September 8th, 2004
|09:21 am - e-mail posting. funky.
So the new job.
Right now it's boring as shit. As I mentioned last week, I'm on the phones
all week, 6 hours a day. Which, at the moment, means that I'm just killing
time and surfing on thar intarweb. Unfortunately I can't even SSH out of
here, so I can't do anything to get my server up and running. It's pissing
me off, because I have so much free time right now, and the one thing that
I've been trying to make the time to do is the one thing I just can't do.
I spent most of yesterday trying to figure out a way to bust around this
firewall so I can actually get something done, to no avail. It's pissing
In the first week of this job, I lost about 5 pounds because I was
actually moving around, doing stuff. If yesterday was any indication, this
week's going to give me those 5lbs right back, cause I'm sitting on my ass
on the phones yet again.
Changing the backup tapes went smoothly this morning for the second time
since I started here. Was a refreshing change.
Had a great weekend with the badgers, but it was far too short as weekends
are wont to be.
Damnit, meant to call my momma yesterday.
Oh, our TV went kablooie last night. Totally toast. So since our new bank
accounts had finally opened and we had money available to us again, we
went out and picked up a cheap replacement. Picture quality beats the heck
out of that 15 year old one it replaced. heh. As a result I had to redo
most of the electronic wiring in the house. Took me most of the evening,
but hey, I enjoy that kinda stuff. Anyway, that's why I didnt' get around
to calling the momma-bear. I'll call her this afternoon when it's slow
Anyway, work's picking up for the morning rush.
back to the *gag* phones.
I've thought about that, but the server is kinda a web server.
You happen to know if there's a way to bind SSH to a specific IP address? I've got like 100 to use. If I could bind it to listen on x.x.x.199:443, that'd be awesome.
The firewall allows FTP 21, http 80, SSL 443, and probably one or two others.
Let me know if you're bored and want to help me hack this out. ;o)
|Date:||September 8th, 2004 07:13 am (UTC)|| |
My kung fu is not strong.
maybe not, but your brew is.
whatcha up to? you've been quiet lately...
|Date:||September 8th, 2004 01:50 pm (UTC)|| |
I've got an Oktoberfest going that may make it to finish provided I actually managed to take care of the infection problem, and aside from that, I've mostly been down with my end of summer cold. I've had the time, but not the frame of mind to write.
...and then I got sucked into A Tale In The Desert II. Why I'm so thrilled to find mushrooms in a virtual Sahara, I don't know.
hmm, found something useful.
On machines with two or more NICs, typically routers and firewalls, the default is to listen on all network interfaces. Often on machines with more than one network card there will be good reasons for restricting ssh access to a specific card or cards. The ListenAddress can be used to restict sshd to listening only on the specified NICs. Assuming the Port has already been set, all that is needed is to place the IP address of the NIC to be allowed after the ListenAddress option. If the machine has three or more network cards, more than one ListenAddress option may be used. If a ListenAddress option is provided, any NIC that has not been specified will not accept ssh connections.
Looks like I can just bind the SSH server to a specific IP and Port.
but oh dear, apache is listening to port 80 on all IPs. Now I have to figure out if I can exclude one IP from it's listening.
|Date:||September 8th, 2004 02:14 pm (UTC)|| |
// telling apache to listen only on specific ips is easy.
// how do you have 100 public IPs? do you need apache
// listening on all of them? probably best to just listen on
// the ones you need. here is the relevant code from
[etc, etc, etc]
// find the section in your httpd.conf, which right now
// probably says 'Listen 0.0.0.0:80' and change it.
// or, you could always run mindterm on your http server.
echo hola | tr h c | sed -e 's#o# u #' -e 's#a#8r#'
figured that much out...
and mindterm might be a really good idea, except that from what I've played with it's really just a java client that runs locally, thus not fixing the firewall issue.
Now I'm having trouble setting up the virtual IPs on the ifconfig level.
I really just want about 5 IPs set up for now, but I'm still pulling my hair out.
I should just bite the bullet and ditch windows completely. I rarely game anymore anyway. As it is, I dabble in *nix and thus forget everything useful and have to relearn it.
back to trying to figure out why the eff this isn't working. I think it's my subnet mask.
|Date:||September 8th, 2004 02:34 pm (UTC)|| |
// if you're using freebsd i remember that getting the
// virtual ips to stay between reboots was really annoying.
// in particular, i'm pretty sure you want the subnet
// mask to be 0xffffffff (255.255.255.255) on all the
// aliases, otherwise you get into weird issues with your
// cards talking to each other. i think the kernel does
// the right thing.
// for freebsd, in /etc/rc.conf you want:
network_interfaces="ed0_alias0 ed0_alias1 ... ed0_alias5"
ifconfig_ed0_alias0="inet a.b.c.1 netmask 0xffffffff"
ifconfig_ed0_alias1="inet a.b.c.2 netmask 0xffffffff"
ifconfig_ed0_alias5="inet a.b.c.6 netmask 0xffffffff"
// windows makes you weak. unix makes you strong.
|Date:||September 8th, 2004 02:36 pm (UTC)|| |
// oh, and obviously you have to use ifconfig
// commands to set it up without a reboot. i'm
// pretty sure you know the syntax on that, it's
// using the 'alias' directive i think.
actually I'm running fedora at the moment. Had some weird hardware issues with the latest freebsd, so I ditched it. Couldn't get it to install.
|Date:||September 8th, 2004 02:49 pm (UTC)|| |
// well... my experiences with redhat-related products
// are almost uniformly bad (i have to work with enterprise
// AS 3.0 on amd64 boxes here at work sometimes).
// anyway, the following commands should just work:
# ifconfig eth0:1 a.b.c.2 up
# ifconfig eth0:2 a.b.c.3 up
# ifconfig eth0:5 a.b.c.6 up
// between reboots, i think this info is stored in
// /etc/network/interfaces, but as i said i hate redhat
// and am not sure what they're doing.
// in linux i'm pretty sure you don't ever specify the
// netmask for ip aliases... but i could be wrong.
that's what I tried, and I can't ping the IP once it's supposedly up.
You on AIM by any chance? I'm 'inthehandbasket'
I take it back, I can ping it from the same box via ssh, but I can't hit it from my machine.
Now what would do that... netmask? broadcast address?
|Date:||September 8th, 2004 02:56 pm (UTC)|| |
// your own firewall rules?? you probably need to add allows
// for the new IPs??