Ben Biddington

Whatever it is, it's not about "coding"

Posts Tagged ‘howto

How to host a website from home

leave a comment »

My weekend project for the last couple of weeks has been to find out how to expose a website from my home computer.

And after doing so, it appears there are two requirements:

  1. Instructing firewall to forward ports
  2. Allowing requests through firewall on the target computer

I am using a SpeedTouch 585 forwarding to a laptop running Windows 7.

It is also recommended of course that you have a static ip address.

How to instruct router to forward a port

TIP: Ensure you don’t have an ip address conflict (i.e., more than one computer on the same ip address) on your network, perhaps that confuses things for forwarding. Giving whatever machine you’re forwarding to a static ip address probably makes sense — you won’t need to change anything when that machine joins network then.

I have a SpeedTouch 585, and I did it through the web interface:

  • Go to: “Home > Home Network > Devices > [device name]”
  • Select “Configure” from the upper right part of the screen (between “Overview” and “Help”)
  • From the “Connection Sharing” section, select “HTTP Server (World Wide Web)” from the list and press the “Add” button
  • You’re now forwarding all HTTP requests to your public ip address on port 80 to your selected device on port 80.

There are full also instructions for port forwarding on a SpeedTouch 585.

TIP: You can telnet straight in to router on default port (23), bypassing the web UI.

TIP: Windows 7 has telnet disabled. Search for “turn Windows features on or off” to get the applet for enabling it.

Adding new firewall rules

Firewall rules are edited and applied through the “Game & Application Sharing” section.

For example. you may wish to host a website on port 99 on your laptop:

  • Go to “Home > Toolbox > Game & Application Sharing”
  • From the “Pick a task…” section, choose “Create a new game or application”
  • From the “Clone Existing Game or Application” list, choose “HTTP Server (World Wide Web)”
  • Check “Manual Entry of Port Maps”
  • Press “Next”
  • Enter 80 and 80 as the “Port Range”
  • Enter 99 as the “Translate to”
  • That’s it

Here’s the resultant mapping:

Protocol  Port Range	Translate To ...  Trigger Protocol  Trigger Port
Any	  80 - 80	99 - 99		  -		    -

TIP: You cannot edit anything in the “Home > Toolbox > Game & Application Sharing > Game or Application Definition” list if it is assigned to something (The edit link is missing). Unassign it before you edit it.

TIP: You have to explicitly enable logging for each “Game of Application” you attach to a device, otherwise you’ll get no logging at all.

What forwarding rules really look like

In the event logs, here’s what I get when I run a test with port 80:

FIREWALL rule (1 of 1) : Protocol: TCP
Src ip: 69.163.149.200
Src port: 47603
Dst ip: 192.168.1.65
Dst port: 99
Chain: forward_host_service
Rule Id: 2
Action: accept

Even though it does display an amber light instead of green, I think this is just a forwarding record, not a warning.

That stuff about the forward_host_service chain is available via telnet. Telnet in to your router and open the chains list.

Here are the chains I have:

Name                                             Description
-----------------------------------------------------------------
sink                                             system
forward                                          system
source                                           system
sink_fire                                        system
forward_fire                                     system
source_fire                                      system
forward_host_service                             system
forward_level                                    system
sink_system_service                              system
forward_multicast                                system
forward_level_BlockAll                           system
forward_level_Standard                           system
forward_level_Disabled                           system

Which includes forward_host_service, which contains these rules (including number 3):

:firewall rule list chain=forward_host_service format=cli

:firewall rule add chain=forward_host_service index=1
    name=_f_u_192.168.1.65:55768_55768
    dstip=_u_192.168.1.65
    serv=_u_17:55768_55768
    log=disabled
    state=enabled
    action=accept

:firewall rule add chain=forward_host_service index=2
    name=_f_sv_192.168.1.65:80_80
    dstip=_sv_192.168.1.65
    serv=_sv_6:99_99
    log=disabled
    state=enabled
    action=accept

:firewall rule add chain=forward_host_service index=3
    name=_f_sv_192.168.1.65:3128_3128
    dstip=_sv_192.168.1.65
    serv=_sv_6:3128_3128
    log=enabled
    state=enabled
    action=accept

How to allow connections through your firewall

Depends on your vendor obviously, but I am running ESET and I did this:

  1. Setup > Personal firewall > Configure rules and zones…
  2. Add new rule: TCP & UDP, port 80, All remote ports, All addresses

Coping with rejection

If you’ve gotten this far, then your router is forwarding as expected, but the test may still be failing. The next place to look then is on the machine being forwarded to.

