The title says it all.
There is an odd request from the security team to make all necessary connections through port 443. This is not that difficult as most of the apps do this by default. NO OTHER PORTS MAY BE OPENED.
We have a new requirement to give devs access to a small database in our cloud. The database normally listens to port 50000 which they will not open to give the reporting team access.
The short-term solution is to onboard the team to a VPN so that they can get access on their desktops, long-term.... could I force fit DB2 to connect through port 443? I haven't been able to try it. I know its an odd requirement but at this point, I am curious if anyone has and the result.
That should be doable. The port (or its name) is set in the SVCENAME configuration option. If SSL is used, the option is SSL_SVCENAME.
A quick test would be to change the configuration, restart Db2 and open up a connection to that port (telnet or Db2 client).
Note 1: HTTPS is usually on port 443, but if there is no web server it is ok.
Note 2: Root privileges are needed to set up and use such privileged ports.
Related
We're using neo4j server 3.1.4
We want to deploy neo4j server behind nginx, and our environment just allow one port:80 for nginx.
But neo4j browser need HTTP port(default 7474), and bolt port(default 7687).
So we config nginx to access HTTP port, we failed to connect bolt port.
It reported WebSocket connection error, for we can't access another port.
We checked the neo4j.conf & documentation,and found no useful information.
So, Is there any way to access neo4j server with only one port(80)?
Can anyone help us with this situation?
screen errors
Neo4j browser is just a client for the database, and in a prod env, I never give access to it by the outside.
So in your case, I will just map the bolt port to the 80 one on nginx.
And if you want access to Neo4j with a browser, you should consider to use the Neo4j Desktop application, and configure a remote database.
When I create the Hello World example in C++ from The Guide on ZeroMQ found here:
http://zguide.zeromq.org/page:all#Ask-and-Ye-Shall-Receive
and run the application, I get a Windows Security Alert that asks if I would like to allow the application to communicate on public or private networks.
It looks like this:
Here is where things get interesting.
I only need my program to listen on port 5555 for connections from localhost and I do NOT need to allow incoming connections on port 5555. This is because I only want to communicate between applications on the localhost.
Client and server are both running on the same machine.
Here is my current process. I start the server, the Windows Security Alert comes up, since I am running the application as a non-administrator account, I only have standard permissions. Then I click Cancel on the Alert.
Clicking cancel on the alert puts an explicit deny inbound rule on all ports for HelloWorldServer.exe. This is totally fine.
Then I start the client. Since the client is connecting to the localhost. I actually does not need to send messages outside of the local machine, and all of its messages arrive at the server just fine.
Given an explicit deny rule on incoming connections to HelloWorldServer.exe, the messages can still arrive from the client on the local host. This is a desirable result.
Now the question becomes is there anyway to automatically respond to the Windows Security Alert to click cancel? Is there any way to suppress it from popping up since the allow is not needed?
The prompt is undesirable because it implies that the application needs to create a vulnerability when it does not.
Please assume that Named Pipes are not a valid alternative to tcp as a means of inter-process communication.
When binding the socket the caller may specify the IP address the socket is bound to. The coding samples provided by ZeroMQ specify
socket.bind ("tcp://*:5555");
where * appears to be specify all possible addresses (INADDR_ANY in BSD socket-derived parlance) which will trigger the Windows firewall as it allows remote and local addresses.
Calling socket.bind with the localhost address 127.0.0.1
socket.bind ("tcp://127.0.0.1:5555");
limits the sockets allowed to connect to the local machine and should silence the firewall warning for most Windows firewall configurations.
I have RealTime asterisk with 3 servers. In database I hold sippears only and voicemail boxes. Voicemail messages are stored on the system FILE_STORAGE.
Server A and B are for calls and sip registrations and Server C is dundi.
Currently everything work fine.. I can call from Server A to Server B. The problem is when I leave message to number who is busy and registered on Server B.. then this number disconnect and register on Server A -> he can't listen the messages because it is stored on Server B..
How can I make any user to be able to listen his messages no matter on which server are?
You have alot of options, most of each in clustering area.
