I installed Rocket.Chat on my Ubuntu system with SNAP, which in itself seems to work so far ... anyway, I have problems with collisions in the ports used.
For one, caddy seems to be started with localhost:8080 binding, even though I updated the Caddyfile ...
[..]
CGroup: /system.slice/snap.rocketchat-server.rocketchat-caddy.service
`-3360 caddy -conf=/var/snap/rocketchat-server/1172/Caddyfile -host=localhost:8080
[..]
How can I alter this?
Also, when attempting to use the AutoSSL feature, again I have a collision, as the program seems to want to bind to *:443 instead of a specific IP ... where/how can I change that?
Thanks!
Related
I'm trying to host a SRCDS (among other things) for people to join. But after trying to port forward and talking to my ISP it turns out they are using a CGNAT. I am aware of services like NGROK, Hamachi, and other VLAN and VPN type services. But the issue with VLAN is for my server to appear in the browser everybody needs to install hamachi and log into my VLAN. For obvious reasons that are not possible. One note I need to add is I looked at ZeroTier, but I'm not sure how it works or if it works for what I'm trying to do.
Some things I have tried:
ngrok. it doesn't work with srcds since it only forwards TCP and HTTP. srcds need TCP and UDP ports.
I tried looking for VPN services but neither it doesn't work for what I'm trying to do but I could figure it out.
I looked at ZeroTier but haven't tried it yet since I'm not sure it works.
I tried talking to my ISP about port forwarding but once again they are using CGNAT.
Note: paid server hosting is not an option for me due to multiple reasons. One being I need to host multiple things not just SRCDS.
With that being said. How do I make my server public for people to join etc. I have seen it is possible but I can't reproduce them with the same outcome.
I'm trying to get my head around SNMP for a project I'm working on. After I failed miserably getting it to work in my company's network, I set up a simple 3-device network to test things on, consisting of two Windows 10 PCs and a manageable switch between them.
I installed the optional feature "SNMP" on both PCs, made sure the service is running correctly and configured both services to accept SNMP queries from each other. I made sure to open up UDP port 161 in both PCs firewalls. Then I got the Net-SNMP binaries in order to use SNMPGET and SNMPWALK. As an alternative, I set up the SNMP extension for PHP through xampp (since I want to use PHP in my project once I get SNMP to work). Finally, I installed wireshark to monitor what exactly is going on and this is what I found:
When I try SNMPGET or SNMPWALK either through cmd or as a PHP command, I always get a timeout message. Wireshark is showing the get-next-request leaving one PC and arriving correctly on the other, so the network connection itself is working fine. But the receiving PC never sends a response. As I said, I'm pretty new to SNMP and I'm at a loss as to why this is happening. As I understand it, the optional feature for Windows 10 comes with its own SNMP agent, correct? If so, what could cause it to simply ignore an incoming request from a valid source IP?
The funny thing is that this even happens when I try to send an SNMP query to 127.0.0.1. I have no idea what I'm doing wrong...
Thanks to the comment of Lex Li, I was able to finally figure out which step I made a mistake with:
When setting up the SNMP service, under the security tab, I had to add 'public' as an accepted community name (with READ-ONLY rights). I figured since 'public' is sort of the standard read-only community, it would be accepted by default, which apparently it is not.
Alternatively, I guess I could have added my own communtiy name, but I didn't try that since I only want to read some values through SNMP anyways and read-only access is all I need for that.
Thank you very much Lex Li, I'm off to continue my project now!
I am using VPS and setting different proxies on that VPS.
Which ports are safest to use for proxies? (considering that I want to stay anonymous when using proxy, which means that I do not want anyone to detect that I am using a proxy)
So far I have used 443 and 2171 (I dont know why, I have found somewhere that these are good for proxies).
But I am going to set up maybe 5 more proxies on that VPS, so which ports should I use for that?
Thank you!
443 port is usually used for SSL related stuff. Its a well known port for attack. To stay anonymous use 4 or 5 digit ports like 5*** or 9*** those are usually not taken by any program and always free to allocate.
I have a web page to control a thermostat on a raspberry pi, and I'm running into difficulties when trying to get websockets to work from a remote client. It seems to work fine when on LAN however. I'm obviously missing something (and likely something basic), but I can't seem to figure out what it is.
The pi's local ip is 192.168.1.134. The web page (served from apache server) has the URL http://192.168.1.134:8010/thermostat.html. The page starts up some javascript, which then tries to connect to the pi's main program using websockets via ws://192.168.1.134:9000. (the server on the pi is running libwebsockets). The websocket comes up, and it seems to work fine. I then tried to connect via a remote client (a cell phone, where wifi was turned off) from http:\\23.239.99.99:8010\thermostat.html. The html/js files load fine, but the web socket attempts to connect to uri ws:\\23.239.99.99:9000, and this fials.
