|
|
Sponsored Content
Operating Systems
Linux
Ubuntu
Connecting to a remote server
Post 302279586 by linuxjunkie on Friday 23rd of January 2009 07:11:49 AM
01-23-2009
Easy way to check it to use telnet.
To check if you can communicate with a internal mail server do the following.
from external pc.
telnet (Ip address of public nic on router) 25
eg. telnet 192.168.0.55 25
for a pop3 server connection change 25 to 110 and so on.
If you look at your firewall rules there must be a rule that says something along these lines.
"Allow in coming traffic from anywhere on port 22 to local ip address."
Now i assume that your internet router has a ipaddress on the local nic and one on the ppp+ port. So lets say your internal ip address is 192.168.0.254 and the ppp+ address is 42.253.200.110 (Assigned by your isp). now to allow a connection on port 22 (ssh) from the outside world you need to make a rule in your firewall that says this.
allow tcp traffic from anywhere on port 22 to 42.253.200.110. (Not sure what router you use).
If you have a internal server with ip address 192.168.0.115 that is separate from the router running a vnc service you would do something along these lines.
allow tcp traffic from anywhere on port 5900 to internal server 192.168.0.115
Then always remember to deny everything else from coming in as the last rule.
Hope this helps
To check if you can communicate with a internal mail server do the following.
from external pc.
telnet (Ip address of public nic on router) 25
eg. telnet 192.168.0.55 25
for a pop3 server connection change 25 to 110 and so on.
If you look at your firewall rules there must be a rule that says something along these lines.
"Allow in coming traffic from anywhere on port 22 to local ip address."
Now i assume that your internet router has a ipaddress on the local nic and one on the ppp+ port. So lets say your internal ip address is 192.168.0.254 and the ppp+ address is 42.253.200.110 (Assigned by your isp). now to allow a connection on port 22 (ssh) from the outside world you need to make a rule in your firewall that says this.
allow tcp traffic from anywhere on port 22 to 42.253.200.110. (Not sure what router you use).
If you have a internal server with ip address 192.168.0.115 that is separate from the router running a vnc service you would do something along these lines.
allow tcp traffic from anywhere on port 5900 to internal server 192.168.0.115
Then always remember to deny everything else from coming in as the last rule.
Hope this helps
|
|
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Please advise,
The previous thread asked about the automated transfer of files between two servers. The question is - is there any way of encrypting the password within the script or is it a matter of setting the permissions settings on the script so that it can only be executed and possibly... (1 Reply)
Discussion started by: rdbooth
1 Replies
2. Shell Programming and Scripting
Hi everybody,
My bash script is trying to connect to a remote database using the 'sqlplus' binary.For this i set(export) the variable TWO_TASK to the value of database name excluding the dot extension part.
Can anyone explain me what's the significance of this TWO_TASK variable while... (8 Replies)
Discussion started by: DILEEP410
8 Replies
3. Shell Programming and Scripting
I need help writing java code that can connect to a remote unix server, and run a script on that server. I have scoured the internet, but I have been unable to find proper documentation on how this can be accomplished. Any help is appreciated thanks. (1 Reply)
Discussion started by: developncode
1 Replies
4. Red Hat
From a host A an application is trying to connect to host B.
From firewall side I can see packets dropped coming from host A to host B.
I've access to host A: how can I know which "application" is trying to connect to host B?
Thanks,
Marco (3 Replies)
Discussion started by: marcopb
3 Replies
5. UNIX for Dummies Questions & Answers
Hi All,
In a Shell scriipt with a SQL block I want to issue a query against a local DB and a remote DB on a remote server. The shell script is running locally.
This is how I connect to the local server. But I want the query to reference remote table in the join. Question can I specify a... (1 Reply)
Discussion started by: daveu7
1 Replies
6. Shell Programming and Scripting
Checking crontab job entry in 3 different hosts Hi Gurus,
I am trying to connect to remote host from current host to check crontab entries. I have started like this
ssh -n -l db2psp 205.191.156.17 ". ~/.profile >/dev/null 2>/dev/null; cd log ;ls | wc -l"
I got this error ?
ssh:... (1 Reply)
Discussion started by: rocking77
1 Replies
7. Shell Programming and Scripting
Hello Every one!!
