Searching \ for '[OT]: Dynamically configuring a ADSL modem from na' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=dynamically+configuring
Search entire site for: 'Dynamically configuring a ADSL modem from na'.

Exact match. Not showing close matches.
PICList Thread
'[OT]: Dynamically configuring a ADSL modem from na'
2010\10\16@051340 by Justin Richards

face picon face
List,

I am regularly in location for extended periods where I only have 2
ports available to access the internet 80 and 443.  I wish to connect
to more than 2 services at home. At home I currently run a web server,
and use the other port for vnc.  I can basically solve all my problems
using vnc to access a pc at home then use that to access all the other
services but it is clunky because the bandwidth from this location is
very limited so direct connection to the services is preferred.

The other services include apache control panel, ftp, a ip camera and
a web-pic-maxi that allows control of reticulation, lighting, security
and temperature of the server closet etc and I provide remote IT
support to my family which I currently solve by vnc'ing into the
server and from there vnc'ing into the pc with issues.  Which is again
clunky.

I have considered many solution including having my server relay the
other services via the web server which works to some degree but I
have issues catering for feature rich services.

Today it occurred to me that an elegant solution would be if I could
easily configure NAT on the speadstream 6520 on the fly via a web
server app.  i.e Via a webpage on the server I could select which ip
port 443 is redirected to then submit the request to the server which
then issues the required commands with wget to the router to
reconfigure it.

I noticed the address bar never changes while configuring it.  I was
hoping to see something like this

http://10.1.1.138?nat=conf&port=443&prot=tcp&addr=10.1.1.1 as I select
various options

I understand that this is a "post" or "get" request but I dont know
the terminology for this type of control to allow me to google for it
together with a router related search.

Perhaps it is called something like native command control but this
doesn't help when googling.

So my question is how do I work out these http requests or google for
help on this subject so I can have the router configured via program
control.

I can use vnc to log in to the home server then from the server use a
web browser to reconfigure which ip 443 is directed to but as soon as
I do this I am unable to vnc into the server, that is I am locked out.
I could use port 80 for vnc but I would like to always have the web
server up.

Cheers justi

2010\10\16@054237 by Matt Callow

flavicon
face
On 16 October 2010 20:13, Justin Richards <spam_OUTjustin.richardsTakeThisOuTspamgmail.com> wrote:
>
> I noticed the address bar never changes while configuring it.  I was
> hoping to see something like this
>
> http://10.1.1.138?nat=conf&port=443&prot=tcp&addr=10.1.1.1 as I select
> various options
>
> I understand that this is a "post" or "get" request but I dont know
> the terminology for this type of control to allow me to google for it
> together with a router related search.

It's probably a POST request.  Where data is sent to the web server in
the body of the request, rather than in the URL (as for a GET
request).

>
> Perhaps it is called something like native command control but this
> doesn't help when googling.
>
> So my question is how do I work out these http requests or google for
> help on this subject so I can have the router configured via program
> control.

Search for HTTP forms?

To find out what values are being sent, you'll probably need to look
at the source of the page. That should also tell you where to POST the
data.

>
> I can use vnc to log in to the home server then from the server use a
> web browser to reconfigure which ip 443 is directed to but as soon as
> I do this I am unable to vnc into the server, that is I am locked out.
>  I could use port 80 for vnc but I would like to always have the web
> server up.

Instead of changing the router config each time, have you considered
using ssh with port forwarding? This would mean you don't need to
change ports once they are set.
You could use port 80 for a web server as you do now, then use port 443 for ssh.
Once you connect to your server via ssh, you can create tunnels within
the secure connection for tcp traffic from your local machine to the
remote network.
Try a google search for 'ssh port forwarding'

Another option would be to use a VPN such as OpenVPN
http://openvpn.net/ This is probably more difficult to set up though.

