Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
faq:tcpip [2018/02/17 19:55] – [SSH Kex Algo] updated to mention cryptlib 3.4.4 and issue with .ssh/config work-around if left in place digital manfaq:tcpip [2019/01/01 23:53] – Added WS & WSS, removed some unused UDP ports. Added SMTP-Submission/TLS and POP3 over TLS ports. digital man
Line 15: Line 15:
   * [[#block_hackers|Can Synchronet automatically block the IP address of hackers]]?   * [[#block_hackers|Can Synchronet automatically block the IP address of hackers]]?
   * [[#ssh_kex_algo|Why do some SSH clients fail to connect to my BBS]]?   * [[#ssh_kex_algo|Why do some SSH clients fail to connect to my BBS]]?
 +  * [[#ssh_session_key|How do resolve the SSH error: importing session key to protect private key]]?
  
 ===== Ports ===== ===== Ports =====
Line 30: Line 31:
 |SSH         |22 |- |For SecureShell logins (recommended)| |SSH         |22 |- |For SecureShell logins (recommended)|
 |RLogin         |513 |- |Optional for quick-login from RLogin clients (e.g. SyncTERM)| |RLogin         |513 |- |Optional for quick-login from RLogin clients (e.g. SyncTERM)|
-|SMTP         |25 |- |Necessary for receiving Internet e-mail and inter-BBS instant messages|+|SMTP         |25 |- |Necessary for receiving Internet e-mail 
 +|Submission     |587 |- |Necessary for users to send Internet e-mail through the BBS from a standard e-mail client| 
 +|Submission/TLS |465 |- |Necessary for users to send Internet e-mail through the BBS from a standard e-mail client using TLS((encrypted communications over TCP))|
 |POP3         |110 |- |Allows BBS users to check their e-mail using standard Internet mail clients (e.g. Outlook Express)| |POP3         |110 |- |Allows BBS users to check their e-mail using standard Internet mail clients (e.g. Outlook Express)|
 +|POP3/TLS       |995 |- |Allows BBS users to check their e-mail using standard Internet mail clients (e.g. Outlook Express) using TLS|
 |FTP         |21 |- |Allows access to the BBS file/download areas using a standard FTP client or web browser| |FTP         |21 |- |Allows access to the BBS file/download areas using a standard FTP client or web browser|
 |HTTP         |80 |- |Required for access to the BBS's web server| |HTTP         |80 |- |Required for access to the BBS's web server|
 +|HTTPS         |443 |- |Required for secure access to the BBS's web server using TLS|
 |NNTP         |119 |- |Allows BBS users to read and post messages using standard news readers/clients| |NNTP         |119 |- |Allows BBS users to read and post messages using standard news readers/clients|
 |Gopher         |70 |- |Archaic protocol allows reading of messages and other BBS info| |Gopher         |70 |- |Archaic protocol allows reading of messages and other BBS info|
 |IRC         |6667 |- |Allows Internet Relay Chat (IRC) clients to connect to your BBS| |IRC         |6667 |- |Allows Internet Relay Chat (IRC) clients to connect to your BBS|
-|Finger         |79 |79 |Allows remote querying of BBS user info, who's online, and other BBS info| +|Finger         |79 | |Allows remote querying of BBS user info, who's online, and other BBS info| 
-|SYSTAT         |11 |11 |Allows remote querying of who's online (aka Active Users)| +|SYSTAT         |11 |11 |Allows remote querying of who's online (aka Active Users) required for [[module:sbbsimsg|inter-BBS instant messaging]]
-|QOTD         |17 |17 |Allows remote querying of the current auto-message (aka Quote Of The Day)+|MSP         |18 |  |Allows incoming [[module:sbbsimsg|inter-BBS instant messages]]| 
-|MSP         |18 |18 |Allows incoming inter-BBS instant messages without SMTP connectivity|+|WS             |1123         |WebSocket Service - to support the [[http://ftelnet.ca|fTelnet web browser-based terminal]] | 
 +|WSS            |11235  |       |WebSocket Secure Service - to support the [[http://ftelnet.ca|fTelnet web browser-based terminal]] over TLS |
  
