tag:blogger.com,1999:blog-86687874866904695942024-03-08T06:27:14.344-08:00SysadminsGroveDominichttp://www.blogger.com/profile/06724767908180469439noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-8668787486690469594.post-68251439047274786032008-11-13T05:25:00.000-08:002008-11-13T05:27:43.954-08:00MacOsX kai Mkv Video: How to splitΆν θέλουμε να κόψουμε μία ταινία mkv σε δύο κομμάτια τότε χρησιμοποιούμε την εντολή:<div><br /></div>sudo mkvmerge --split size:4050m /path/to/file.mkv -o /path/to/output_file.mkv<br /><div><br /></div><div>Είναι λίγο παράδοξη αλλά δουλεύει.</div><div><br /></div><div><br /></div>Dominichttp://www.blogger.com/profile/06724767908180469439noreply@blogger.com0tag:blogger.com,1999:blog-8668787486690469594.post-21135531218464610162007-08-13T07:54:00.000-07:002007-08-13T08:00:04.145-07:00Homecase: smbclient vs cifs perma-mount 1 - 0<div style="text-align: justify;">Smbclient and generally smb-browsers (either command-line or gui ones) are better for non-carrier-grade networks like home-LANs.<br /><br /><span style="font-size:78%;">retrieved from: http://learn.clemsonlinux.org/wiki/Samba_client</span><br /><span style="font-size:78%;"><hr /></span>If you just need to grab a file, or put a file on the server, <span style="font-weight: bold;">but don't need a constant connection</span>, <span style="font-weight: bold;">it is best to either browse to the share using Gnome/KDE's built in Samba browser, or to use the command line client </span><code style="font-weight: bold;">smbclient</code>. This assumes you have the <code>samba-client</code> package installed provided by your distribution. </div><p style="text-align: justify;">Using <code>smbclient</code> is very similar to using a command-line FTP client. Here are a few useful commands: </p><div style="text-align: justify;"> </div><dl style="text-align: justify;"><dd>$ <code>smbclient -L //hostname</code> </dd></dl><div style="text-align: justify;"> </div><p style="text-align: justify;">Where <code>hostname</code> is the NetBIOS name of the machine you wish to connect to. After being prompted for a password (enter no password for anonymous login) this command will give you a list of available shares on the machine, plus some other information. </p><p style="text-align: justify;">To connect to a share, you must specify the share name, in the format <code>//hostname/sharename</code> where <code>sharename</code> could be the name of a file share, or a printer, or anything else Samba can handle. </p><div style="text-align: justify;"> </div><dl style="text-align: justify;"><dd>$ <code>smbclient //joescomp/joe</code> </dd></dl><div style="text-align: justify;"> </div><p style="text-align: justify;">After entering joe's password, you are given an <code>smb: \></code> prompt where you may enter commands much like an FTP client. Some commands include <code>ls</code>, <code>get</code>, <code>put</code>, <code>rm</code>, <code>help</code> and <code>quit</code>. The <code>help</code> command will list all the commands, and <code>help command</code> will give help on a certain command.</p><hr style="margin-left: 0px; margin-right: 0px;"><div style="text-align: justify;"><br /><br /></div>Dominichttp://www.blogger.com/profile/06724767908180469439noreply@blogger.com0tag:blogger.com,1999:blog-8668787486690469594.post-963598519532866232007-08-07T12:47:00.000-07:002007-08-13T08:03:06.854-07:00Zyxel NAT loopback and dyndns in-lan access problems<div style="text-align: justify;"><span style="font-size:78%;">retrieved from:</span><br /><span style="font-size:78%;">http://www.howforge.com/4-steps-to-turn-on-nat-loopback-in-zyxel-router</span><br /><br />The problem:<br /><br /></div><hr style="margin-left: 0px; margin-right: 0px;"><div style="text-align: justify;">I'm using Zyxel 650R-31 [...] ...<br /></div><p style="text-align: justify;">I try to access <span style="font-weight: bold;">local web service</span> using my <a href="http://dyndns.org/">DynDNS</a> address <span style="font-weight: bold;">from my PC</span>, which is behind the router, and all I got was the router login page instead of the web page itself.</p><div style="text-align: justify;"> </div><p style="text-align: justify;">I asked many ppl that also use ADSL router and they keep telling me that this is normal T_T</p><div style="text-align: justify;"> </div><p style="text-align: justify;">Million thanks for the useful tips!