I need to build some software infrastructure to manage computers which are connected to the internet using a 3G modem (about 30-40 clients).
The scenario that I came up with for project needs:
Client established internet connection (this is made on OS startup - no user action needed)
Client make connection to some server in internet (I named it "PROXY" - maybe there is a better name)
From now client is connected to PROXY server and it is listening for connections on some port (static or dynamic port?)
The same is true for all other machines.
What I need:
When I connect to PROXY server I want to see list of all connected clients to it (optionaly time of connection, client IP etc)
I can make connection to any clients but not P2P I want to connect using PROXY server (some kind of tunneling?)
Access to client should be impossible without PROXY server.
Example:
Client connect to internet using 3G modem - received IP: 149.10.20.30
Client connect to PROXY (79.10.11.12)
I connect to PROXY (terminal / VNC / putty / whatever). I can list connected clients (ex. using some command: $ show_connected_clients). And I see list: IP / MAC or other informations.
From my computer (or PROXY server if this is simpler) I can make connection to client (terminal / VNC / RDP whatever) using for this PROXY server.
$ connect_to 149.10.20.30 using 79.10.11.12
Is such a thing is to realize with the help of the built-in OS services? Or maybe I need to use some commercial software or write my own application?
Writing this from scratch is possible but I do not want to reinvent the wheel.
Some advice? Thanks in advance for any help.
PS. Clients OS (probably all) is Linux. PROXY server OS - I can make decision by my own.
I've decide to use VPN. Perfect in its simplicity. If someone is interested.
Client connects to VPN. Gets IP from VPN network
VPN server on PROXY server
My machine connects to VPN
On PROXY server I can list connected clientes to VPN
Using (ex RDP) I can connect to any client by VPN network
I think I can configure client to deny connection from other network then VPN. If so, I have everything I need.
Simple :)
Trying to setup a SMTP send adapter in BizTalk 2010. When I specify the server name along with the port also (ex: mailserver.xxx.com:8989), mails do not go out. Otherwise they do. I couldn't find anything online about an issue with specifying the port in the servername. Can anyone confirm that we can not provide the port number in SMTP server name?
In SSIS- Send Mail task, same behavior. We are not allowed to append the port number. Could this be a related issue?
Unfortunately, specifying a custom port for the SMTP Send Adapter is not possible.
To note, the BizTalk SMTP Adapter and the Send Mail task are completely different implementations so it's just an unhappy coincidence if neither support this.
One possible solution is to configure the Windows/IIS SMTP Service somewhere in the Group and let it relay the messages.
I have a zentyal in a vps in the internet that I use to connect some companies with their external offices, so far with windows this is not a problem I connect the windows server to zentyal via openvpn client and configure as many openvpn clients as external offices that they have and they work perfectly but when I try to connect same way using zentyal in a company it fails, I mean I can check the option that states allow zentyal to zentyal tunnel. ok the server of the company can connect to the zentyal vps but I cannot download a bundle for normal clients to connect to the same network, is there a work arrout to connect both zentyals and normal hosts on a same netork via openvpn? If I try to use a normal client bundle in zentyal it doesnt let me connect.
Zentyal to Zentyal connections don't work for normal clients.
Zentyal allows you to define more than one VPN server. You should use a separate VPN server for other clients.
Note that the two modes have different semantics, in regard to how routing works for each of the VPN models. In brief:
Zentyal-to-Zentyal VPN tunnels use RIP and exchange the static routes accessible to each server.
For normal "road-warrior" clients, networks that needs to be accessed by clients have to be published using the "Advertised networks" section.
In addition, it's better practice to use a separate VPN network for road warriors, another VPN for server-to-server communications.
If I guess correctly, you'd like to use Zentyal as a normal VPN client (using a normal client bundle). It's a requested feature but I believe it's not available. You could configure the OpenVPN client manually in the Zentyal box (unmanaged by Zentyal, unless you use hooks). Alternatively, you could use a Zentyal-to-Zentyal tunnel for all clients, but configure Windows clients manually based on the certificates present on the bundle and the Windows OpenVPN configuration files you already have (this way, you'd be missing RIP (route exchange) funcionality between Windows and Zentyal but it shall work).
For your use case, i think there is not way inside zentyal to manage S2S connection.
To achieved that i use one server as client (S2), download a Linux bundle from the other zentyal(S1) server, then configure the S2 to act as the others clients to connect to the S1.
here is a link for client side configuration openpvn linux client
Hope that help
I'm currently working on my group voice chatting program. This is my plan:
Build up a server on 192.168.1.125. Listen to port 3490 and forward it to the router.
Clients connect to the server and get the user IP list(Whenever a client connects to the server, its IP address is recorded by the
server)
Clients communicate with each other using UDP multicast(is this ever possible across the router?).
But now I'm running into troubles. If a client inside the LAN, e.g. 192.168.1.120, connects to the server, it's taken down as 192.168.1.120, which won't work for clients from WAN.
I'm wondering if there is any way to convert the LAN IP to public IP? (this might have something to do with the router, I think)
Thanks.
You will have to be prepared for the case where direct client-to-client communication fails. Relaying through the server or NAT traversal/penetration may be necessary. Significant expertise is required to do this correctly.
Can someone tell me what is the difference between active and passive FTP?
Which one is preferable?
Active and passive are the two modes that FTP can run in.
For background, FTP actually uses two channels between client and server, the command and data channels, which are actually separate TCP connections.
