I'm new to coding in Python and what motivates me to start coding is the idea of writing a piece of software that will connect to a proxy server via SSH and then once connected will route all network traffic of the system trough it, seamlessly to the user.
I am actually using the paramiko module to connect to the server and it works fine, but now I would like to know if there is some way to make the system change its socks proxy configuration so I can route the traffic to the proxy, on a way the user doesn't need to do anything. Is there any existing module that will help on this task ?
Thank you.
You can see the existing project sshuttle, it transfers all traffic over ssh.
Related
what I have:
I made a simple web application using Flask, which woks great on the localhost.
what I want to achieve:
I want to deploy it so it is visible in the internet.
Because Flask says that the production server should not be used for deployment I installed gunicorn.
I managed to get it working on localhost (running gunicorn server:app).
Then I tried to make it public using the -b 0.0.0.0:5000 option. it said it is running on 192.168....:5000 Now I could access the website using that ip address from my computer and also from my phone connected to the same wifi. however I was unable to connect to the website when I didn't use this wifi.
when I searched about this, I found out that the 192.168.... ip address range is reserved to the local network and cannot be accessed from anywhere else.
how do I need to run the script so it is accessible from everywhere? Do I need to modify the firewall settings? Maybe there is a better way to deploy such an app on the local machine using a different framework?
Just some additional information:
python version: 3.9
I am using a venv (and installed flask and gunicorn into it)
os: macos 11.6.1 (I could run it on an Ubuntu machine if that is easier)
This question isn't anything related with Python or Gunicorn but to networking (so maybe StackOverflow isn't the correct place to ask but other community like ServerFault)
Currently your application is already exposed on your machine in the defined port, so next step would be to forward all the traffic that comes to your router to there.
In order to do that, you will have to configure the firewall of your router to accept incoming traffic through a desired port and finally forward the traffic which comes from that port to your machine in the port 5000.
Also, in the case that you have everything already configured, it will only work if your ISP is providing you a single IPv4, what currently doesn't happen anymore but you actually are sharing that with few more people. Other option would be that you configure IPv6 incoming traffic.
As you can see, this isn't a simple task neither one that should be done without proper care, since you would be literally opening your network to possible attackers.
So, in order to simplify it at the most for you, since you already have Gunicorn, I would recommend you to use any of the resources exposed by other users as Heroku or Netlify which are free for a single application and will fulfill your expectations without requiring high amount of networking knowledge.
You would need to do the following steps:
read up and learn a lot about security for Web servers, then read some more, it is fraught with risks
find your Mac's IP address on your local network and make sure it is fixed, i.e. set as static on your Mac (under "System Preferences->Network") or reserved in your router's DHCP tables (by putting your Mac's MAC address in its allocation tables) so that it always gets the same local address on your internal network when it boots
log into your router and set up "Port Forwarding" to forward external requests (coming from the Internet) for port 5000 (or some other port) to your Mac's fixed IP address and the port 5000 where Gunicorn is serving
log into your router and find your WAN IP address, or go to http://whatsmyip.com to get the address you need to put in your browser, or your friends need to put in their browsers to see your shiny new website
as it stands, this will work until the next time your router reboots when your ISP will likely allocate it a new IP address. If you want it permanent, you need to either 1) ask your ISP for a static IP address, or 2) subscribe a DDNS service (e.g. noip.com or dyndns.com) or 3) tell your friends your new IP address every time you reboot your router
I do not know anything about gunicorn. But what I used to use when needing to deploy a flask app was pythonanywhere. They have a great and totally free hosting service. It's really fast in deploying, needs no resources from your computer and is just great. Also you would have to forward the port 5000 for your computer to enable other devices not in the same network to access your computer/flask app. That comes with security issues. However, you do not need any of that when using pythonanywhere.
There are also other great hosting services like that one. It's just the only one I know and used yet but you'll find others for sure if you don't like that one.
I am making a Python application that requires the server to have an FTP port forwarded to his computer(a Rasberry PI3) in order to communicate with client. The current implementation works quite great, yet the only thing is that the person who's running the file must forward the port to the local IP manually. I want to automate this. I have serached a lot but i didnt find anything.
I've implemented SOCKS5 server (which forwards connections over SSH to remote), it runs on 127.0.0.1:7070.
Now I'm trying to route all traffic through it.
I thought it's impossible, but apps like proxifier can do it... but how?
I'm looking for the Python solution on Windows. Any ideas?
Or at least make Chrome/IE to work this way...
Here's what I need to do:
The user is on a remote machine and connects to a server via ssh. He runs a python script on the server. The script running on the server starts a script on the user's remote machine as a subprocess and opens a pipe to it for communication.
First, is this at all possible?
Second, is this possible in such a way that the user does not need to do anything fancy, like open up a reverse ssh tunnel? If they do have to open up a reverse ssh tunnel, can I figure out which port they are using?
First, is this at all possible?
With simple user --SSH--> server - no, its not.
is this possible in such a way that the user does not need to do anything fancy
User will have to run sshd on his machine, add a user for your server and somehow let you to connect to it, bypassing NAT if any. So no, there is no such way with SSH.
I'd go with client-side application. Give script to user and let him run the script instead of SSH'ing. If you need to communicate with server, you can use something like paramiko on client side to connect to server from script. Then, script can launch other applications on client's computer based on data it receives from server.
If Python, if you are developing a system service that communicates with user applications through sockets, and you want to treat sockets connected by different users differently, how would you go about that?
If I know that all connecting sockets will be from localhost, is there a way to lookup through the OS (either on windows or linux) which user is making the connection request?
On Linux and other unixy system, you can use the ident service.
I'm not sure if Windows offers something similar.
Unfortunately, at this point in time the python libraries don't support the usual SCM_CREDENTIALS method of passing credentials along a Unix socket.
You'll need to use an "ugly" method as described in another answer to find it.
On Linux you can get the source (i.e. client-side) port of the socket and parse the output of the lsof(8) utility searching for who is using that port.
Here's the manual page.