Simplest options are:
Glusterfs setup on both server, voicemail in glusterfs directory. This one do failover
NFS/samba share on both servers.
mysql master-master replication, use ODBC_STORAGE, put all voicemails in db. This one is recommended if you also want easy access from web interface to your voice files and simple search/lookup/get message. Highly recommended use innodb tables and optimized mysql config.
Easiest way just for to be able to listen them no matter on which of both servers user is registered is NFS and mounting for example /var/spool/asterisk/. In this case you need to install some additional components.
Here is great tutorial how can you done this:
How to configure an NFS server and mount NFS shares - Ubuntu
Another way if you can make master-slave with two servers in cluster and using rsync . Then you can sync every X minutes/hours/days folder to remote server to keep them in case of failure.
rsync -a local_dir/ user#remote-host-ip:/path/to/dir
I have sTunnel running on my client and server and can't seem to get my head round how I can have it running in a sort of "silent mode" whereby if I were abroad I could fire up the sTunnel connection on my client, connect to my server and then my browsing traffic connection would behave as if I were in the UK (an encrypted proxy).
On the client conf I have:
accept = localhost:xxx (I understand this means the local sTunnel installation listens on xxx port and grabs any traffic sent on that port).
connect = serverip:xxx (This is the instruction of where it needs to be forwarded, i.e the server).
On my server:
accept: clientIP:xxx (the source IP address of my client)
connect: localhost:xxx (the loopback address of the server)
What am I failing to see here? As I see it I can only use this tunnel if I explicitly target a port with my browser and even then wouldn't it only make it as far as the sTunnel server and not onward to the website intended? Do I need to setup proxy settings in the browser?
thanks a lot
I'm not sure stunnel is what you're looking for here.
What you describe would be best accomplished with OpenSSH, and its dynamic SOCKS5 proxy functionality, e.g. ssh -D1080 from the client.
This generally doesn't require any extra settings on the server-side (unless it was specifically disabled by your system administrator), and then on your roaming client-side, you simply establish an SSH connection to your server as per usual, but add an extra -D1080 parameter to your ssh invocation.
Or, if using PuTTY, set up dynamic port forwarding within Connection, SSH, Tunnels, Source port of 1080 and Destination of Dynamic, click Add.
Subsequently, change the settings of your browser to use SOCKS proxy at localhost, port 1080, and also make sure to specify SOCKS v5 and ensure that the checkbox for resolving hostnames remotely is set, too.
I've been trying to set up a server using Google Compute Engine but find myself being stuck.
I've installed everything that needs to be installed, I can start the server, no problem. Only thing is, i'm unable to connect to the server.
I've opened the required ports in a firewall rule (udp:16261; tcp:16262-16270) for all source IP as normal, but when I try to connect, i get this message on the server's console :
User jet is trying to connect.
Connected new client jet ID # 0 and assigned DL port 16262
testing TCP download port 16262
And it waits and waits, nothin happens. I'm pretty sure it's because no connection has been requested from the outsite of the network on that specific port (16262) that the outgoing traffic can't be sent, but I was wondering if anyone else has tried to make it work.
Thanks for your help guys !
According to the documentation; in the "Forwarding Required Ports" Section:
Project Zomboid dedicated servers require the following open ports to successfully connect to clients:
8766 UDP
16261 UDP
If the client's public ip address is known, you can perform a basic troubleshooting whitin Google Compute Engine using Cloud Logging. A basic query returning all the logs containing that ip address as source or destination would be:
jsonPayload.connection.src_ip="public-ip-address" OR jsonPayload.connection.dest_ip="public-ip-address"
Firewall Rules Logging has to be "on" for every rule involved in the connection. Follow these steps for Enabling firewall rules logging.
For troubleshooting purposes an "allow all" Firewall rule can be created and logging enabled on it, that would allow you to see exactly what ports are involved.
Note: If the traffic hitting the firewall rule(s) is too much, it can lead to unanticipated storage costs. Please enable the firewall rules logging just for troubleshooting purposes, don't forget to disable it after you're done.