Playing with the sockets: socat and netcat

Connect two netcats to each other

mkfifo backpipe
nc localhost 55545 0backpipe

Telnet with readline and a history:

socat -d -d READLINE,history=$HOME/.http_history \
TCP4:www.domain.org:www,crnl

Talk to your modem in raw mode:

socat - /dev/ttyS0,raw,echo=0,crnl

Simulate tail -f:

socat -u /var/log/messages,seek-end=0,ignoreeof -

Give a random interactive program, such as nslookup, a history:

socat readline,history=.nslookup_hist exec:"nslookup",pty,ctty,setsid,echo=0

Use your modem with a non-persistent history:

socat readline /dev/ttyS0,raw,echo=0,crlf,nonblock

Use your modem with a persistent history:

socat READLINE,history:/tmp/serial.cmds \
  OPEN:/dev/ttyS0,ispeed=9600,ospeed=9600,crnl,raw,sane,echo=false

To dos (as in tofrodos):

socat -u - -,crlf

From dos (as in tofrodos):

socat -u -,cr -

Run sendmail daemon with your favorite network options

Warning: using this wrong may result in becoming an open relay!

socat TCP-LISTEN:25,fork,ip-ttl=4,ip-tos=7,tcp-maxseg=576 EXEC:"/usr/sbin/sendmail -bs",nofork

Send a mail using chat (from ppp package):

socat -d -d system:'/usr/sbin/chat "220 " "HELO loopback" "250 " "MAIL FROM: <root@localhost>" "250 " "RCPT TO: root" "250 " "DATA" "354 " "test'$(echo -e "\r.")'" "250 " "QUIT"',pty,echo=0,cr tcp:localhost:25,crlf,nodelay

Connect remote X :1 to local X :0

socat exec:'ssh root@troas socat unix-l\:/tmp/.X11-unix/X1 -' unix:/tmp/.X11-unix/X0

Note the escaping of the colon in the remote command.

Sending a file - Server sending the file

server$ socat -u FILE:test.dat TCP-LISTEN:9876,reuseaddr
client$ socat -u TCP:127.0.0.1:9876 OPEN:out.dat,creat

Sending a file - Server receiving the file

server$ socat -u TCP-LISTEN:9876,reuseaddr OPEN:out.txt,creat
client$ socat -u FILE:test.txt TCP:127.0.0.1:9876

Be a syslog server:

socat -u UDP4-LISTEN:5140,reuseaddr,fork OPEN:/tmp/syslog.msg,creat,append

I can't figure out how to put a newline after each message...

Send syslog messages to screen:

socat -t0 -T0 -u UDP4-LISTEN:514,reuseaddr,fork -

To get time from time server:

socat TCP:time.nist.gov:13 -

Really sick - use socat as a VPN solution:

socat -d -d  \
    TUN:192.168.99.2/24,up \
    SYSTEM:"ssh root@remote-server socat -d -d  - 'TUN:192.168.99.1/24,up'"

This must be run as a user that can modify tap/tun devices on both sides of the tunnel.

Use a remote modem

On the side with the modem

socat /dev/ttyS0,raw,echo=0 tcp4-listen:3334

On the side where you want the modem transferred

socat PTY,link=$HOME/vmodem0,raw,echo=0 TCP:servername:3334

You can now access remote /dev/ttyS0 through local $HOME/vmodem0

Use a remote modem over SSH

socat PTY,link=$HOME/vmodem0,waitslave \
 EXEC:"ssh root@remote-server socat - /dev/ttyS0"

You can now access remote /dev/ttyS0 through local $HOME/vmodem0. Remove waitslave to keep alive after local client disconnect.

Using OpenSSL over UDP

This uses a chaining method I believe to be only available in socat2.
On the listening side:

socat2 - "OPENSSL-SERVER,cert=client.pem,cafile=server.crt|UDP4-LISTEN:4430,fork"

On the connecting side:

socat2 exec:ls "OPENSSL-CLIENT,cert=server.pem,cafile=client.crt|UDP4:localhost:4430"

OpenSSL Tunnel

First, generate certificates and distribute them to either side:

FILENAME=server
openssl genrsa -out $FILENAME.key 1024 
openssl req -new -key $FILENAME.key -x509 -days 3653 -out $FILENAME.crt 
cat $FILENAME.key $FILENAME.crt >$FILENAME.pem 
chmod 600 $FILENAME.key $FILENAME.pem 
 
FILENAME=client
openssl genrsa -out $FILENAME.key 1024 
openssl req -new -key $FILENAME.key -x509 -days 3653 -out $FILENAME.crt 
cat $FILENAME.key $FILENAME.crt >$FILENAME.pem 
chmod 600 $FILENAME.key $FILENAME.pem

On the listening side:

socat openssl-listen:4433,reuseaddr,cert=server.pem,cafile=client.crt tcp-connect:localhost

On the connecting side:

socat - openssl-connect:server.domain.org:4433,cert=client.pem,cafile=server.crt

More information:
1 2

© GeekLabInfo Playing with the sockets: socat and netcat is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 5.00 out of 5)
Loading...

