I'm trying to connect to an FTP server over HTTP. Is there any way I can use a VPN like Hamachi and tunnel through my home PC, then connect tothe FTP via HTTP or another port?
The main problem with FTP over HTTP is not port mapping, but being able to translate HTTP commands to FTP. Something like mod_proxy_ftp should help. Note that FTP over HTTP proxies tend to support only fetching of files and listing of directories, i.e. they convert a directory URL to a LIST commands, and a file URL to a RETR command.
I realize I might not have answered your exact question, so apologies if there is a strong reason why you need to use VPN and not a proxy. Still I can't see how a VPN would do the protocol conversion.
Related
I'm currently trying to setup a tunneling tool, specific for game servers.
So you can start the server locally and everyone can join without open your ports or getting unsecure.
Basicly I do a reverse ssh tunnel to one of my dedicated linux servers where the game port get mapped to a different port (for example 8888). So the server is now exposed to the internet and available for anyone and the user don't have to get unsecure and open his own ports. Everyone can connect to the following ip: SERVERADRESS:8888.
The command which gets executed looks like this:
ssh -N -R "*:8888:localhost:25565" root#SERVERADRESS
This works fine just as i want. But I also want to secure my "forwarding" server, so I'm relativ new to networking but I found reverse proxy's. I watched some tutorials and I installed the "Nginx Proxy Manager" tool which comes with a web interface and looks very good and easy. So there is an option to create an Stream (Picture below), there you can enter the incoming port and the forward Host + port, for example: REVERSEPROXY:7777 -> FORWARDINGSERVER:8888. So with this I want to hide the ip adress from the server where all the ssh tunnels. Sadly this Stream tool won't work, I already saw some other topics with that. They all said to enter the port into the docker-compose.yml which I already did + restart. But for now it won't work. Any other soloutions for this problem? Or completly different ideas to protect my server?
https://i.stack.imgur.com/FolLe.png https://i.stack.imgur.com/KuJbt.png https://i.stack.imgur.com/2SN4a.png https://i.stack.imgur.com/9kzbj.jpg
I try to do my own tunneling tool, but with a protection so that my server getting damaged.
I have a local jupyter lab instance, running on mint-2 computer with command jupyter lab --ip "*", and it listens to port 8888. I can access it just fine via the URL mint-2:8888.
I also have a server instance ubuntu-2. I reverse ssh tunnel from mint-2:8888 to ubuntu-2:8888, meaning I can access it on my mint-1 laptop just fine via the URL ubuntu-2:8888 anywhere in the world.
However, it is not encrypted with TLS, so I wanted to improve this. On ubuntu-2 I have an nginx load balancer container that strips https traffic, and redirects http traffic to other locations. I have set up jupyter.ubuntu-2:443 so that it redirects to ubuntu-2:8888 so that it redirects to mint-2:8888. This version initially seems to open up just fine, and I can navigate directories. However, whenever I want to launch a new terminal or notebook instance, or even create new directories, it wouldn't work. Here's the network log when I save a modified notebook:
My question is, why won't the requests go through, considering I can still interact with the interface just fine everywhere else, but just not when creating folders/notebooks/terminals. I am thinking that JupyterLab might be using UDP and I'm considering passing UDP traffic through nginx, but this doesn't really make sense, as this is clearly a PUT request. Any other help regarding where to find more logs or speculation on what might have gone wrong is much appreciated.
I dig into it a little more, and managed to figured it out.
JupyterLab has CORS policy that doesn't allow requests to ubuntu-2. I then added c.NotebookApp.allow_origin = "*" to JupyterLab's config at ~/.jupyter/jupyter_lab_config.py, as mentioned here.
Then I found out that everything is still not functional, and this is because Jupyter requires both HTTP and WebSocket protocols, and my current server setup only allows http traffic. So I need to enable generic TCP traffic on ubuntu-2's HAProxy load balancer. Because I have multiple virtual hosts on the server, I need to distinguish between them, so I used Server Name Indication, server name included in TLS traffic.