Inspect the firewall logs on the target machine and you should have something like:

Packet blocked by active defense (IDS)
192.168.1.65:99
69.163.149.200:41791
TCP

So I had to add a new firewall rule.

If you have problems with your rules, put the firewall into interactive mode (this will prompt you to allow or deny all incoming requests), run the test, accept the connection and inspect the rule it generates.

TIP: Take care with the executable, try the rule with and without to see if it makes a difference.

How to test your router is open on a particular port

Try this utility.

Troubleshooting

Where are the SpeedTouch router log files?

Home > SpeedTouch > Event Logs

References

Advertisements

Written by benbiddington

4 May, 2010 at 13:37

Whose leg do I have to hump to get a Facebook developers forum account?

with 4 comments

How does one go about registering for the Facebook developer forum?

Filling out the form

Produces “Could not open socket” error in Chrome and Firefox.

Facebook Connect

On the register screen there is a Facebook Connect option, but this does nothing in Chrome, and does not appear at all in Internet Explorer.

Firefox does produce the window, so I select yes or whatever but then I can still not sign in.

Then I ask for my password to be sent, only to be told there is no account for my address.

Okay, then I think perhaps I don’t need to sign in to access the forum. I sign in to facebook and revisit: still can’t do anything but read posts.

In other news

Interestingly I do have punBB listed on my Application settings screen.


Written by benbiddington

29 April, 2010 at 13:37

Posted in development

Tagged with , , , ,

Windows services and net use

leave a comment »

We have some Windows services that need to access network shares, and even though we have net used, those resources are still unavailable. It appears this is because our services are running as LocalSystem.

How to check the connections available to LocalSystem

1. Open command prompt as LocalSystem

Follow these instructions to get a LocalSystem cmd prompt using at.exe.

Note: You can use at.exe only when the Schedule service is running, to find out:

sc query schedule

2. List connections

net use

You will see the set of connections available.

Note this set is different to the list generated by ordinary command prompt (your account).

How to add connection for LocalSystem

Don’t know, that method is not very automatable.

References

Written by benbiddington

27 April, 2010 at 13:37

Posted in development

Tagged with , , , , ,

Serialization rules for Adobe Content Server

with 31 comments

Working with Adobe Content Server can be a truly depressing experience. The recommendation is to use a jar file — UploadTestJar — written by Adobe to perform HTTP RPC operations against the Content Server.

Problem is that UploadTestJar only does uploads, but we need full control, like deletes for example. Porting the java is possible, but it’s some of the most poorly written crap I have ever seen, and finding a specification is resisting web search.

Finally we managed to get a description from the support staff which’ll be helpful if you’re intending to port that awful UploadTestJar mess.

  1. All adjacent text nodes are collapsed and their leading and trailing whitespace is removed.
  2. Zero-length text nodes are removed.
  3. Signature elements in Adept namespace are removed.
  4. Attributes are sorted first by their namespaces and then by their names; sorting is done byte wise on UTF-8 representations.
    1. If attributes have no namespace insert a 0 length string (i.e. 2 bytes of 0) for the namespace
  5. Strings are serialized by writing two-byte length (in big endian order) of the UTF-8 representation and then UTF-8 representation itself
  6. Long strings (longer than 0x7FFF) are broken into chunks: first as many strings of the maximum length 0x7FFF as needed, then the remaining string. This is done on the byte level, irrespective of the UTF-8 boundary.
  7. Text nodes (text and CDATA) are serialized by writing TEXT_NODE byte and then text node value.
  8. Attributes are serialized by writing ATTRIBUTE byte, then attribute namespace (empty string if no namespace), attribute name, and attribute value.
  9. Elements are serialized by writing BEGIN_ELEMENT byte, then element namespace, element name, all attributes END_ATTRIBUTES byte, all children, END_ELEMENT byte.

This list is in actually the javadocs for the XmlUtil class. Why it’s all lumped in there is anybody’s guess. The serialization as described above is mostly implemented by one very long method in (1000+ line) XmlUtil.java: Eater.eatNode.

Note: The values of the constants BEGIN_ELEMENT etc are listed in the XMLUtil class.

