I have a SOCKS proxy setup to a gateway server which is created by setting up a host definition in my ssh_config to use DynamicForward localhost:9876. To connect with SSH to the remote server I've setup another host definition to use ProxyCommand /usr/bin/nc -x localhost:9876 %h %p which is all working fine.
However my fabric script needs to connect to that remote server. How can I tell it to use the SOCKS proxy when it connects?
Tunnelling is now (March 2013) supported by Fabric natively: see the discussion leading to the changes in code and the commit message with a bit of rationale.
Fabric's SSH layer does not support gateways or proxies at the moment but they "may end up patching/forking it sometime to add that functionality." (from here).
There's also an outstanding issue on Fabric to implement tunneling.
This blog post suggests overriding the run function.
You can use tsocks and the OpenSSH client's built-in support for creating SOCKS tunnels. It requires a bit of configuration but it works fine. Below is how I got started on Ubuntu 10.04.
# Install the tsocks library and shell script.
sudo apt-get install tsocks
# Configure the range of IP addresses you need access to.
sudo nano /etc/tsocks.conf
# Use the OpenSSH client to create a socks proxy (stepping
# stones are hosts used to gain access to private subnets).
ssh -D 1080 stepping.stone
# Now connect to any given address in your configured range.
# tsocks will intercept the connection and route it using
# the SOCKS proxy we created with the previous command.
tsocks ssh 1.2.3.4
The fact that Fabric doesn't work without a VPN connection was a deal breaker for me, so this is a great solution; all it requires is SSH access to one host.
on Fabric (1.12.0)(doc):
env.use_ssh_config = True
Related
Im very new to network programming and faced a following problem:
Im working on VMware CentOS7 virtual machine on Windows10 host.
My script should send WHOIS queries and parse their output (e.g. expiration date).
However, an attempt to send a query leads to a connection error:
>>>import whois
>>>whois.query('google.com')
WhoisCommandFailed: connect: Network is unreachable
I tried to whois from terminal, but error was the same.
When i tried to use whois directly from Windows, which hosts virtual machine, the error seemed to look same as well (connection timeout).
As i found out, it was most likely related to access to port 43. I created rules (for in and out) for Windows firewall for this port by a guide , but error still persisted.
It looks like access to this port was blocked by ISP (however ping command is working).
To sum up, I got two questions there:
1) (less important) How to check if port 43 is blocked by firewall either by ISP?
2) (most important) Is it possible somehow to reconfigure WHOIS for usage of another port (i.e. 23) for sending queries by Python script?
Unfortunately, ISP security policy doesn't allow them to open 43 port.
Mostly ISP doesn't block any port but yes, this is not 100% true.
Testing connection:
run tcpdump (install command: yum install tcpdump) command on CentOS: tcpdump -peni any tcp and port 43
You have to see lines with the following text: 192.168.1.1.57350 > 192.34.234.30.43 where 192.34.234.30 IP address means the remote whois server.
Try to telnet to remote server's TCP/43 port: telnet 192.34.234.30 43
You should see the following:
Trying 192.34.234.30...
Connected to 192.34.234.30.
Escape character is '^]'.
If you can`t see context like that and you get back prompt immediately you will a firewall rule somewhere what is block connection. I recommend to switch off firewall temporarily and test again.
You cannot change port number, because it is configured on the remote side, on the server.
Can CentOS7 server communicate towards the internet? In example can you install packages?
Is there any router between windows machine and ISP?
I currently have a Linux Debian VM set up through Google Cloud Platform. I have docker installed and would like to start running application containers within it.
I'm following the documentation under Docker's website Found Here under
"Running a web application in Docker" I download the image and run it with no issue. I then run $sudo docker ps and get the port which is 0.0.0.0:32768->5000/tcp
I then try to browse to the website at http://"MyExternalVMIP":32768 but the applications doesn't come up. Am I missing something?
First, test to see if your service works at all. To do this, from the VM itself, run:
wget http://localhost:32768
or
curl http://localhost:32768
If that works, that means the service is operating properly, so let's move further with the debugging.
