

How to randomly choose the outgoing address from an IPv6 pool using Node.JS?

I'm trying to create and run a Node.JS proxy in a machine that has a pool of IPv6 addresses. I want the proxy to randomly choose one of these addresses for each request (making it difficult for the websites to track record of users' requests).
With wget I can achieve this by using the attribute --bind-address as following:
wget --bind-address OUTGOING_IP http://www.example.com/
Is there any way to achieve the same behavior using Node.JS?
If you want to make outbound HTTP requests from different IPs, have a look for "localAddress" option under "http.request":
http://nodejs.org/docs/latest/api/http.html#http_http_request_options_callback
If you want to start a TCP server to listen on a particular IP bound to your host, you would probably want to specify it when you create the server [i.e. server.listen(PORT, HOST)]:
http://nodejs.org/docs/latest/api/net.html#net_class_net_server
-- ab1

DNS Server Refusing Connection

I am implementing a dns client, in which i try to connect to a local dns server, but the dns server is returning the message with an error code 5 , which means that its refusing the connection.
Any thoughts on why this might be happening ?? Thanks
DNS response error code 5 ("Refused") doesn't mean that the connection to the DNS server is refused.
It means that the DNS server refuses to provide whatever data you asked for, or to do whatever action you asked it to do (for example a dynamic update).
Since you mention a "connection", I assume that you are using TCP?
DNS primarilly uses UDP, and some DNS servers will refuse all requests over TCP.
So the solution might be as simple as switching to UDP.
Otherwise, assuming you are building your own DNS client from scratch, my first guess would be that you are formatting the request incorrectly. Eventhough the DNS protocol seems fairly simple, it is very easy to get this wrong.
Finally, the DNS server may of course simply be configured to refuse requests for whatever you are asking.
explicitly adding the network from which i wanted to allow-recursion fixed this problem for me:
these two lines added to /etc/bind/named.conf.options
recursion yes;
allow-recursion { 10.2.0.0/16; };
Policy enforcement?
The DNS server could be configured to accept only connections from certain hosts.
Hmm, if you're able to access StackOverflow you have a working DNS server SOMEwhere. Try doing
host -v stackoverflow.com
and look for messages like
Received 50 bytes from 192.168.1.1#53 in 75 ms
then pick the address out of that line and use THAT as your DNS - it's obviously willing to talk to you.
If you're on Windows, use NSLOOKUP for the same purpose. Your name server's address will be SOMEwhere in the output.
EDIT:
When I'm stuck for a DNS server, I use the one whose address I can remember most easily: 4.2.2.2 . See how that works for you.
You might try monitoring the conversation using WireShark. It can also decode the packets for you, which might help you determine if your client's packets are correctly encoded. Just filter on port 53 (DNS) to limit the packets captured by the trace.
Also, make sure you're using UDP and not TCP for queries; TCP should be used primarily for zone transfers, not queries.

xampp server (How to get up and running)

I've been developing locally on a little ubuntu netbook with xampp for about 7 months. Two weeks ago I got a computer I'd like to use as a server. I've installed the latest Ubuntu distribution and xampp, moved all my files over, and forwarded port 80. I've also got a domain name from dyndns.com which is being updated by a client which runs in my router (a Netgear WGR6154 v8).
Now, when I try to access my server by typing in the address I got from dyndns.com the browser loads until it timesout. I can access everything locally using localhost as the address so I believe xampp is running, just unable to connect with the internet.
In order to be able to view my files over the internet what should I do next?
Thanks to all in advance...
[I'm starting a bounty for the first person to help me get my files successfully online]
You have a combination of issues here, and that is something of a problem. Each issue is complex in an of itself. Here is what I would recommend to get you going for certain.
First verify that you can surf the web from your server. This will confirm that you have a working ethernet interface.
Step 1 make sure that XAMPP, and your files are viewable from your home network. I assume you are using something like 192.168.1.X for your network and perhaps your server is 192.168.1.10
Go to another computer in your house and type http://192.168.1.10/ and see if you can see your files. If you can then you know that the server is properly configured and XAMPP is working.
Then add an entry to your hosts file to resolve yourdnsrecord.com (or whatever your dyndns record is) to your private ip address. Then when you type yourdnsrecord.com into a browser from that computer you should still get your files. This will rule out your server being improperly configured to listen for that domain name.
Next you need to test to see if there is a firewall problem. To simplify this, first remove your home router from the equation. Instead, place your new server directly onto your internet connection. (assuming you can). This way, you do not need to have NAT or firewalls properly configured. Your dyndns name should map to a public IP and your server should then have that IP and be connected directly to the Internet. If you have your server directly connected, and the command ifconfig from the root prompt returns the same public IP address that your dynamic dns record is point to, then it should work.
It will make your life easier if you have an iphone or some other way to test how your network is seen from the Internet.
If your public IP as shown by ifconfig is different than the IP record in your dyndns account, then your dynamic dns update script is broken. manually set the IP, and see if things work.
It is very possible that this will not work. Some ISPs firewall port 80 preventing their subscribers from hosting servers. Once you have your server directly connected to the internet you can test this (even if your dns is not working) by using the public IP address. As root, type ifconfig from the command prompt to get your public ip address. Then type the command tcpdump -i eth? port 80 from the root prompt. eth? needs to be the same interface that you saw had a public IP address from the ifconfig command. usually this is eth0 but it might be wire0 or something like that.
This command will show you all traffic coming on port 80 to your server.
From an iphone (or whatever second Internet connection you have) browse to the IP address that you got from your ifconfig command. If you see something on your server (and it is directly connected to your ISP) then your ISP is not firewalling you.
If you can get to your server, when it is directly connected to the Internet, either by IP address or by DynDNS address, then your ISP is OK and it is time to debug your firewall.
Two things need to work for your firewall to be configured NAT, where the public address that your router gets from your ISP is converted into your private network and a firewall rule which permits that traffic. If you get this far, then you know your firewall is the problem and then it is just a matter of getting its configuration correct. There are far to many home routers to document here, but you usually can find how-to instructions for your router for this task from the manufacturers website (usually it is part of the manual)
If you follow these instructions exactly you will get your system working. Make comments on the process and I will be happy to modify this to make it clearer.
HTH,
-FT
You should make sure your xampp is not listening to only the localhost.
to do so edit your apache configuration file and check and search for Listen directive
you should be able to know also by analysing the output of netstat -a.
After that make sure your router is forwarding properly, using tcpdump would help.
drop me a comment if you need more help.
Cheers

Resources