Matt

2010\10\16@071646 by Roel Adriaans

flavicon
face
 Op 16-10-2010 11:13, Justin Richards schreef:
> I understand that this is a "post" or "get" request but I dont know
> the terminology for this type of control to allow me to google for it
> together with a router related search.
>
> Perhaps it is called something like native command control but this
> doesn't help when googling.

This looks like a GET request. But, you should use wireshark to sniff and see the data that's going to the modem.

Does your modem use telnet? I'm using that to reboot my router.
(It needs rebooting every 3-4 days because the external port locks up..
The command I use:

(sleep 1; echo admin; sleep 1; echo admin; sleep 3; echo "reboot"; sleep 3 ;echo exit;) | telnet 192.168.2.1

A lot of modems support that.

Roel

2010\10\16@071911 by Justin Richards

face picon face
Hi Matt,

I tried looking at the source of the page but there was nothing that
looked like POST or Get requests.

I do like the idea of using ssh as you suggested.  This might be a
solution to my problem.  I will look into this.

Cheers Justin

> To find out what values are being sent, you'll probably need to look
> at the source of the page. That should also tell you where to POST the
> data.

2010\10\16@073414 by Matt Callow

flavicon
face
On 16 October 2010 22:19, Justin Richards <.....justin.richardsKILLspamspam@spam@gmail.com> wrote:
> Hi Matt,
>
> I tried looking at the source of the page but there was nothing that
> looked like POST or Get requests.

Does the page use frames (my router does). If so, are you looking at
the source for the correct frame?

>
> I do like the idea of using ssh as you suggested.  This might be a
> solution to my problem.  I will look into this.

This is the solution I use.

Matt

2010\10\16@110112 by Herbert Graf

picon face
On Sat, 2010-10-16 at 17:13 +0800, Justin Richards wrote:
> List,
>
> I am regularly in location for extended periods where I only have 2
> ports available to access the internet 80 and 443.  I wish to connect
> to more than 2 services at home. At home I currently run a web server,
> and use the other port for vnc.  I can basically solve all my problems
> using vnc to access a pc at home then use that to access all the other
> services but it is clunky because the bandwidth from this location is
> very limited so direct connection to the services is preferred.

Use SSH. I regularly run multiple services through SSH tunnels to home,
only one port needs to be open.

At the moment I tunnel VNC, IMAP, RSYNC, NFS and I also use SFTP from
time to time, all over just one port.

Best part is it's all encrypted, and the links have compression enabled
so it's really fast for some stuff.

TTYL

2010\10\16@204122 by Neil Cherry

flavicon
face
On 10/16/2010 11:01 AM, Herbert Graf wrote:
> On Sat, 2010-10-16 at 17:13 +0800, Justin Richards wrote:
>> List,
>>
>> I am regularly in location for extended periods where I only have 2
>> ports available to access the internet 80 and 443.  I wish to connect
>> to more than 2 services at home. At home I currently run a web server,
>> and use the other port for vnc.  I can basically solve all my problems
>> using vnc to access a pc at home then use that to access all the other
>> services but it is clunky because the bandwidth from this location is
>> very limited so direct connection to the services is preferred.
>
> Use SSH. I regularly run multiple services through SSH tunnels to home,
> only one port needs to be open.
>
> At the moment I tunnel VNC, IMAP, RSYNC, NFS and I also use SFTP from
> time to time, all over just one port.
>
> Best part is it's all encrypted, and the links have compression enabled
> so it's really fast for some stuff.

I agree, I use it to reach multiple home systems and I can reach
multiple services. I also don't use the standard ports (80, 443,
22, ect.).

-- Linux Home Automation         Neil Cherry       ncherryspamKILLspamlinuxha.com
http://www.linuxha.com/                         Main site
http://linuxha.blogspot.com/                    My HA Blog
Author of:            Linux Smart Homes For Dummie

2010\10\17@040300 by Justin Richards

face picon face
It appears that the a summary of steps I need to take is something like :-

1. Get ssh server, sshd running on my xp server at home by installing
cygwin then install and configure sshd in the cygwin environment.