Why I consider UploadTestJar poorly written

Here are some things I’ve noticed:

  • Nothing reads like a narrative, i.e. , methods call other methods that occur before it in the file — makes files very hard to follow.
  • Too many comments. I know this is a java idiom, but it make reading the stuff that matter more difficult
  • Idiotic comments: inline comments that state the obvious and are just noise. e.g.:// retrieve HMAC key and run a raw SHA1 HASH on it.
    byte[] hmacKeyBytesSHA1 = XMLUtil.SHA1(getHmacKey());
  • XMLUtil.java contains several classes
  • XMLUtil class does more than one thing:
    • Parses XML
    • Normalizes XML
    • Creates XML documents
    • Serializes XML, dates, bytes and strings
    • Checks signatures
    • Signs XML documents
    • Hashes things
  • Class UploadTest does everything in ctor: reads a file from disk, validates it, makes some xml, signs it and then posts it to the server.
  • UploadTest the main entry point for executable, and it contains all the behaviour — it’s 1600 lines long
  • Cannot use UploadTest without a real epub file
  • UploadTest does too many things:
    • Ctor does too many things
      • Handles command line input
      • Displays help/usage
      • Asserts a file on disk has been supplied
      • “Makes” content
        • makeContent requires a file an epub on disk
        • makeContent loads xml
        • makeContent assembles xml files
        • makeContent hashes things
        • makeContent swallows errors and writes to stdout
    • “Sends” content via HTTP
    • Methods that do too many things, e.g., if/else branches based on the verboseDisplay flag

Written by benbiddington

16 February, 2010 at 10:39

HTML formatting man pages

leave a comment »

I’d like to be able to print out man pages as HTML.

Attempt 1. print man output straight to file (failed)

We can try redirecting the man output directly:

$ man grep > man/grep.txt

but that emits a whole lot of non-printable characters — it is for the shell after all.

Attempt 2. format with man2html (succeeded)

The man2html documentation states that the following should work:

$ man grep | man2html > man/grep.html

It doesn’t though (on cygwin anyway). Instead it produces a message like:

Content-type: text/html
Invalid Manpage

The requested file (stdin) is not a valid (unformatted) man page.

Obviously it does not understand the above formatting being output from man. It seems to be requiring unformatted output, which means the raw man file itself.

[TBD: Verify same behaviour exhibited on Linux]

Getting the right file format for man2html

1. Use man‘s t option

Try and get man to output a format understood by man2html.

$ man -t grep

as described in the manual, the -t option employs groff with postscript default:

Use /usr/bin/groff -Tps -mandoc to format the manual page, passing the output to stdout. The default output format of /usr/bin/groff -Tps -mandoc is Postscript, refer to the manual page of /usr/bin/groff -Tps -mandoc for ways to pick an alternate format.

resulting in a file like:

%!PS-Adobe-3.0
%%Creator: groff version 1.19.2
%%CreationDate: Sat Oct 24 14:57:32 2009
%%DocumentNeededResources: font Times-Roman
...

which cannot be processed by man2html. I guess I could’ve tried to change the groff format to output html directly, but I didn’t.

2. Supply raw man file to man2html

Rather than pipe the output from man, we could bypass it and send a file instead. All we need to do is locate the file on disk.

To find a man page on disk (in this case for grep), run:

$ man -w grep

Which produces:

/usr/share/man/man1/grep.1.gz

Notice the .gz extension: the man files are compressed. I am not sure if this is always the case.

So, we need to decompress grep.1.gz to get the raw man file:

$ gzip -dc $(man -w grep)

producing a file like:

.\" GNU grep man page
.if !\n(.g \{\
.	if !\w|\*(lq| \{\
.		ds lq ``
.		if \w'\(lq' .ds lq "\(lq
.	\}
.	if !\w|\*(rq| \{\
.		ds rq ''
.		if \w'\(rq' .ds rq "\(rq
.	\}
.\}

Which is the unformatted man file required by man2html.

Solution

Pretty simple really:

  1. Unzip the required man file
  2. Pass it to man2html

Here’s how:

$ gzip -dc $(man -w grep) | man2html > man/grep.html

[!] The -c option on gzip ensure the original file is preserved. If you don’t supply this, you’ll have your compressed man file replaced with its uncompressed version.

Notes

The only problem I have with that is that the documentation reads:

The man2html filter reads formatted nroff text from standard input (stdin) and writes a HTML document to standard output (stdout).

But the raw man files are not in nroff format, and if I try this:

$ gzip -dc $(man -w grep) | nroff | man2html > man/grep.nroff.html

The resultant file contains error message:

The requested file (stdin) is not a valid (unformatted) man page

References

  • man — an interface to the on-line reference manuals.
  • man2html — convert UNIX nroff(1) manual pages to HTML format.
  • groff — front-end for the groff document formatting system.
  • nroff — emulate nroff command with groff.
  • troff — the troff processor of the groff text formatting system.
  • troff.org
The man2html filter reads formatted nroff text from standard
     input (stdin) and writes a HTML document to standard output
     (stdout).

Written by benbiddington

25 October, 2009 at 13:37

Posted in development

Tagged with , , , , , , ,