Posts Tagged ‘modified version’

Create simple proxy http server with netcat ( nc ) based tiny shell script

Tuesday, January 26th, 2021

use-Netcat_proxy-picture

The need of proxy server is inevitable nowadays especially if you have servers located in a paranoid security environments. Where virtually all is being passed through some kind of a proxy server. In my work we have recently started a  CentOS Linux release 7.9.2009 on HP Proliant DL360e Gen8 (host named rhel-testing).

HP DL360e are quite old nowadays but since we have spare servers and we can refurnish them to use as a local testing internal server Hypervisor it is okay for us. The machine is attached to a Rack that is connected to a Secured Deimilitarized Zone LAN (DMZ Network) which is so much filtered that even simple access to the local company homebrew RPM repository is not accessible from the machine.
Thus to set and remove software from the machine we needed a way to make yum repositories be available, and it seems the only way was to use a proxy server (situated on another accessible server which we use as a jump host to access the testing machine).

Since opening additional firewall request was a time consuming non-sense and the machine is just for testing purposes, we had to come with a solution where we can somehow access a Local repository RPM storage server http://rpm-package-server-repo.com/ for which we have a separate /etc/yum.repos.d/custom-rpms.repo definition file created.

This is why we needed a simplistic way to run a proxy but as we did not have the easy way to install privoxy / squid / haproxy or apache webserver configured as a proxy (to install one of those of relatively giant piece of software need to copy many rpm packages and manually satisfy dependencies), we looked for a simplistic way to run a proxy server on jump-host machine host A.

A note to make here is jump-host that was about to serve as a proxy  had already HTTP access towards the RPM repositories http://rpm-package-server-repo.com and could normally fetch packages with curl or wget via it …

For to create a simple proxy server out of nothing, I've googled a bit thinking that it should be possible either with BASH's TCP/IP capabilities or some other small C written tool compiled as a static binary, just to find out that netcat swiss army knife as a proxy server bash script is capable of doing the trick.

Jump host machine which was about to be used as a proxy server for http traffic did not have enabled access to tcp/port 8888 (port's firewall policies were prohibiting access to it).Since 8888 was the port targetted to run the proxy to allow TCP/IP port 8888 accessibility from the testing RHEL machine towards jump host, we had to issue first on jump host:

[root@jump-host: ~ ]# firewall-cmd –permanent –zone=public –add-port=8888/tcp

To run the script once placed under /root/tcp-proxy.sh on jump-host we had to run a never ending loop in a GNU screen session to make sure it runs forever:

Original tcp-proxy.sh script used taken from above article is:
 

#!/bin/sh -e

 

if [ $# != 3 ]
then
    echo "usage: $0 <src-port> <dst-host> <dst-port>"
    exit 0
fi

TMP=`mktemp -d`
BACK=$TMP/pipe.back
SENT=$TMP/pipe.sent
RCVD=$TMP/pipe.rcvd
trap 'rm -rf "$TMP"' EXIT
mkfifo -m 0600 "$BACK" "$SENT" "$RCVD"
sed 's/^/ => /' <"$SENT" &
sed 's/^/<=  /' <"$RCVD" &
nc -l -p "$1" <"$BACK" | tee "$SENT" | nc "$2" "$3" | tee "$RCVD" >"$BACK"

 

Above tcp-proxy.sh script you can download here.

I've tested the script one time and it worked, the script syntax is:

 [root@jump-host: ~ ]#  sh tcp-proxy.sh
usage: tcp-proxy.sh <src-port> <dst-host> <dst-port>


To make it work for one time connection I've run it as so:

 

 [root@jump-host: ~ ]# sh tcp-proxy.sh 8888 rpm-package-server-repo.com 80

 

 

To make the script work all the time I had to use one small one liner infinite bash loop which goes like this:

[root@jump-host: ~ ]#  while [ 1 ]; do sh tcp-proxy.sh 8888 rpm-package-server-repo.com 80; done​

On rhel-testing we had to configure for yum and all applications to use a proxy temporary via
 

[root@rhel-tresting: ~ ]# export http_proxy=jump-host_machine_accessibleIP:8888


And then use the normal yum check-update && yum update to apply to rhel-testing machine latest RPM package security updates.