</p><hr style="margin-left: 0px; margin-right: 0px;"><div style="text-align: justify;"><br /><br />The solution:<br /><br /><span style="font-weight: bold;">Step #1:</span><br /></div><hr style="margin-left: 0px; margin-right: 0px;"><p style="text-align: justify;">My colleage used <a title="ZyXEL" href="http://www.zyxel.com/" target="_self">ZyXEL</a> <a title="Prestige 650R-31" href="http://www.zyxel.com/product/model.php?indexcate=1023412455&indexcate1=1021877946&indexFlagvalue=1021873638" target="_self">Prestige 650R-31</a> as the main <a title="Find topic about ’ADSL’ on Answers.com" href="http://www.answers.com/topic/ADSL" target="_self">ADSL</a> router for his company. It works very well and so stable. Last week he asked me to help him setup a server placed behide the ADSL router to be accessible anywhere from Internet. The main service is e-mail so I just added port forwarding via web-based configuration. It was so easy and worked like a charm. However, the connection could not establish if he sat inside the <a title="Find topic about ’NAT’ on Answers.com" href="http://www.answers.com/topic/NAT" target="_self">NAT</a>. The problem is so called "<strong>NAT loopback</strong>". I found this kind of problem in D-Link also.</p><div style="text-align: justify;"> </div><p style="text-align: justify;">Fortunately, ZyXEL allows to enable NAT loopback via commandline interface. What I do to solve this problem is just 4 steps.</p><div style="text-align: justify;"> </div><ol style="text-align: justify;"><li>Telnet to the router and enter administrative password</li><li>Go to menu 24 and then 8</li><li>Run command "<strong>ip nat loopback on</strong>"</li><li>Type "exit" and then 99 to quit from the management screen</li></ol><div style="text-align: justify;"> </div><p style="text-align: justify;">Thanks ZyXEL and <a title="cpbotha" href="http://cpbotha.net/weblogs/cpbotha/archives/001595.html" target="_self">cpbotha</a> for this very useful hidden command. It would be better if it can be altered via web interface.</p><hr style="margin-left: 0px; margin-right: 0px;"><div style="text-align: justify;"><br />Comment:<br /><br />I also found the following tip about the "<span style="font-weight: bold;">ip nat loopback on</span>" bit<br /><br /></div><hr style="margin-left: 0px; margin-right: 0px;"><div style="text-align: justify;">ras> ip nat loopback on<br /><br />This will turn it on <span style="font-weight: bold;">but if you reboot the setting will go back to default (i.e. `off')</span>.<br /><br />To make the 660 keep the setting telnet in to 24 , 8<br /><br /></div><ul style="text-align: justify;"><li>Type:<br /><br />sys edit autoexec.net<br /><br /></li><li>Press "i", then type "ip nat loopback on"<br /><br /></li><li>Press "x" to save the configuration.<br /></li></ul><div style="text-align: justify;"><br />To verify the changes took place correctly type:<br /><br />sys view autoexec.net<br /><br />Scroll up to the _first_ line displayed by the above command and you should be seeing the `<span style="font-weight: bold;">ip nat loopback on</span>' bit.<br /></div><hr style="margin-left: 0px; margin-right: 0px;"><div style="text-align: justify;"><br /><br /><span style="font-weight: bold;">Step #2:</span><br /><span style="font-weight: bold;"><hr /></span><span>Double-check that port-forwarding is appropriately set in your router to forward the http-port to the lan-server you want (your pc or whatever).</span><br /><span style="font-weight: bold;"><hr /></span><br />In addition to the above it would also be useful to change the default http, ftp, telnet ports for remote management to something else than the default ones - theoretically there is no need for this but `just-in-case'. The port-changes can be done easily through the web-configuration interface.<br /><br />Also note that the above is only _one_ of the issues one has to tackle in setting up a home-http-server.<br /><br /><br /><span style="font-size:130%;"><span style="font-weight: bold;">The `blocked-ports' issue with some ISPs (including OteNET):</span></span><br /><br />As of the time of this writting there are some problems with OteNET's policy regarding port 80. It seems it's only possible to run an http server only if it's binded to port number equal to or higher than 1023 (at least) - it appears that all ports from 1 up to and including 1022 are blocked for all services (http, ssh, ftp) by OteNET at least for costumers having dynamic IPs. Other ISPs are known to follow a similar policy.<br /><br />Changing the default ports on servers behind the router to ports >= 1023 seems to be the only way over this second obstacle.