There may be two firewalls that are blocking external access to your docker process:
the VM's OS firewall
Google Compute Engine firewall
You can see if you're affected by the first issue by accessing the URL from the VM itself and from another VM on the same GCE network (use the VM name in the URL, not the external IP):
wget http://[vm-name]:32768
To fix the first issue, you would have to either open up the single port (recommended):
iptables -I INPUT -p tcp -s 0.0.0.0/0 --dport 32768 -j ACCEPT
or disable firewall entirely, e.g., by stopping iptables (not recommended).
If, after fixing this, you can access the URL from another host on the same GCE network, but still can't access it from outside of Google Compute Engine, you're affected by the second issue. To fix it, you will need to open the port in the GCE firewall; this can also be done via the web UI in the Developers Console.
Create an entry in your local ssh config file as below with specific local forward port. In my case its an example of yarn's IP, which I want to access in browser.
Host hadoop
HostName <External-IP>
User <Local-machine-username>
IdentityFile ~/.ssh/<private-key-for-above-user>
LocalForward 8089 <Internal-IP>:8088
Apache server can be set up and accessed from ouside Network in the following way:
http://lifehacker.com/124212/geek-to-live--how-to-set-up-a-personal-home-web-server
I want to achieve similar functionality with python SimpleHTTPServer.
How is this possible?
Step 1: Run this command "python -m SimpleHTTPServer". Note that python -m SimpleHTTPServer works only with python 2. With python 3, you should use: python -m http.server
Step 2: Edit your router's configuration to forward port 8000 to the computer on which you ran the python command.
Step 3: Determine your home network's IP address, for example, 203.0.113.47
One convenient way to determine your home network's IP address is to consult any of the what-is-my-ip websites, for example https://www.whatismyip.com/.
Step 4: From outside your network, visit (for example) http://203.0.113.47:8000/
In case the port 8000 is blocked in your firewall, you have to open it.
For example, on RHEL/CentOS/Fedora, open port 8000 as shown below.
#firewall-cmd --permanent --add-port=8000/tcp
#firewall-cmd --reload
On Debian, Ubuntu you can allow the port as shown below.
$ sudo ufw allow 8000
You can either port forward your router to the specific port and use a dynamic DNS service such as no-ip to reach your server.
Or you could use a tunneling software like localtunnel.me or ngrok to forward your port to a unique URL.
Or you could create a reverse proxy or a VPN server if you own a cloud server such as AWS or DigitalOcean.
Yeah, localtunnel helps you in external access of python http.server.
Here external access means - to access your http.server from outside the network (suppose you're in Delhi running python http.server and want your friends who are in Bangalore to see the directory contents).
Requirements:
nvm (for installing localtunnel)
use 'lt' (CLI tool) on a specific port (but remember, in order to make external access on your python http.server you need to run python -m http.server along with )
I'm being trying to
Log into a server using SHH (with Paramiko)
Use that connection like a proxy and route network traffic through it and out to the internet. So say I could set it as my proxy in Urllib2, Mechanize, Firefox, etc.).
Is the second part possible or will I have to have some sort of proxy server running on the server to get this to work?
You could implement a SOCKS proxy in the paramiko client that routes connections across the SSH tunnel via paramiko's open_channel method. Unfortunately, I don't know of any out-of-the-box solution that does this, so you'd have to roll your own. Alternatively, run a SOCKS server on the server, and just forward that single port via paramiko.
I have try to implement it using paramiko. But I find paramiko can only launch a tunnel redirecting localhost:lport to remoteip:rport just like 'ssh -L'.
So I want to know how can I implement it using paramiko or use other library.
Thanks for your help.
Unlike the -L or -R options which forward specific ports, ssh -D establishes a SOCKS proxy for application-level port forwarding.
Assuming that's what you want, then according to this answer, there are several Python modules which implements SOCKS clients/proxies, e.g. PySocks and SocksiPy. Unfortunately, I have never explored any of these options and cannot vouch for any of them.