The nice stuff about the tcp-proxy.sh with netcat in a inifite loop is you will see the binary copy of traffic flowing on the script which will make you feel like in those notorious Hackers movies ! 🙂

The stupid stuff is that sometimes some connections and RPM database updates or RPMs could be cancelled due to some kind of network issues.

To make the connection issues that are occuring to the improvised proxy server go away we finally used a slightly modified version from the original netcat script, which read like this.
 

#!/bin/sh -e

 

if [ $# != 3 ]
then
    echo "usage: $0 <src-port> <dst-host> <dst-port>"
        exit 0
        fi

        TMP=`mktemp -d`
        BACK=$TMP/pipe.back
        SENT=$TMP/pipe.sent
        RCVD=$TMP/pipe.rcvd
        trap 'rm -rf "$TMP"' EXIT
        mkfifo -m 0600 "$BACK" "$SENT" "$RCVD"
        sed 's/^/ => /' <"$SENT" &
        sed 's/^/<=  /' <"$RCVD" &
        nc –proxy-type http -l -p "$1" <"$BACK" | tee "$SENT" | nc "$2" "$3" | tee "$RCVD" >"$BACK"


Modified version tcp-proxy1.sh with –proxy-type http argument passed to netcat script u can download here.

With –proxy-type http yum check-update works normal just like with any normal fully functional http_proxy configured.

Next step wasto make the configuration permanent you can either add to /root/.bashrc or /etc/bashrc (if you need the setting to be system wide for every user that logged in to Linux system).

[root@rhel-tresting: ~ ]#  echo "http_proxy=http://jump-host_machine_accessibleIP:8888/" > /etc/environment


If you need to set the new built netcat TCP proxy only for yum package update tool include proxy only in /etc/yum.conf:

[root@rhel-tresting: ~ ]# vi /etc/yum.conf
proxy=http_proxy=http://jump-host_machine_accessibleIP:8888/


That's all now you have a proxy out of nothing with just a simple netcat enjoy.

Qmail redirect mail to another one and keep local Mailbox copy with .qmail file – Easy Set up email forwarding Qmail

Saturday, August 11th, 2018

Qmail redirect mail box to another one with .Qmail file dolphin artistic logo

QMail (Considered to be the most secure Mail server out there whose modified version is running on Google – Gmail.com and Mail Yahoo! and Yandex EMail (SMTP) servers, nowadays has been highly neglected and considered obsolete thus most people prefer to use postfix SMTP or EXIM but still if you happen to be running a number of qmail old rack Mail servers (running a bunch of Email addresses and Virtual Domains straight on the filesystem – very handy by the way for administration much better than when you have a Qmail Mail server configured to store its Mailboxes within MySQL / PostgreSQL or other Database server – because simple vpopmail configured to play nice with Qmail and store all user emails directly on Filesystem (though considered more insecure the email correspondence can be easily red, if the server is hacked it is much better managable for a small and mid-sized mailserver) or have inherited them from another sys admin and you wonder how to redirect a single Mailbox:

(under domain lets say domain's email  my-server1.com should forward to to SMTP domain my-server-whatever2.com (e.g. your-email-username@server-whatever1.com is supposed to forward to your-email-username2@server-whatever2.com).
To achieve it create new file called .qmail

Under the Qmail or VirtualDomain location for example:

/var/qmail/mailnames/myserver1.com/username/.qmail

 

e.g
 

root@qmail-server:~# vim /var/qmail/mailnames/myserver1.com/your-email-username/.qmail
&your-email-username@server-whatever1.com

your-email-username@example1.com
/home/vpopmail/domains/server-whatever2.com/your-email-username/Maildir/


!!! NOTE N.B. !!! the last slash / after Maildir (…Maildir/) is important to be there otherwise mail will not get delivered
That's all now send a test email, just to make sure redirection works properly, assuming the .qmail file is created by root, by default the file permissions will be with privileges root:root.