2. Install and config ssh client on the remote laptop.

3. From the laptop create an ssh session using 443:5900 back to the server.

4. Point my laptop appplication eg vnc to localhost:443

Do I have the basics right.

Cheers Justi

2010\10\17@042121 by Matt Callow

flavicon
face
On 17 October 2010 19:02, Justin Richards <.....justin.richardsKILLspamspam.....gmail.com> wrote:
> It appears that the a summary of steps I need to take is something like :-
>
> 1. Get ssh server, sshd running on my xp server at home by installing
> cygwin then install and configure sshd in the cygwin environment.

Cygwin is one possibility. I'm sure there are others. I use Linux.
you need to make sure that your ssh server is listening on port 443,
and the router forwards port 443 to your xp server.

>
> 2. Install and config ssh client on the remote laptop.

I would recommend putty.

>
> 3. From the laptop create an ssh session using 443:5900 back to the server.

Not exactly. From your laptop, connect to the server using port 443.
Once you have logged into the server, you can then create a tunnel.
For example, on your laptop, tunnel local port 5900 to remote port
localhost:5900  (localhost here is relative to your xp server. So in
this case it is the xp server. You can change this to other servers in
your network if required.)

You more tunnels for different applications as required.

>
> 4. Point my laptop appplication eg vnc to localhost:443

On the laptop, use a vnc client to localhost:5900. This will connect
you to port 5900 on the remote host over the ssh secure connection.

>
> Do I have the basics right.

Yes - but see above.
Once you have it all working I would consider using public/private key
pairs for authentication.

Mat

2010\10\17@052158 by David

flavicon
face
 On 17/10/2010 09:21, Matt Callow wrote:
> On 17 October 2010 19:02, Justin Richards<EraseMEjustin.richardsspam_OUTspamTakeThisOuTgmail.com>  wrote:
>> 3. From the laptop create an ssh session using 443:5900 back to the server.
> Not exactly. From your laptop, connect to the server using port 443.
> Once you have logged into the server, you can then create a tunnel.
> For example, on your laptop, tunnel local port 5900 to remote port
> localhost:5900  (localhost here is relative to your xp server. So in
> this case it is the xp server. You can change this to other servers in
> your network if required.)
>
> You more tunnels for different applications as required.

Modern SSH clients and daemons allow "dynamic" forwarding, which use SOCKS and work from any application which is proxy aware.

The option for command-line SSH is -D, PuTTY also supports it.

http://tinyurl.com/34evynt is a good guide.

Davi

2010\10\17@065207 by Matt Callow

flavicon
face
On 17 October 2010 20:21, David <listsspamspam_OUTedeca.net> wrote:
>  On 17/10/2010 09:21, Matt Callow wrote:
>> On 17 October 2010 19:02, Justin Richards<@spam@justin.richardsKILLspamspamgmail.com>  wrote:
>>> 3. From the laptop create an ssh session using 443:5900 back to the server.
>> Not exactly. From your laptop, connect to the server using port 443.
>> Once you have logged into the server, you can then create a tunnel.
>> For example, on your laptop, tunnel local port 5900 to remote port
>> localhost:5900  (localhost here is relative to your xp server. So in
>> this case it is the xp server. You can change this to other servers in
>> your network if required.)
>>
>> You more tunnels for different applications as required.
>
> Modern SSH clients and daemons allow "dynamic" forwarding, which use
> SOCKS and work from any application which is proxy aware.
>

Very true. I forgot to mention that, even though I do use it some times.

Matt

2010\10\17@070316 by Michael Watterson

face picon face
 On 17/10/2010 09:02, Justin Richards wrote:
> It appears that the a summary of steps I need to take is something like :-
>
> 1. Get ssh server, sshd running on my xp server at home by installing
> cygwin then install and configure sshd in the cygwin environment.
>
> 2. Install and config ssh client on the remote laptop.
>
> 3. From the laptop create an ssh session using 443:5900 back to the server.
>
> 4. Point my laptop appplication eg vnc to localhost:443
>
> Do I have the basics right.
>
> Cheers Justin
I have OpenVPN on Port 80. The Router at home maps that to a specific server on a "normal" OpenVPN port.