</div>Dominichttp://www.blogger.com/profile/06724767908180469439noreply@blogger.com0tag:blogger.com,1999:blog-8668787486690469594.post-42475685164421937002007-08-07T12:39:00.000-07:002007-08-13T08:04:06.306-07:00Userland http-servers: The `port < 1024'-problem vS hackers<div style="text-align: justify;"><span style="font-size:78%;">Retrieved from:</span><br /><span style="font-size:78%;">http://it.newinstance.it/2005/06/23/how-to-do-port-redirection-with-debian-and-doing-so-securing-tomcat/</span><br /><br /></div><h3 style="text-align: justify;"><a href="http://it.newinstance.it/2005/06/23/how-to-do-port-redirection-with-debian-and-doing-so-securing-tomcat/" rel="bookmark" title="Permanent Link to "How to do port redirection with Debian (and doing so, securing Tomcat)"">How to do port redirection with Debian (and doing so, securing Tomcat)</a></h3><div style="text-align: justify;"> </div><div style="text-align: justify;" class="itemhead"> <!-- The following two sections are for a noteworthy plugin currently in alpha. They'll get cleaned up and integrated better --> <small class="metadata"> <span class="chronodata">Pubblicato da <a href="http://it.newinstance.it/author/luigi/" title="Articoli scritti da: Luigi">Luigi</a> il 23 Giugno 2005 in <a href="http://it.newinstance.it/category/internet/" title="Visualizza tutti gli articoli in Internet" rel="category tag">Internet</a>, <a href="http://it.newinstance.it/category/java/" title="Visualizza tutti gli articoli in Java" rel="category tag">Java</a>, <a href="http://it.newinstance.it/category/linux/" title="Visualizza tutti gli articoli in Linux" rel="category tag">Linux</a>, <a href="http://it.newinstance.it/category/web/" title="Visualizza tutti gli articoli in Web" rel="category tag">Web</a></span> </small> </div><div style="text-align: justify;"> </div><div style="text-align: justify;" class="itemtext"> <p> First of all, I have to precise that I'm not a sysadmin, and you may not assume that the things as explained here are best way to handle the problem, or just that this is a correct one. This worked for me yesterday night, and I share my notes here so that I'll find this easier next time, and hoping that someone will find this useful and time saving. </p> <h3>The problem</h3> <p> Why whould you want to do port redirection?<br /></p><p>If you want to put a web server on internet it would be great to have it run on standard http port (80), as many company proxies just refuse to connect on other ports. You can think to just configure tomcat's server.xml to run on port 80 instead of the default one, at 8080. Using unix, this would work only if you run tomcat as priviledged user (root) because of common users cannot bind port under 1024.<br /></p><p>"What's the problem?" could you say, but - believe me - leving a server online with tomcat running with root priviledges can be a very bad idea.<br /></p><p> So, resuming, the problem is: </p><ol><li>you would like to bind tomcat on http port</li><li>you want to run tomcat with a restricted user, to avoid hackers to gain root privileges</li><li>... but restricted users cannot bind http port (1 & 2 are in conflict)</li></ol> <h3>Possible Solutions</h3> <p> There may be many solutions to this problem. Searching the net I've found an article titled <a href="http://rimuhosting.com/mod_jk2.jsp">"Running JSP Through Apache with mod_jk2"</a> explaining how to work around this limtation. There are three possibilities: </p><ol><li>Accessing Tomcat on Port 80 (running tomcat as root)</li><li>Forwarding Incoming Port 80 requests to Port 8080 using iptables</li><li>Using Apache to forward incoming requests on http port to tomcat on port 8080 (mod_jk2)</li></ol> The first possibility is the root of my problem, not a solution <img src="http://it.newinstance.it/wp-includes/images/smilies/icon_smile.gif" alt=":-)" class="wp-smiley" /> . And also the mentioned article says that it's not a great idea. Using iptables (configuring unix firewall) could be a good solution. Also using apache can be good and I don't like to add useless software layers ("just forwarding" is useless, imho), as additional layers too often add complessity to systems. So I choosed to use iptables port forwarding. <h3>Iptables howto</h3> <p> Being a windows user, and not knowing much about unix administration, the first thing I searched over the net was the command to be typed to do port forwarding. I ever didn't know anything about iptables.