I am trying to write a shell script which will connect to a remote server and execute scripts which are at a certain path in the remote server.
Before this I am using a sudo command to change the user.
The place where I am stuck is, I am able to connect to the... (6 Replies)
Discussion started by: masubram
6 Replies
8. Shell Programming and Scripting
I am connecting to remote server and try to check if files with timestamp as Today's day are on the directory. Below is my code
TARFILE=${NAME}.tar
TARGZFILE=${NAME}.tar.gz
ssh ${DESTSERVNAME} 'cd /export/home/iciprod/download/let/monthly;
Today=`date +%Y%m%d`;
if ;then
echo "We... (1 Reply)
Discussion started by: digioleg54
1 Replies
9. Shell Programming and Scripting
Script connect to remote server, not find files and exit only from remote server, but not from scrip
I have a script, which connecting to remote server and first checks, if the files are there by timestamp. If not I want the script exit without error. Below is a code
TARFILE=${NAME}.tar
TARGZFILE=${NAME}.tar.gz
ssh ${DESTSERVNAME} 'cd /export/home/iciprod/download/let/monthly;... (3 Replies)
Discussion started by: digioleg54
3 Replies
10. Programming
Hey
i want to be able to write simple SSH client to be able to connect to SSH server and invoke remote SSH command
i found libssh and libssh2 and the old openSSh , what is the best and most supported library to choose from ?
i need it to be cross platform .
Thanks (0 Replies)
Discussion started by: umen
0 Replies
LEARN ABOUT DEBIAN
ipsec_eroute
IPSEC_EROUTE(5) [FIXME: manual] IPSEC_EROUTE(5) NAME
ipsec_eroute - list of existing eroutes SYNOPSIS
ipsec eroute cat/proc/net/ipsec_eroute OBSOLETE
Note that eroute is only supported on the classic KLIPS stack. It is not supported on any other stack and will be completely removed in future versions. On the mast stack, use ipsec policy, on the netkey stack, use ip xfrm DESCRIPTION
/proc/net/ipsec_eroute lists the IPSEC extended routing tables, which control what (if any) processing is applied to non-encrypted packets arriving for IPSEC processing and forwarding. At this point it is a read-only file. A table entry consists of: + packet count, + source address with mask and source port (0 if all ports or not applicable) + a '->' separator for visual and automated parsing between src and dst + destination address with mask and destination port (0 if all ports or not applicable) + a '=>' separator for visual and automated parsing between selection criteria and SAID to use + SAID (Security Association IDentifier), comprised of: + protocol (proto), + address family (af), where '.' stands for IPv4 and ':' for IPv6 + Security Parameters Index (SPI), + effective destination (edst), where the packet should be forwarded after processing (normally the other security gateway) together indicate which Security Association should be used to process the packet, + a ':' separating the SAID from the transport protocol (0 if all protocols) + source identity text string with no whitespace, in parens, + destination identity text string with no whitespace, in parens Addresses are written as IPv4 dotted quads or IPv6 coloned hex, protocol is one of "ah", "esp", "comp" or "tun" and SPIs are prefixed hexadecimal numbers where the prefix '.' is for IPv4 and the prefix ':' is for IPv6 SAIDs are written as "protoafSPI@edst". There are also 5 "magic" SAIDs which have special meaning: + %drop means that matches are to be dropped + %reject means that matches are to be dropped and an ICMP returned, if possible to inform + %trap means that matches are to trigger an ACQUIRE message to the Key Management daemon(s) and a hold eroute will be put in place to prevent subsequent packets also triggering ACQUIRE messages. + %hold means that matches are to stored until the eroute is replaced or until that eroute gets reaped + %pass means that matches are to allowed to pass without IPSEC processing EXAMPLES