Remote locations are unlikely to block that.
Then after connection you can do what you want, inc email & Internet securely at a dubious WiFi Hotspot as all the traffic is via home. (I have 1Mbps upload at home which adds to the practicality).

2010\10\18@112122 by Justin Richards

face picon face
I think this maybe way off topic so if anyone knows of a good
discussion forum for this topic please advise.

Anyway ...

I managed to install MobaSSH (unable to get OpenSSH to work) on my
home server and tested ok on my local LAN.  The port translation
worked well.  This is very cool.

I originally configured it to operate on port 80 as I still need port
443 to VNC into the server at home (as I am doing all this from work
and needed the continued access)

However, I could not connect from work to the home ssh server on port
80 (I had reconfigured apache away from this port so no conflict
here).  So  then I tried to configure it with port 443 (which I know
will conflict with vnc) and as expected the service would not start.
So I went to reconfig the VNC server with the default of 5900 as was
immediately locked out from doing any further testing, doh.

My question is :-

Can my network administrator stop other traffic (other than http
requests)  from using port 80 and 443.

My results indicate that he can as I could NOT ssh on port 80 and when
I try to use port 443 (even thou I know the service is not running) it
immediately reports "Network Error: Connection refused".  The response
seems too quick for it to have actually tried the connection and
appears to be getting blocked locally.

The strange thing is, I know I can get out on 443 with VNC (but not
port 80 as I have tried this) so I guess VNC traffic looks like
http(s) traffic.

So it looks like I am back to dynamically reconfiguring the modem
using software control which is sad as ssh looked so promising.

I conceptually think of it as using port 80 via apache cgi scripts as
a control link and 443 for data connection to which ever
server/service I want to use at the time.

Thanks for all the suggestions and support.

Cheers Justi

2010\10\18@112649 by Justin Richards

face picon face
My modem does support telnet and I have telnet'ed in but I could not
find much info on the available commands or how I can reconfigure it
once connected via telnet and was concerned I might brick it if I did
the wrong thing.

So If anyone has some tips, they would be most welcome.

I have searched thru all the manuals but they make nil reference to telnet.

Cheers Justin



{Quote hidden}

> -

2010\10\18@142915 by Herbert Graf

picon face
On Sun, 2010-10-17 at 16:02 +0800, Justin Richards wrote:
> It appears that the a summary of steps I need to take is something like :-
>
> 1. Get ssh server, sshd running on my xp server at home by installing
> cygwin then install and configure sshd in the cygwin environment.
>
> 2. Install and config ssh client on the remote laptop.
>
> 3. From the laptop create an ssh session using 443:5900 back to the server.
>
> 4. Point my laptop appplication eg vnc to localhost:443
>
> Do I have the basics right.

While I don't know that specifics for Windows (Linux guy here) it sounds
about right.

Heck, this email came to my email client through an ssh tunnel...

TTYL

2010\10\18@153908 by Richard Prosser

picon face
Without wanting to show too much ignorance in this matter.

Isn't it likely that there is a proxy involved. This will pass the 443
traffic as it is normally encrfypted anyway, but the port 80 traffic
may be being checked in some way?

Are any other ports open? - I have had a  similar problem & have found
port 21 (FTP) and 22  (SSH/VPN ?) have also been left open. Sometimes
port 23 (Telnet) is also available.


RP



On 19 October 2010 07:28, Herbert Graf <KILLspamhkgrafKILLspamspamgmail.com> wrote:
{Quote hidden}

>

2010\10\18@155844 by RussellMc

face picon face
> I think this maybe way off topic so if anyone knows of a good
> discussion forum for this topic please advise.

