Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
faq:tcpip [2018/05/23 19:46] – [Bind] Added Linux errno example and netstat usage example digital man | faq:tcpip [2019/01/17 16:17] – [FTP NAT] Fixed typos. Removed stale info. digital man |
---|
* [[#block_hackers|Can Synchronet automatically block the IP address of hackers]]? | * [[#block_hackers|Can Synchronet automatically block the IP address of hackers]]? |
* [[#ssh_kex_algo|Why do some SSH clients fail to connect to my BBS]]? | * [[#ssh_kex_algo|Why do some SSH clients fail to connect to my BBS]]? |
| * [[#ssh_session_key|How do resolve the SSH error: importing session key to protect private key]]? |
| |
===== Ports ===== | ===== Ports ===== |
|SSH |22 |- |For SecureShell logins (recommended)| | |SSH |22 |- |For SecureShell logins (recommended)| |
|RLogin |513 |- |Optional for quick-login from RLogin clients (e.g. SyncTERM)| | |RLogin |513 |- |Optional for quick-login from RLogin clients (e.g. SyncTERM)| |
|SMTP |25 |- |Necessary for receiving Internet e-mail and inter-BBS instant messages| | |SMTP |25 |- |Necessary for receiving Internet e-mail | |
|Submission |587 |- |Necessary for users to send Internet e-mail through the BBS from a standard e-mail client| | |Submission |587 |- |Necessary for users to send Internet e-mail through the BBS from a standard e-mail client| |
| |Submission/TLS |465 |- |Necessary for users to send Internet e-mail through the BBS from a standard e-mail client using TLS((encrypted communications over TCP))| |
|POP3 |110 |- |Allows BBS users to check their e-mail using standard Internet mail clients (e.g. Outlook Express)| | |POP3 |110 |- |Allows BBS users to check their e-mail using standard Internet mail clients (e.g. Outlook Express)| |
| |POP3/TLS |995 |- |Allows BBS users to check their e-mail using standard Internet mail clients (e.g. Outlook Express) using TLS| |
|FTP |21 |- |Allows access to the BBS file/download areas using a standard FTP client or web browser| | |FTP |21 |- |Allows access to the BBS file/download areas using a standard FTP client or web browser| |
|HTTP |80 |- |Required for access to the BBS's web server| | |HTTP |80 |- |Required for access to the BBS's web server| |
| |HTTPS |443 |- |Required for secure access to the BBS's web server using TLS| |
|NNTP |119 |- |Allows BBS users to read and post messages using standard news readers/clients| | |NNTP |119 |- |Allows BBS users to read and post messages using standard news readers/clients| |
|Gopher |70 |- |Archaic protocol allows reading of messages and other BBS info| | |Gopher |70 |- |Archaic protocol allows reading of messages and other BBS info| |
|IRC |6667 |- |Allows Internet Relay Chat (IRC) clients to connect to your BBS| | |IRC |6667 |- |Allows Internet Relay Chat (IRC) clients to connect to your BBS| |
|Finger |79 |79 |Allows remote querying of BBS user info, who's online, and other BBS info| | |Finger |79 | |Allows remote querying of BBS user info, who's online, and other BBS info| |
|SYSTAT |11 |11 |Allows remote querying of who's online (aka Active Users)| | |SYSTAT |11 |11 |Allows remote querying of who's online (aka Active Users) required for [[module:sbbsimsg|inter-BBS instant messaging]]| |
|QOTD |17 |17 |Allows remote querying of the current auto-message (aka Quote Of The Day)| | |MSP |18 | |Allows incoming [[module:sbbsimsg|inter-BBS instant messages]]| |
|MSP |18 |18 |Allows incoming inter-BBS instant messages without SMTP connectivity| | |WS |1123 | |WebSocket Service - to support the [[http://ftelnet.ca|fTelnet web browser-based terminal]] | |
| |WSS |11235 | |WebSocket Secure Service - to support the [[http://ftelnet.ca|fTelnet web browser-based terminal]] over TLS | |
| |
Enabling connectivity to Synchronet through your firewall is no different than enabling connectivity to any other TCP/IP server. Follow your firewall documentation for forwarding or opening ports for TCP/IP servers located "behind" the firewall. Your firewall may have the option of placing the entire BBS computer in a "DMZ" (opening all its ports to the public Internet), but doing so is not normally recommended. | Enabling connectivity to Synchronet through your firewall is no different than enabling connectivity to any other TCP/IP server. Follow your firewall documentation for forwarding or opening ports for TCP/IP servers located "behind" the firewall. Your firewall may have the option of placing the entire BBS computer in a "DMZ" (opening all its ports to the public Internet), but doing so is not normally recommended. |
[[http://www.ncftpd.com/ncftpd/doc/misc/ftp_and_firewalls.html|This document]] contains the technical details about how and why and the recommended solutions. | [[http://www.ncftpd.com/ncftpd/doc/misc/ftp_and_firewalls.html|This document]] contains the technical details about how and why and the recommended solutions. |
| |
**Note**: Most web browsers (e.g. //Microsoft Internet Explorer//) use passive FTP transfer mode by default. | **Note**: Most web browsers use //passive// FTP transfer mode by default, though this may be configurable. |
| |
**Note**: Some FTP clients (e.g. the Windows command-line FTP client, ''ftp.exe'') only support active mode transfers. | **Note**: Some FTP clients (e.g. the Windows command-line FTP client, ''ftp.exe'') //only// support //active// mode transfers. |
| |