<br />After some tries I find this: </p> <pre style="height: 50px; max-height: 50px;">hal9000:~# iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080<br />hal9000:~# iptables-save<br /></pre> <p> I tried at command line and it worked: request on http port were forwarded to tomcat! So, iptables is the solution. But after a reboot those rules were lost: the problem now is "how to make those rules persistent thru reboots?". Before continuing the search over the net I tried<br />"man iptables" then looking on my own hard disk I found a little howto in<br /></p><p>/usr/share/doc/iptables/README.Debian.gz.<br /></p><p> Reading it (Chap "3. running iptables"), I've met a new utility: "The closest to standard is the<br />ipmasq package". I like to do things close to standards.<br />Things to do now: </p><ol><li>prepare a "self-written or acquired scripts to run at system startup" into /etc/init.d</li><li>use update-rc.d to update the SysV run level processes</li></ol> I tried to run ipmasq and I got a "command not found" error. This is a problem for apt-get <img src="http://it.newinstance.it/wp-includes/images/smilies/icon_smile.gif" alt=":-)" class="wp-smiley" /> . I've installed ipmasq using the command "apt-get install ipmasq". After instal, the setup ask for some options and I just leaved the defaults. After an installation is always a good idea to run "mandb" command to update man databases.<br />Then I typed at command line: <pre>hal9000:~# ipmasq -v<br />#: Interfaces found:<br />...ipmasq displayed lot of default settings here...<br /></pre> <p> Good: ipmasq is there.<br />Now it's time for the scripts. To configure ipmasq you have to create a file <filename>.rul in /etc/ipmasq/rules path. Here's the mine: </filename></p> <pre style="height: 80px; max-height: 80px;">hal9000:~# cat /etc/ipmasq/rules/F00chain.rul<br />#:<br />#: **********************************************************<br />#: *** FORWARD CHAIN ***<br />#: **********************************************************<br />#: $IPTABLES -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080<br /></pre> <p> Now we've to configure SysV init system to run ipmasq on startup. Taking example from /etc/init.d/skeleton file, I've written following script: </p> <pre style="height: 200px; max-height: 200px;">hal9000:/etc/init.d# cat /etc/init.d/ipmasq<br />#! /bin/sh<br />#<br /># ipmasq.init Set up IP Masquerading for Debian systems<br />#<br /><br />PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin<br />DESC="Firewall"<br />NAME=ipmasq<br />DAEMON=/usr/sbin/$NAME<br />PIDFILE=/var/run/$NAME.pid<br />SCRIPTNAME=/etc/init.d/$NAME<br /><br /># Gracefully exit if the package has been removed.<br />test -x $DAEMON || exit 0<br /><br />#<br /># Function that starts the daemon/service.<br />#<br />d_start() {<br />$DAEMON<br />}<br /><br />case "$1" in<br />start|restart|force-reload)<br /> echo -n "Starting $DESC: $NAME"<br /> d_start<br /> echo "."<br /> ;;<br />stop)<br /> ;;<br />*)<br /> echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2<br /> exit 1<br /> ;;<br />esac<br /><br />exit 0<br /><br />hal9000:/etc/init.d# chmod 755 /etc/init.d/ipmasq<br /> </pre> <p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p>Notice that you have to chmod 755 the file (as shown upon) as it needs to be executable.<br />Then we've to update SysV runlevels procedures with following command (and its output): </p> <pre>hal9000:/etc/init.d# update-rc.d ipmasq defaults 10<br />Adding system startup for /etc/init.d/ipmasq ...<br />/etc/rc0.d/K10ipmasq -> ../init.d/ipmasq<br />/etc/rc1.d/K10ipmasq -> ../init.d/ipmasq<br />/etc/rc6.d/K10ipmasq -> ../init.d/ipmasq<br />/etc/rc2.d/S10ipmasq -> ../init.d/ipmasq<br />/etc/rc3.d/S10ipmasq -> ../init.d/ipmasq<br />/etc/rc4.d/S10ipmasq -> ../init.d/ipmasq<br />/etc/rc5.d/S10ipmasq -> ../init.d/ipmasq<br /></pre> <p> This command says to create links to /etc/init.d/ipmasq script for all runlevels at position 10: you see that created files contains "K10" and "S10" in their name, they are the startup and kill links for the service. Runlevels links are executing in order by their name, so 10 means that our script will be executed quite early. </p> <p> We've done. At next reboot we should see "Starting Firewall: ipmasq" message before the login prompt. Now - if all went right - your firewall should forward http request to port 8080. And you can run tomcat on port 8080 with a restricted user, and access it from internet on standard http port. </p> <p> ...and now you know it <img src="http://it.newinstance.it/wp-includes/images/smilies/icon_smile.gif" alt=":-)" class="wp-smiley" /> </p> </div>Dominichttp://www.blogger.com/profile/06724767908180469439noreply@blogger.com0