It's in OT so it seems very fine to me.
Other opinions may vary :-).
But I saw at  least one admin commenting so I'm not alone. It seems that
this sort of thing is used by and of interest to a significant % of more
technically capable list members. If the list can be useful to exchange
ideas of mutual technical interest  and it doesn't noise up any topic
specific areas then I see no problem.


     Russel

2010\10\18@195443 by Matt Callow

flavicon
face
Hi,

I'll prefix this by saying that I'm not a network admin. My comments
below are based on my experience with a similar setup...

On 19 October 2010 02:21, Justin Richards <RemoveMEjustin.richardsTakeThisOuTspamgmail.com> wrote:
>
> My question is :-
>
> Can my network administrator stop other traffic (other than http
> requests)  from using port 80 and 443.

For http, yes. But unlikely. It's probably too expensive in terms of
firewall hardware to do this. (but see below re: proxies)

For https, not really. Because the data is encrypted so no-one (except
at the other end of the connection) should be able to tell what you
are sending

>
> My results indicate that he can as I could NOT ssh on port 80 and when
> I try to use port 443 (even thou I know the service is not running) it
> immediately reports "Network Error: Connection refused".  The response
> seems too quick for it to have actually tried the connection and
> appears to be getting blocked locally.

If your router has the port open, but there is no service running
inside your network, then this may be expected. If the router was
silently dropping packets, then you would most likely get a timeout
after some delay.

>
> The strange thing is, I know I can get out on 443 with VNC (but not
> port 80 as I have tried this) so I guess VNC traffic looks like
> http(s) traffic.

I expect you have a proxy at work to connect to the internet? In that
case you probably can't get a direct connection out of work on port
80. All HTTP traffic will go via the proxy, and in that case it has to
be real HTTP traffic, otherwise the proxy won't understand it. (You
*can* tunnel other protocols through HTTP, but that's another story)

Port 443 is a different matter. The proxy cannot intercept this
traffic because the secure connection can only be created with the
desitnation website, not your companies network infrastructure. There
are 2 ways I'm aware of that HTTPS traffic may be leaving your company
network (there are possibly lots more methods - these are the 2 I know
about):

1) All outgoing traffic on port 443 is allowed
2) All outgoing traffic on port 443 goes via the proxy using the HTTP
CONNECT method

In option 1), you should be able to use ssh on port 443
In option 2), you should be able to use a proxy-aware ssh client (such
as putty) to get to your server (it will issue a CONNECT command to
the proxy, and that will connect you to your home server)

>From your previous comment about using vnc over port 443, it sounds
like you have option 1). So I would try running ssh on port 443 and
attemtping the connection again


>
> So it looks like I am back to dynamically reconfiguring the modem
> using software control which is sad as ssh looked so promising.

Don't give up yet! If you have another internet connection (such are
3g) I suggest you test with that on your laptop first. The advantage
is that you can be at home with both the local and 'remote' ends of
the connection, which makes debugging much easier. Once you have that
working, you can try it again from work.

Matt

2010\10\18@200449 by Herbert Graf

picon face
On Mon, 2010-10-18 at 23:21 +0800, Justin Richards wrote:
> My question is :-
>
> Can my network administrator stop other traffic (other than http
> requests)  from using port 80 and 443.

Unfortunately yes, many networks use deep packet inspection and filter
based on that.

On one network I know it will only allow the protocol that is "meant" to
be on the port, so port 22 only allows ssh connections, port 80 only
http connections. VERY annoying.

TTYL

2010\10\19@014113 by RussellMc

face picon face
> On one network I know it will only allow the protocol that is "meant" to
> be on the port, so port 22 only allows ssh connections, port 80 only
> http connections. VERY annoying.

I'm completely out of my depth here but may have a "when all else
fails" useful thought. Or not.
I've noted that Skype seems to be able to work when nothing else is
functioning.
Whatever they do they seem to do it very well indeed. Finding out what
it is may be useful.

Worst case in some situations you may be able to use Skype's file
transfer capability when all else fails, although unlikely to be of
value in your case.