Enabling the logging of FTP data channel activity can help diagnose these kinds of problems. This can be done by adding the ''DEBUG_DATA'' option to the ''Options'' value in the ''[FTP]'' section of your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file or by checking the //Data Channel Activity// checkbox in the //Log// tab of the FTP Server Configuration dialog in the Synchronet Control Panel for Win32. | Enabling the logging of FTP data channel activity can help diagnose these kinds of problems. This can be done by adding the ''DEBUG_DATA'' option to the ''Options'' value in the ''[FTP]'' section of your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file or by checking the //Data Channel Activity// checkbox in the //Log// tab of the FTP Server Configuration dialog in the Synchronet Control Panel for Windows. |
| |
If you're having problems with passive transfers and you're seeing | |
!UNSUPPORTED COMMAND from username: 'P@SW' | |
in your FTP server log/window output, you're probably using an //SMC Barricade// router (see [[http://www.gbnetwork.co.uk/smcftpd/|this document]] for details). Upgrade to Synchronet v3.13a (FTP Server Revision 1.296) or later to work-around this problem with this device. | |
| |
If you're having problems with passive (PASV) transfers through your NAT/firewall device and you're running Synchronet v3.13a (FTP Server Revision 1.296) or later: | If you're having problems with passive (PASV) transfers through your NAT/firewall device and you're running Synchronet v3.13a (FTP Server Revision 1.296) or later: |
If the remote client is attempting to connect to your [[#private IP]] address (your NAT device isn't translating the PASV response from the FTP server) and you have a static [[#public IP]] address, you can work-around this limitation of your NAT device by using the ''PasvIpAddress'' value in the ''[FTP]'' section of your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file to specify your [[#public IP]] address. | If the remote client is attempting to connect to your [[#private IP]] address (your NAT device isn't translating the PASV response from the FTP server) and you have a static [[#public IP]] address, you can work-around this limitation of your NAT device by using the ''PasvIpAddress'' value in the ''[FTP]'' section of your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file to specify your IPv4 [[#public IP]] address. |
| |
This problem can be identified (on the client) by finding a comma-separated [[#private IP]] address in the PASV response received from the FTP server (in response to a directory or file transfer request from the client). | This problem can be identified (on the client) by finding a comma-separated [[#private IP]] address in the PASV response received from the FTP server (in response to a directory or file transfer request from the client). |
If you have a dynamically-assigned IP address (via DHCP), then your IP address may change at some point, so setting the ''PasvIpAddress'' to a specific IP address may not be a long term solution for your FTP Server. In Synchronet v3.14a and later, you can enable the new //Lookup Passive IP// feature by checking the //Lookup// checkbox on the //Passive// tab of the FTP Server Configuration Dialog in [[monitor:SBBSCTRL]]-Win32, or by adding ''LOOKUP_PASV_IP'' to the Options value in the ''[FTP]'' section of your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file. This option instructs the Synchronet FTP Server to perform a DNS hostname lookup on your BBS's public hostname and use the resulting IP address (which should be your BBS's [[#public IP]] address) in passive responses. | If you have a dynamically-assigned IP address (via DHCP), then your IP address may change at some point, so setting the ''PasvIpAddress'' to a specific IP address may not be a long term solution for your FTP Server. In Synchronet v3.14a and later, you can enable the new //Lookup Passive IP// feature by checking the //Lookup// checkbox on the //Passive// tab of the FTP Server Configuration Dialog in [[monitor:SBBSCTRL]]-Win32, or by adding ''LOOKUP_PASV_IP'' to the Options value in the ''[FTP]'' section of your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file. This option instructs the Synchronet FTP Server to perform a DNS hostname lookup on your BBS's public hostname and use the resulting IP address (which should be your BBS's [[#public IP]] address) in passive responses. |
| |
If your firewall cannot dynamically open/forward FTP PASV data ports for incoming passive FTP data connections, you can specifiy a limited range of TCP port numbers to use for passive transfers by modifying the PasvPortLow and PasvPortHigh values in the ''[FTP]'' section of your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file. You will of course need to configure your firewall device to open/forward these ports to your FTP server. | If your firewall cannot dynamically open/forward FTP PASV data ports for incoming passive FTP data connections, you can specify a limited range of TCP port numbers to use for passive transfers by modifying the PasvPortLow and PasvPortHigh values in the ''[FTP]'' section of your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file. You will of course need to configure your firewall device to open/forward these ports to your FTP server. |
| |
===== Bind ===== | ===== Bind ===== |
$ ssh -m hmac-md5 user@yourbbs.com | $ ssh -m hmac-md5 user@yourbbs.com |
| |
| ===== SSH Session Key ===== |
| :?: **Question:**\\ |
| How do I resolve the following terminal server SSH error? |
| |
| 'Couldn't import the session key used to protect the private key' (-22) getting private key |
| |
| :!: **Answer:**\\ |
| Rename/move or delete your ''[[dir:ctrl]]/cryptlib.key'' file. |
| |
===== See Also ===== | ===== See Also ===== |