The command channel is for commands and responses while the data channel is for actually transferring files.
This separation of command information and data into separate channels a nifty way of being able to send commands to the server without having to wait for the current data transfer to finish. As per the RFC, this is only mandated for a subset of commands, such as quitting, aborting the current transfer, and getting the status.
In active mode, the client establishes the command channel but the server is responsible for establishing the data channel. This can actually be a problem if, for example, the client machine is protected by firewalls and will not allow unauthorised session requests from external parties.
In passive mode, the client establishes both channels. We already know it establishes the command channel in active mode and it does the same here.
However, it then requests the server (on the command channel) to start listening on a port (at the servers discretion) rather than trying to establish a connection back to the client.
As part of this, the server also returns to the client the port number it has selected to listen on, so that the client knows how to connect to it.
Once the client knows that, it can then successfully create the data channel and continue.
More details are available in the RFC: https://www.ietf.org/rfc/rfc959.txt
I recently run into this question in my work place so I think I should say something more here. I will use image to explain how the FTP works as an additional source for previous answer.
Active mode:
Passive mode:
In an active mode configuration, the server will attempt to connect to a random client-side port. So chances are, that port wouldn't be one of those predefined ports. As a result, an attempt to connect to it will be blocked by the firewall and no connection will be established.
A passive configuration will not have this problem since the client will be the one initiating the connection. Of course, it's possible for the server side to have a firewall too. However, since the server is expected to receive a greater number of connection requests compared to a client, then it would be but logical for the server admin to adapt to the situation and open up a selection of ports to satisfy passive mode configurations.
So it would be best for you to configure server to support passive mode FTP. However, passive mode would make your system vulnerable to attacks because clients are supposed to connect to random server ports. Thus, to support this mode, not only should your server have to have multiple ports available, your firewall should also allow connections to all those ports to pass through!
To mitigate the risks, a good solution would be to specify a range of ports on your server and then to allow only that range of ports on your firewall.
For more information, please read the official document.
Redacted version of my article FTP Connection Modes (Active vs. Passive):
FTP connection mode (active or passive), determines how a data connection is established. In both cases, a client creates a TCP control connection to an FTP server command port 21. This is a standard outgoing connection, as with any other file transfer protocol (SFTP, SCP, WebDAV) or any other TCP client application (e.g. web browser). So, usually there are no problems when opening the control connection.
Where FTP protocol is more complicated comparing to the other file transfer protocols are file transfers. While the other protocols use the same connection for both session control and file (data) transfers, the FTP protocol uses a separate connection for the file transfers and directory listings.
In the active mode, the client starts listening on a random port for incoming data connections from the server (the client sends the FTP command PORT to inform the server on which port it is listening). Nowadays, it is typical that the client is behind a firewall (e.g. built-in Windows firewall) or NAT router (e.g. ADSL modem), unable to accept incoming TCP connections.
For this reason the passive mode was introduced and is mostly used nowadays. Using the passive mode is preferable because most of the complex configuration is done only once on the server side, by experienced administrator, rather than individually on a client side, by (possibly) inexperienced users.
In the passive mode, the client uses the control connection to send a PASV command to the server and then receives a server IP address and server port number from the server, which the client then uses to open a data connection to the server IP address and server port number received.
Network Configuration for Passive Mode
With the passive mode, most of the configuration burden is on the server side. The server administrator should setup the server as described below.
The firewall and NAT on the FTP server side have to be configured not only to allow/route the incoming connections on FTP port 21 but also a range of ports for the incoming data connections. Typically, the FTP server software has a configuration option to setup a range of the ports, the server will use. And the same range has to be opened/routed on the firewall/NAT.
When the FTP server is behind a NAT, it needs to know it's external IP address, so it can provide it to the client in a response to PASV command.
Network Configuration for Active Mode
With the active mode, most of the configuration burden is on the client side.
The firewall (e.g. Windows firewall) and NAT (e.g. ADSL modem routing rules) on the client side have to be configured to allow/route a range of ports for the incoming data connections. To open the ports in Windows, go to Control Panel > System and Security > Windows Firewall > Advanced Settings > Inbound Rules > New Rule. For routing the ports on the NAT (if any), refer to its documentation.
When there's NAT in your network, the FTP client needs to know its external IP address that the WinSCP needs to provide to the FTP server using PORT command. So that the server can correctly connect back to the client to open the data connection. Some FTP clients are capable of autodetecting the external IP address, some have to be manually configured.
Smart Firewalls/NATs
Some firewalls/NATs try to automatically open/close data ports by inspecting FTP control connection and/or translate the data connection IP addresses in control connection traffic.
With such a firewall/NAT, the above configuration is not necessary for a plain unencrypted FTP. But this cannot work with FTPS, as the control connection traffic is encrypted and the firewall/NAT cannot inspect nor modify it.
Active mode:
-server initiates the connection.
Passive mode:
-client initiates the connection.
Active Mode—The client issues a PORT command to the server signaling that it will “actively” provide an IP and port number to open the Data Connection back to the client.
Passive Mode—The client issues a PASV command to indicate that it will wait “passively” for the server to supply an IP and port number, after which the client will create a Data Connection to the server.
There are lots of good answers above, but this blog post includes some helpful graphics and gives a pretty solid explanation: https://titanftp.com/2018/08/23/what-is-the-difference-between-active-and-passive-ftp/