2010\10\19@070042 by Justin Richards

face picon face
Success !!!  I am a happy chappy.

I have ssh tunneling on 443.  The MobaSSH server was and still is
behaving a bit strange.

I can now access from work via ssh (without going thru vnc)

camera
adsl modem
pic-maxi
facebook
vnc
and a bonus ssh/linux type session on xp.

Thanks to everyone who provided assistance.  Matt's original
suggestion to use ssh and suggesting I keep going got me on the right
track.

David I will look into dynamic SOCKS.

Now I just have to get MobaSSH to start correctly after a reboot.

Thanks again. The LIST has once again come thru.

Cheers

Justi

2010\10\19@070344 by Justin Richards

face picon face
I was a bit quick to say that facebook works.  I did get the login
screen but then it redirects to another url.  I guess this is where
SOCKS comes in.

On 19 October 2010 19:00, Justin Richards <spamBeGonejustin.richardsspamBeGonespamgmail.com> wrote:
{Quote hidden}

>

2010\10\19@075023 by Matt Callow

flavicon
face
On 19 October 2010 22:00, Justin Richards <TakeThisOuTjustin.richardsEraseMEspamspam_OUTgmail.com> wrote:
> Success !!!  I am a happy chappy.
>
Excellent

> I have ssh tunneling on 443.  The MobaSSH server was and still is
> behaving a bit strange.

Can't help you with MobaSSH - I've never used it

>
>
> David I will look into dynamic SOCKS.
>
I would definitely try this. Also take a look at foxy proxy if you use
Firefox. This allows you to specify different proxies based on urls.
So for example, you can access most sites via your work proxy, and
blocked sites via SOCKS

Matt

2010\10\19@104729 by Herbert Graf

picon face
On Tue, 2010-10-19 at 18:40 +1300, RussellMc wrote:
> > On one network I know it will only allow the protocol that is "meant" to
> > be on the port, so port 22 only allows ssh connections, port 80 only
> > http connections. VERY annoying.
>
> I'm completely out of my depth here but may have a "when all else
> fails" useful thought. Or not.
> I've noted that Skype seems to be able to work when nothing else is
> functioning.

FWIW the network I'm talking about first targeted applications like
Skype, haven't been able to run Skype (or any other VOIP or IM type
client) for a few years now.

TTYL

2010\10\19@104848 by Justin Richards

face picon face
Its all working.  Access to all areas.

SOCKS all configured ok.

Its irony.  In an attempt to block everything they forced me to find a
way to access a couple of devices at home and in doing so I have
learned how to bypass all the blocks.  If they left a handful of ports
open I would have been fine.

Thanks Again.

Justin

> I would definitely try this. Also take a look at foxy proxy if you use
> Firefox. This allows you to specify different proxies based on urls.
> So for example, you can access most sites via your work proxy, and
> blocked sites via SOCKS
>
> Matt


'[OT]: Dynamically configuring a ADSL modem from na'
2010\11\16@042506 by Justin Richards
face picon face
On 19 October 2010 22:48, Justin Richards <RemoveMEjustin.richardsspamTakeThisOuTgmail.com> wrote:
> Its all working.  Access to all areas.
>
They have firewalled off my ip address.

Back to the drawing board

2010\11\16@114749 by Herbert Graf

picon face
On Tue, 2010-11-16 at 17:25 +0800, Justin Richards wrote:
> On 19 October 2010 22:48, Justin Richards <justin.richardsEraseMEspam.....gmail.com> wrote:
> > Its all working.  Access to all areas.
> >
> They have firewalled off my ip address.
>
> Back to the drawing board

Tether to your cell phone.

TTYL

2010\11\16@173745 by Justin Richards

face picon face
>
> Tether to your cell phone.
>

Cell phone, what is that.

No coverage out in these parts

More... (looser matching)
- Last day of these posts
- In 2010 , 2011 only
- Today
- New search...