I currently have a ZeroMQ peer to peer network I'm building using Python and PyZMQ. Currently the server listens with a REP TCP socket and connects directly to other peers listening on the same type of socket. This requires port forwarding for clients to get to the servers sadly though. Is there anyway to get around this? Can I do some kind of UDP discovery and then switch over to TCP? Or am I doomed to switch to a UDP style network to solve this problem?
Related
I wrote a simple telegram bot and it works great without conflicting with my firewall. But my question is this, in the firewall I have ports 80 and 443 allowed for my site, but when I write a TCP socket in Python that should work through port 443 or port 80, the OS tells me that I need to run the program from the user's root, but if I start the bot, then the OS does not swear at all about the rights and the bot works quietly. If I still decide to run a socket on port 443 or 80, then the OS replies that these ports are busy.
So, please explain to me why the telegram bot does not conflict with processes and ports?
My server is Ubuntu 22.04
P.S. I already asked this question on stackexchange, but as I understand it, they do not understand telegram bots, I hope you can help me.
Oh... too much misunderstandings in your question. It will be better to understand basics of TCP connection and NAT tables first.
I will try to explain this situation in short
when I write a TCP socket in Python that should work through port 443 or port 80, the OS tells me that I need to run the program from the user's root
80 and 443 are privileged ports and Linux doesn't allow to use it under non-admin users. It has nothing to do with Nginx conflicts and may be solved by proper configuration
If you will try to use non-privileged port like 8080 python may be executed even without admin permissions
So, please explain to me why the telegram bot does not conflict with processes and ports?
Nginx and Python socket are listening at 80 and 443 ports and waiting for incoming connections. You have to access your server IP to initiate connection
Telegram bot (and any another bot) are using Telegram servers to connect. Just imagine that you instantly looking in Telegram app and immediately answering on all messages. Bot doing the same stuff. It is just client for remote server (You don't need to listen 443 at your machine to be able use Telegram app, right?). It is listening no port and don't waiting for incoming connections but waiting for messages at remote server
But you can argue "Hey stop, but Python bot still connected to Telegram servers. What ports it uses? Isn't that is same as the socket?" → Here is the same TCP connection, but Python using OUTGOING dynamic ports to connect Telegram server's INCOMING static port 443. Outgoing port may be 20323 or 27578 for example. It is all about NAT. In short any non-used port may be used to establish connection between remote 443 and local XXXX ports.
You're confusing two things, I think.
nginx/apache/a python server process trying to listen on port 443 or 80 need to be run by root (or another user with elevated privilege levels).
A python bot trying to talk to a telegram server on port 443 doesn't have that limitations; browsers also don't need to run as root.
If this doesn't answer your question you need to be a bit clearer on what you're doing.
I need to use scapy on remote server to dump traffic like this
sniff(filter='icmp', iface='eth1', timeout=5)
To connect to remote server I'm using RPyC.
conn = rpyc.classic.connect(HOST_IP)
but I can not understand how to use scapy on remote server.
How to call sniff function on remote server through RPyC?
The question may be considered wider - how to import module on remote machine and use its functions?
You shouldn't be sniffing with an icmp filter. You'll need to filter for tcp to get RPyC connections, which go over TCP.
I am trying to make a simple and very low level UDP server on Cloud9.
What I would like to do is to open an UDP socket on some port and some ip so that it is accessible from the extern and so that I can get an incoming UDP packet.
I tried to do something like
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.bind(("", 12345))
But then I wouldn't know the ip. I naively tried to do an ifconfig but I got an ip that I couldn't even ping.
I found out about the IP and PORT environment variables, but IP is always 0.0.0.0.
Is there any way to do what I need?
Sorry to disappoint you, but that is not possible. At this moment only TCP port 8080 in the workspace can be accessed from the internet. So you can develop the UDP server and test its functionality from the same workspace, but to make it work from external sources you should deploy the code to a hosting provider.
I have a ZMQ server listening on port 12345 TCP. When another server connects on that port locally or via VM it works fine, but if I try from a remote server that has to go through port forwarding on my Fios firewall it just bombs. The packets are showing up in Wireshark but ZMQ just ignores them. Is there anyway to get past this?
You shouldn't be able to bind more than once to the same port number, either from the same process or another.
ZMQ should give a failure when you issue bind with a port number already in use. Are you checking return codes?
Are there any examples of initiating an SSH session to a remote machine with port forwarding options from within Twisted using Conch such that one can pipe normal TCP traffic through the tunnel?
Scenario:
I have a server running a custom Twisted-based Protobuf RPC service and a machine with a Twisted-based RPC client installed. The server is also running SSH. Rather than talking to the RPC service on the server directly, I would like to connect to the server using SSH from the RPC client, setup port forwarding on the server, and communicate with the RPC service using Protobuf through the SSH tunnel.
I'm already able to setup port forwarding manually and have the RPC client talk to the RPC service by pointing the RPC client to a local port on the client box, I'm just curious as to how I can do this within the client directly.
It would be awesome if there were improved documentation in Twisted for doing neat things with Conch (after all, how many other programmable SSH libraries are there?). Until that happy day comes, reading the implementation of the conch command line tool can be a big help.
Here we can see where port forwarding options from the command line are turned into some action over the SSH connection:
https://github.com/twisted/twisted/blob/4ffbe9f6851dbe7e9172f55905f264ecf50da3a6/src/twisted/conch/scripts/conch.py#L226-L238
I think you're asking about a local forwarding rule, so the localForwards loop is doing roughly what you want to do.
Implementing a tunneling Twisted SSH client that does local port forwarding can be surprisingly simple.
Just create a basic Twisted Conch SSH client, and implement the port forwarding part in the serviceStarted method of the SSH connection class of your client:
from twisted.conch.ssh import forwarding
LOCALPORT = 8888
REMOTEHOST = "127.0.0.1"
REMOTEPORT = 9999
class Connection(connection.SSHConnection):
def serviceStarted(self):
Channel = forwarding.SSHListenClientForwardingChannel
Factory = forwarding.SSHListenForwardingFactory
factory = Factory(self, (REMOTEHOST, REMOTEPORT), Channel)
s = reactor.listenTCP(LOCALPORT, factory)
That's all there's to it (REMOTEHOST is set to point to ssh server itself since that's what you said you're connecting to).