As far as I can tell, the NAT seems to be configured properly:
name ext ext protocol int int ip addr interface
port port port port
start end start end
Thermostat3 8010 8010 TCP 8010 8010 192.168.1.134 eth3.1
Thermostat5 8000 8000 TCP/UDP 80 80 192.168.1.134 eth3.1
Thermostat_ws 9000 9000 TCP/UDP 9000 9000 192.168.1.134 eth3.1
I checked, and the router does not have any firewalls set up, neither does my modem. I didn't install a firewall on the pi (I checked, and there's no odd iptables rule). Does anyone know what I'm missing?
--- EDIT ---
I'm still stuck on this. I called my ISP and they assure me there are no firewalls on their servers. Is there any way to tell if port 9000 is being blocked, and by who?
Bind your apache server to 0.0.0.0 address to make it accessible from remote machines
Try this tool to determine if the port is inaccessible (use the custom port): http://www.whatsmyip.org/port-scanner/
Everything else looks fine. As a sanity check I would try putting the ws port to 8010 to see if that works. I would also recommend using a tool like Advanced Web Client to isolate networking issues.
This is interesting. I once had a similar problem. I set up a WebSocket (I was using a nodejs ws) and once I tried to access it from remote client I was not able to reach it with ws://yourip:port but instead I had to use http://yourip:port. I don't know if you have the same problem, mine was due to a proxy I was using.
I still have an advice for you how you might be able to solve your problem. I don't know how concerned you are about security but as far as I understood your idea you basically connect to your raspberry pi through a WebSocket and tell it to change the temperature.
Back when did a similar project I found it rather hard to secure my WebSocket connection. I was basically sending a password plus command through the WebSocket to my server which then checks wether the password is correct. Otherwise everyone on the internet could heat your house. Not cool...
But therefore, I had to tunnel the connection through https to prevent a middleware attack.
I quickly threw the towel and decided to go with a completely different solution. Basically I set up a nodejs express server (can easily be configured with a self signed certificate to use https or used behind a nginx/apache https server) and authenticated with username and password. When someone made a POST request to /api/thermostats?id=0 with a temperature request, the server checks if the user is authenticated and then executes a terminal command from within node.
Maybe this idea also fits your demands.
How do I know visitor's MAC address on linux hosting (nginx)?
From ethernet user.
Thanks.
You cannot get that through PHP.
Networks protocol are used in a stack. When doing HTTP communications, your web server uses the HTTP protocol, responsible for the high-level communications. This protocol is implemented on the top of the TCP protocol (which brings stream-like connections and port numbers), which in turn is implemented on the top of the IP protocol (v4 or v6, which bring IP addresses for identification), which in turn is implemented on the top of the Ethernet protocol.
The Ethernet protocol is the one you would need to work with. It has both the source MAC address and the destination MAC address. However, most unfortunately, there are a lot of problems with it.
First, the data it conveys is probably hard to access: I say "probably" because I never stumbled upon how to do it.
Second, much like you get your client's router address when they access your site, you get your client's router MAC address at the Ethernet level. Unless they don't traverse any router (which would only happen if your server was directly wired to your client machine without any router interfering, because there are a whole lot of routers out there that relay data to other parts of the Internet), there is no chance that the MAC address you'll receive will be your client's.
Third, Apache will never try to access that data. And since PHP is "sandboxed" into the network environment Apache gives it, there is no way you can wind back to the Ethernet protocol.
So accessing the MAC address of a visitor from a website, from PHP, is not possible.
EDIT Seems you've taken out the PHP part from your question. So obviously, the last point won't stand anymore.
You can't get that with php it's not included in http
The more general question is this one. Since all PHP has to work with (I'm assuming this is PHP running on your webserver, here) is the HTTP request, you won't be able to get the MAC address. That requires something running on the visitor's side.
This may, or may not work. I know it will work on LAN clients, however for external clients it may be incorrect. I don't overly know my networking, but it's worth a shot right?
If you execute the arp -a command on either windows or linux, it will print out your arp records, which you can then parse for the mac.
Other than that, as far as I know, apache (and therefor php) doesn't just give out mac addresses in its env vars.
*Edited: Sorry, that won't work... The better utility is arping however that will just give you the mac of your router.
If you want to do this, clients will need to be directly connected to your server, with no router in between...
However if that is the case, then arping will work... I don't know of a better tool, but it seems a bit wasteful to do a ping (in root) for just a mac address.
The mac address is only visible on for the network provider if i'm correct (your internet host can see the mac address of your router for example), don't think you can get it with php.