Note
 

That shouldn't be a problem at all. That's all now enjoy emails being dropped out to the second mail 🙂

 

24 of May National feast of Bulgarian Education Enlightenment and Culture

Friday, May 24th, 2013

saint Cyril and Methodius holding Cyrillic Glagolic manuscript 24th of May most light Bulgarian national feast

24-th of May is one of well known newest and most bright Bulgarian national feasts. 24th of May is officially one of the most light Bulgarian feasts and there is virtually no Bulgarian who doesn't connect this feast with Celebrations related to Bulgarian Cyrillic Alphabet and the Holy brothers st., st. CYRIL and METHODIUS as well as their 5 pupils , CLEMENT, NAHUM, GORAZD, ANGELARIUS, SAVVA – known here in Bulgaria as the 7-th Holy enlighteners of the Bulgarian lands. The alphabet invented by the 2 holy brothers was with the goal of translating the Holy Scriptures in understandable language to Slavonic tribes inhabiting (Great Moravia and Panonia) big part of Bulgarian lands as well as many other regions of Eastern Europe. Today the 2 holy brothers are righteously called "Apostles of the Slavs". The two brothers devised the most ancient form of a Cyrillic language (Glagolitic Alphabet / Glagolitsa –  glagoliti means "to speak"), whose modified version the Cyrillic used to this very day in Slavonic part of Orthodox Eastern Church, which in practice nowadays makes up near half of the Eastern Orthodox Church Christian people (about 200 000 000 members) – from Bulgaria, Russia, Belarus, Serbia,  Ukraine, Croatia, Poland, Kazakhstan, Czech, Slovakia, Slovenia

Codex Zographensis Bulgarian Christian Orthodox Zographus Monastery Holy mount Athos

Page of Codex Zographensis nowadays kept in Bulgarian Zograf Monastery St. gt. martyr George

Glagolic alphabet consisted of 41 letters. Many of the letters were devised based on Greek, where others were created based on Latin, Arabic / Coptic, Hebrew  and some other not still determined languages of the time.

According to some modern research 5 pupils of st. Cyril and Methodius – st. Clement,Nahum, Gorazd, Savva and Angelarius re-formed Glagolitsa and create Cyrillic alphabet used to these days among about 450 000 000 ppl around the world. Because Cyrillic was easier for writting with time last Glagolitic manuscripts started to disappear around the middle age XV-th century. 

Asemanievo Gospel from the end of X-th XI century Glagolic and cyrillic letters

St. King Boris – The Baptizer of Bulgarian lands accepted st. Cyril and Methodius pupils and created 2 early Spiritual / Enlightenment Schools in Preslav and Ohrid. In this two spiritual centers many Church books were copied / transcribed. Many of the translations of Holy Scriptures and Living of the saints made in Preslav and Ohrid are nowadays influenced Church life in Russia, Serbia and Romania. Some of the original manuscripts produced in there are nowadays kept mainly in Russia and Serbia.

Celebrating of 24-th of May as a national and Church feast of Bulgarian Enlightenment and Bulgarian Culture started as such  in the pre-liberation from Ottoman Turkish slavery period around y. 1852. According to some historical documents the feast was first celebrated on 22 of May in still "unliberated" Bulgarian Church (which at that time belongs to Greek Patriarchy). Initially the feast was celebrated on 11th of May as one feast both celebrated in Church and nation. Later after secularization period since 1969, two feasts developed one Church official in 11-th of May and one nationwide in 24-th of May. The feast 24-th of May is celebrated on this date since 1969. Today though Bulgarian Orthodox Church marks the remembrance of holy brothers st. Cyril and Methodius on 11-th of May. Every 24-th of May there is a Holy Liturgy served asking God to bless Bulgarian nation and grant us good nation health and success in all good knowledge. In relation to Bulgarian Liberation period, there was need for writing a secular Hymn for the feast. In City of Ruse in y. 1892 Stoyan Mihailovski then a teacher in High School writes a hymn which is well known and sign even by this day by Bulgarians – the infamous "Върви народе възродени" / "Walk straight, oh renewed nation".

ХОР"БОДРА СМЯНА" – ВЪРВИ, НАРОДЕ ВЪЗРОДЕНИ!