I am trying to make it possible for a tool I use to connect via VPN to the network in my University. The problem with that is, that I am just able to generate a tun/tap device. The tool itself does not support using a specific network interface BUT it supports using a HTTP-proxy.
So now I am looking for a HTTP-Proxy which I can bind to a specific interface (tun device) in order to let the tool connect to my VPN via this HTTP-proxy.
I have looked at privoxy an squid but I couldn't find a hint thtat they support it.
Do you know any HTTP-proxy that supports what I plan to do?
I believe just binding to a tun interface is not enough. Since the packets coming into your HTTP-proxy will be IP packet, you will also need some TCP stack in the proxy code which can terminate the connect. Lwip is a stack for embedded device which seems full-featured. Maybe you can use that to terminate the connection and proxy it out.
Also, neither squid nor privoxy support tuntap device.
Hope this helps.
Related
I have set up a mosquitto-broker on my raspberry pi which I have running on my local network. I've tested this locally using the paho-mqtt package in python which is working, however I want to access this broker remotely (outside my local network).
From what I understand, the safest way to do this is to use TLS-authentication and configure mosquitto to listen on port 8883, rather than opening the un-encrypted 1883 port, where login credentials can be sniffed. This is where my problems start, as I suspect my ISP doesn't allow forwarding port 8883 to the (static) IP-address of my RPi. (Port wont open no matter what I try, and I've tried googling this specific issue.)
So my question is:
Is it possible to use another port than the default 1883 or 8883 (which my ISP hopefully allows to be opened) for accessing my locally hosted mosquitto-broker? For example one of the higher-valued ports, which I understand is not reserved for anything.
I'm imagining connecting to the broker by using my external IP-address with this port (xxx.xxx.xxx.xxx:yyyyy) and either tunneling this data to the 8883-port on the local network, or configuring mosquitto to listen on the selected port. Any tips on how I can solve this issue?
EDIT
Thanks for your answers! I just got off the phone with my ISP, and unfortunately they don't allow opening ANY ports because I live in a university dorm, so opening a different port won't work either. I guess using a cloud broker is the only option.
You can use any ports you want (or that your operating system will permit). MQTT uses certain ports by convention but is not restricted to using those ports. You're even welcome to encrypt on port 1883 if you want.
You'll need to do four things:
write the listener configuration directive correctly to use the port you want to use and make sure that you're listening on 0.0.0.0 in order to listen on all network interfaces, or the IP address of a specific network interface to listen on.
correctly configure encryption after the listener directive
ensure that the port you chose is accessible through any firewall your server may be running
properly configure any clients to use the port you configured and work with the encryption you configured
If you want to make it accessible over the Internet you'll need to open a port on your router as well.
If you do make it accessible over the Internet, please require authentication. Encryption won't stop strangers from connecting to your broker, it will just stop eavesdropping on them. Turn off allow_anonymous and set up some Mosquitto accounts.
Hi all and thanks in advance for your help.
I have a situation where I have a need to test an unstable Internet connection on one internal network and send out an email alert on any issues (obviously requiring an Internet connection) through another network - .
I have hardware with dual nic and plan on writing something simple in vb.
Is there a way I can disable ping on my 'good' connection forcing it through the test network yet allowing smtp?
I've looked into routing and done some basic testing but it seems the ping automatically reroutes through the good network shortly after the bad network fails?
Any advice warmly received.
You should not even think about blocking ICMP. This is a good way to cause many, many problems. Instead, you should explicitly specify which interface to use for the ping requests.
If you're using a command-line ping, you usually do this by specifying the source IP to use for sending the packets. For example, on OS X, you can run the command
ping -c 5 -S 10.0.1.13 8.8.8.8
to ping Google's public DNS server (8.8.8.8) using the interface whose IP address is 10.0.1.13. If the interface with that IP is down, the ping will fail.
The specific flag varies from implementation to implementation.
If you're writing your own ping code, IIRC, you just need to bind the socket to that source address with the bind() system call.
I have a server and a few clients, software-wise, and I want the client to figure out the IP address of the server without actually referring to a specific database.
I had a misconception about UDP up until now that UDP only used the Port as a common identifier between servers and clients, but I was wrong apparently.
Requirement:
I want my server to broadcast a message to ALL devices on the network, once every 5 seconds or so.
That message will contain the IP of the server.
Software using such technique already:
A photo transfering app for iOS, called "Photo Transfer App" is really easy to use because it basically tells you to open the app on your Mac and on your iPhone, and then you press "Discover", and BAM! your devices have found each other.
But how?
How can my requirement be achieved?
EDIT
I googled a bit. Could server host on 255.255.255.255and clients connect to that address solve my problem?
According to this Wikipedia article, 255.255.255.255 is used for broadcasting.
Can someone confirm?
If you will use broadcast address (255.255.255.255) or network broadcast (like 192.168.1.255 for network 192.168.1.xxx or in the prefix notation 192.168.1.0/24). You will get essential limitation: your broadcast will NEVER leave that network. So all host inside the LAN will see your broadcast message but nobody else.
Multicast as mentioned by null is better because it can leave your network and pass through the IP routers. But this is feasible only by special network settings on that routers (and require multicast routing capability on that routers).
Another technology without such limitation can be use is dynamic DNS (server will register itself via DNS).
Multicast would be better than broadcast. See also: Bonjour, multicast DNS & SSDP.
More information on Bonjour is available here.
I have a puzzle I am not able to figure out, I would appreciate any help.
I am connected to a remote desktop using windows default remote desktop utility (Windows 8 locally, Windows 7 remotely).
The remote desktop is not in the same sub-network as my own.
Connection is made through default port 3389. Using Wireshark locally I can confirm the TCP connection being established and the data flow.
Running Wireshark in the remote desktop, I don`t see any flow of data between the two computers.
If I send a ICMP ping from the remote desktop to my computer, it works well and I can see it in Wireshark both remotely as well as locally. But if I send the ICMP ping from my computer to the remote desktop, it fails. I see it leaving my computer through Wireshark, but it never reaches the remote desktop (I don`t see it in Wireshark).
I don't think it is a firewall issue (specially since it can't explain why Wireshark won`t capture the port 3389 RPC flow).
Does anyone have any idea of what might be going on?
I found the main issue.
In Wireshark, turns out it is possible to configure the capture interface with a filter.
To change it, go to: Capture->Interfaces
On the interface being used, stop capturing to enable the Options, there it is possible to configure a capture filter.
I want to add the option of automatic port forwarding (NAT Traversal) to an application.
I know this can be done using UPnP (specifically the part that communicates with the device presenting itself as an IGD - Internet Gateway Device).
I need to be able to test this port forwarding feature while developing it. And whatever big router system company traffic is routered over
Doesn't provide UPnP.
Wouldn't want me messing around with it while it's in live service.
My question is:
Does anyone know of any software that acts as or emulates a UPnP compatible router?
You could use Windows Firewall / Internet Connection Sharing, which supports UPnp by default. Just setup another machine, with Internet Connection Sharing activated, and you will have a UPnp router.
Also, you could check the UPnp forum for more information here.
Later edit:
You could also try setting up a linux/unix firwall with igd activated.
Here is a forum post for ubuntu.
And there is a miniUPnp project too.