Simple dual uplink configuration

Last week I switched from ADSL to EuroDOCSIS cable. I couldn't just shut down the DSL connection as several services were still connecting to that IP. So I made my home router (Fedora 15) kind of multihomed.

Configuration

I haven't even taken the time to seperate the ADSL and cable modems, I just hooked them up to the same network interface. Of course, they got their own IP range.

ADSL modem: 192.168.2.254/24
Cable modem: 192.168.1.1/24

Step 1: Add ip
ip addr add 192.168.1.2 dev eth0

Step 2: Routing
By default we send all outgoing packages to the default gateway at 192.168.2.254. Only packets that are answers to incoming packets on the 192.168.1.x network must be routed back to 192.168.1.1
ip rule add from 192.168.1.0/24 lookup 1001
ip route add default gw 192.168.1.1 table 1001

That's all. Of course, above setup only takes care of answering to incoming packets. If you want to load-balance or have a fail-over setup, I suggest you read the Linux Advanced Routing & Traffic Control HOWTO.

© GeekLabInfo Simple dual uplink configuration is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Native IPv6: First steps

Today I made my first native IPv6 connection. I've been running Teredo/Miredo on my laptop for quite a while now, and I thought it was time to get a real IPv6 connection. I could use IPv6 autoconfiguration, but on a server you need a fixed IP.

Needed software

Install required packages that are not included in the Fedora default install:
yum install iproute2 ndisc6

Configuring manually

Configuring the network is not that much different from configuring an IPv4 address.

IPv4IPv6
ip addr add 1.2.3.4/24 dev eth0ip addr add 2001:1BE8:DEAD:BEEF::1a1a/64 dev eth0
ip route add default via 1.2.3.254ip route add default via 2001:1BE8:DEAD:BEEF::1

Now test it by pinging/tracerouting some known IPv6 services:

[root@localhost ~]# ping6 ipv6.google.com
PING ipv6.google.com(2a00:1450:8003::69) 56 data bytes
64 bytes from 2a00:1450:8003::69: icmp_seq=1 ttl=58 time=7.19 ms
64 bytes from 2a00:1450:8003::69: icmp_seq=2 ttl=58 time=7.52 ms
64 bytes from 2a00:1450:8003::69: icmp_seq=3 ttl=58 time=6.98 ms
64 bytes from 2a00:1450:8003::69: icmp_seq=4 ttl=58 time=7.44 ms
^C
--- ipv6.google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 6.989/7.287/7.525/0.227 ms
[root@localhost ~]# tracert6 ipv6.google.com
traceroute to ipv6.google.com (2a00:1450:8003::69) from 2001:1be8:dead:beef::1a1a, 30 hops max, 60 bytes packets
1 2001:1be8:dead:beef::1 (2001:1be8:3f03:541::1) 1.024 ms 0.970 ms 1.036 ms
2 2001:1be8::310:1 (2001:1be8::310:1) 2.618 ms 2001:1be8::300:1 (2001:1be8::300:1) 2.583 ms 2001:1be8::310:1 (2001:1be8::310:1) 2.527 ms
3 pr61.ams04.net.google.com (2001:7f8:1::a501:5169:1) 2.865 ms 2.536 ms 2.184 ms
4 2001:4860::1:0:4b3 (2001:4860::1:0:4b3) 2.801 ms 3.156 ms 24.731 ms
5 2001:4860::2:0:66e (2001:4860::2:0:66e) 7.021 ms 6.830 ms 96.541 ms
6 2001:4860:0:1::31 (2001:4860:0:1::31) 7.092 ms 7.367 ms 12.089 ms
7 2a00:1450:8003::69 (2a00:1450:8003::69) 6.996 ms 7.550 ms 7.341 ms

Configure at boot time

Step 1. Enable IPv6 networking

vim /etc/sysconfig/network
then add (or replace):
NETWORKING_IPV6=yes

Step 2. Configure IPv6 addresses

vim /etc/sysconfig/network-scripts/ifcfg-eth0
then add the following lines:
IPV6INIT=yes
IPV6ADDR=2001:1BE8:DEAD:BEEF::1a1a/64
IPV6_DEFAULTGW=2001:1BE8:DEAD:BEEF::1

Step 3. Test

Run service network restart or reboot to test.
Warning: if you do this remotely, you may lose the connection. I first locked myself out of my test machine, but I always got a KVM switch attached or VMWare console.

Security

Please remember that using IPv6 also means that there's a new entrance to your network. Use ip6tables to set up a firewall.

Ubuntu/Debian

I'm running RedHat-based software on all of my machines. Above information may be useful for Ubuntu/Debian users, but it's not tested and I'm not supporting it.

Servers: RedHat Enterprise Linux/CentOS is more suitable for servers, as there's a lot of professional level support available. I think that's important, because if I say, get a car accident, I want the servers to be managable by another professional.

Desktops/Laptops: RPM packages are pretty exchangable between RedHat-based platforms. That's a good reason to run Fedora on the desktop.
© GeekLabInfo Native IPv6: First steps is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...