I need to know, if it is possible to connect with Mikrotik script to TCP/IP Websocket to transfer some data e.g. with PC or PLC (which can provide server socket).
Thanks for any answer.
You can use /tool fetch to download files from remote server with http, https , ftp or tftp protocol. Then you can parse downloaded file to extract variables. see https://wiki.mikrotik.com/wiki/Manual:Tools/Fetch
There is no explicit websocket support, but as noted in the other answer, you have the ability to connect to a simple website, even do a POST. You could also do something clever with tftp. If none of this suits, you could probably use metarouter with something like busybox to achieve the connection.
I am building a custom slash command for slack. When the slack user types a command, ex /uptime, a HTTP POST message is sent to the server URL.
The tutorials I've read all include installing a tool such as ngrok, pagekite, or localtunnel to generate a URL for the local machine.
Since I am working with a server, can I not just open a port and have slack connect directly to that hostname and port? How can I do this?
Doing some research, I came across opening a port with nc, then listening with curl, however I don't understand how to put it all together.
Yes, if you are running your script for handling the POST requests from Slack on a server that has a URL that can be reached on the Internet you do not need a local tunnel like ngrok.
If you starting from scratch I can recommend using a standard Apache + PHP [+ MySql] stack and have a PHP script to interpret and react to the POST request. Of course other script languages (e.g. Python) work just as well.
This is first time I setup ftp server and I'm not really clever at network thing.
How do i want my connection to look like.
HOME > INTERNET > OFFICE_ROUTER > OFFICE_WORKSTATION > FTP_SERVER
OFFICE_WORKSTATION has 2 NIC: connection to FTP_SERVER and internet connection by OFFICE_ROUTER, FTP_SERVER has only connetion to OFFICE_WORKSTATION (localNetwork)
What I already did is vsftpd on FTP_SERVER with tls and it's already accesible from localNetwork - OFFICE_WORKSTATION (e.g by using totalCommander > 10.10.10.10:21)
I did port and ip forwarding on OFFICE_ROUTER (let's say its public ip is 192.192.192.1 and local 192.168.10.1)
So when I connect from HOME to OFFICE_ROUTER it sends me further to OFFICE_WORKSTATION.
Then i setup netsh on OFFICE_WORKSTATION ( localNetwork ip 10.10.10.50, inernetNetwork ip 192.168.10.10) to get 192.168.10.10:21 from internet and send it to 10.10.10.10:21 which is my FTP_SERVER. But such setup gives me "500 illegal PORT command"
Maybe it's because FTP_SERVER don't know how to send data back ? Because now it should respond from 10.10.10.10:21 (FTP_SERVER) to 10.10.10:50 OFFICE_WORKSTATION) and here netsh should take care of it and output it to OFFICE_ROUTER
I already know that ftp uses two ports data and command. Maybe i shoud forward both ports ?
I did test where my OFFICE_WORKSTATION serve FTP and I was able to connect it by HOME station by using single portForwarding on OFFICE_ROUTER.
With totalCommander from OFFICE_WORKSTATION i connect to 10.10.10.10:21 and it works, but if i try (also from OFFICE_WORKSTATION) in totalCommander to use those configured ports ( 192.168.10.10:21 > 10.10.10.10:21 ) I've got same error "500 illegal PORT command"
I want my OFFICE_WORKSTATION to serve as portForwarding (i don't even know how to call it). So at the end I think problem lies in error/problem in portForwarding configuration.
I would be very pleased if someone could give me some hints.
This is first time I setup ftp server
Don't.
Please, do not use FTP. You really, really do not want to use FTP. We do not want you to use FTP. Vint Cerf does not want you to use FTP. Bill Gates does not want you to use FTP. Even FTPS (which I'm guessing is what you are trying to say).
There are few things worse than FTP. FTPS is one of them. Setting up FTPS with any sort of NAT is really difficult for an expert systems admin.
There are lots of better solutions - SFTP (note order of letters - it's completely different) for one.