1867 172.31.252.0/24:0 -> 0.0.0.0/0:0 => tun0x130@192.168.43.1:0 () () means that 1,867 packets have been sent to an eroute that has been set up to protect traffic between the subnet 172.31.252.0 with a subnet mask of 24 bits and the default address/mask represented by an address of 0.0.0.0 with a subnet mask of 0 bits using the local machine as a security gateway on this end of the tunnel and the machine 192.168.43.1 on the other end of the tunnel with a Security Association IDentifier of tun0x130@192.168.43.1 which means that it is a tunnel mode connection (4, IPPROTO_IPIP) with a Security Parameters Index of 130 in hexadecimal with no identies defined for either end. 746 192.168.2.110/32:0 -> 192.168.2.120/32:25 => esp0x130@192.168.2.120:6 () () means that 746 packets have been sent to an eroute that has been set up to protect traffic sent from any port on the host 192.168.2.110 to the SMTP (TCP, port 25) port on the host 192.168.2.120 with a Security Association IDentifier of tun0x130@192.168.2.120 which means that it is a transport mode connection with a Security Parameters Index of 130 in hexadecimal with no identies defined for either end. 125 3049:1::/64 -> 0:0/0 => tun:130@3058:4::5 () () means that 125 packets have been sent to an eroute that has been set up to protect traffic between the subnet 3049:1:: with a subnet mask of 64 bits and the default address/mask represented by an address of 0:0 with a subnet mask of 0 bits using the local machine as a security gateway on this end of the tunnel and the machine 3058:4::5 on the other end of the tunnel with a Security Association IDentifier of tun:130@3058:4::5 which means that it is a tunnel mode connection with a Security Parameters Index of 130 in hexadecimal with no identies defined for either end. 42 192.168.6.0/24:0 -> 192.168.7.0/24:0 => %passthrough means that 42 packets have been sent to an eroute that has been set up to pass the traffic from the subnet 192.168.6.0 with a subnet mask of 24 bits and to subnet 192.168.7.0 with a subnet mask of 24 bits without any IPSEC processing with no identies defined for either end. 2112 192.168.8.55/32:0 -> 192.168.9.47/24:0 => %hold (east) () means that 2112 packets have been sent to an eroute that has been set up to hold the traffic from the host 192.168.8.55 and to host 192.168.9.47 until a key exchange from a Key Management daemon succeeds and puts in an SA or fails and puts in a pass or drop eroute depending on the default configuration with the local client defined as "east" and no identy defined for the remote end. 2001 192.168.2.110/32:0 -> 192.168.2.120/32:0 => esp0xe6de@192.168.2.120:0 () () means that 2001 packets have been sent to an eroute that has been set up to protect traffic between the host 192.168.2.110 and the host 192.168.2.120 using 192.168.2.110 as a security gateway on this end of the connection and the machine 192.168.2.120 on the other end of the connection with a Security Association IDentifier of esp0xe6de@192.168.2.120 which means that it is a transport mode connection with a Security Parameters Index of e6de in hexadecimal using Encapsuation Security Payload protocol (50, IPPROTO_ESP) with no identies defined for either end. 1984 3049:1::110/128 -> 3049:1::120/128 => ah:f5ed@3049:1::120 () () means that 1984 packets have been sent to an eroute that has been set up to authenticate traffic between the host 3049:1::110 and the host 3049:1::120 using 3049:1::110 as a security gateway on this end of the connection and the machine 3049:1::120 on the other end of the connection with a Security Association IDentifier of ah:f5ed@3049:1::120 which means that it is a transport mode connection with a Security Parameters Index of f5ed in hexadecimal using Authentication Header protocol (51, IPPROTO_AH) with no identies defined for either end. FILES
/proc/net/ipsec_eroute, /usr/local/bin/ipsec SEE ALSO
ipsec(8), ipsec_manual(8), ipsec_tncfg(5), ipsec_spi(5), ipsec_spigrp(5), ipsec_klipsdebug(5), ipsec_eroute(8), ipsec_version(5), ipsec_pf_key(5) HISTORY
Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs. [FIXME: source] 10/06/2010 IPSEC_EROUTE(5)