 Enabling connectivity to Synchronet through your firewall is no different than enabling connectivity to any other TCP/IP server. Follow your firewall documentation for forwarding or opening ports for TCP/IP servers located "behind" the firewall. Your firewall may have the option of placing the entire BBS computer in a "DMZ" (opening all its ports to the public Internet), but doing so is not normally recommended.  Enabling connectivity to Synchronet through your firewall is no different than enabling connectivity to any other TCP/IP server. Follow your firewall documentation for forwarding or opening ports for TCP/IP servers located "behind" the firewall. Your firewall may have the option of placing the entire BBS computer in a "DMZ" (opening all its ports to the public Internet), but doing so is not normally recommended. 
Line 244: Line 250:
   0420 !ERROR 48 binding FTP Server socket to port 21    0420 !ERROR 48 binding FTP Server socket to port 21 
  
-This usually means you have another TCP/IP server on your system that is already bound to (and is presumably already listening for incoming connections on) this port. This could be a pre-existing instance of Synchronet or any other Telnet/Web/Mail/FTP servers that you may have installed on your systemYou can use utilities such as [[man>netstat]] (for Windows or Unix) or [[http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx|TCPView]] (for Windows) to verify what programs (if any) have the TCP or UDP port in question already bound. If these utilities do not report any program is bound to (and listening) on this port, you can try Telnetting to the port in question and see if anything answers. If you're unable to connect to the port with a Telnet client and Synchronet cannot bind the port, your TCP/IP stack probably needs to be reset, so a system reboot may be in order+**Note:**\\ 
 +On Unix-like systems, the error number may be different, e.g''ERROR 98'' (EADDRINUSE) on Linux.
  
-If you're running a Unix-like operating system (not Windows) and get bind errors only when recycling servers, this is most likely because a TCP session is stuck in a ''TCP TIMEWAIT'' state (you can use netstat to verify this). The session will eventually time-out and close properly on its own, allowing the port to be re-bound at that time. To work-around this problem, you can either increase the ''BindRetryCount'' and/or ''BindRetryDelay'' values in your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file, or you can add the following line to your ''[[dir:ctrl]]/[[config:sockopts.ini]]'' file: +This usually means you have another TCP/IP server on your system that is already bound to (and is presumably already listening for incoming connections on) this port. This could be a pre-existing instance of Synchronet or any other Telnet/Web/Mail/FTP servers that you may have installed on your system. You can use utilities such as ''[[man>netstat]]'' (for Windows or Unix((e.g. 'netstat -naptu' as root user on Linux))) or [[http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx|TCPView]] (for Windows) to verify what programs (if any) have the TCP or UDP port in question already bound. If these utilities do not report any program is bound to (and listening) on this port, you can try Telnetting to the port in question and see if anything answers. If you're unable to connect to the port with a Telnet client and Synchronet cannot bind the port, your TCP/IP stack probably needs to be reset, so a system reboot may be in order.  
 + 
 +If you're running a Unix-like operating system (not Windows) and get bind errors only when recycling servers, this is most likely because a TCP session is stuck in a ''TCP TIMEWAIT'' state (you can use ''[[man>netstat]]'' to verify this). The session will eventually time-out and close properly on its own, allowing the port to be re-bound at that time. To work-around this problem, you can either increase the ''BindRetryCount'' and/or ''BindRetryDelay'' values in your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file, or you can add the following line to your ''[[dir:ctrl]]/[[config:sockopts.ini]]'' file: 
   REUSEADDR=1    REUSEADDR=1 
  
Line 338: Line 347:
   $ ssh -m hmac-md5 user@yourbbs.com   $ ssh -m hmac-md5 user@yourbbs.com
  
 +===== SSH Session Key =====
 +:?: **Question:**\\
 +How do I resolve the following terminal server SSH error?
 +
 +  'Couldn't import the session key used to protect the private key' (-22) getting private key
 +
 +:!: **Answer:**\\
 +Rename/move or delete your ''[[dir:ctrl]]/cryptlib.key'' file.
  
 ===== See Also ===== ===== See Also =====
faq/tcpip.txt · Last modified: 2020/06/01 21:33 by digital man
Back to top
CC Attribution 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0