A bit about the stuff I've done


Tuesday, 16 December 2014

Running something "all tihe time" (as a normal user)

 N.B. the following is not a replacement for proper services, the use-case is slightly different.

So, you have an unstable application. But you want it to be running all the time, even when you are not there to restart it after a crash (or a reboot).

You could use cron, but that will start a new instance of the app every single time. Hardly ideal!

Well actually the solution IS to use cron but not to start the app directly.

Below is a small script I wrote which runs a whole bunch of applications in the background and automagically restarts them if the crash.
Put small scripts into the ~/screens folder and this script will make sure each of them is running, and start it if not.

ls ~/screens -l  | grep "^...x" | sed -r "s/.*?:[0-9][0-9]\ //"  | sed -r "s/.*?[A-Za-z]* *[0-9]* *[0-9]{4} //"|  grep -v "^~" | grep -v "^#" | ( while read f
do
        f=~/screens/$f
        echo $f
        name=AS_$(cat $f | grep -i "^[ \t]*#[ \t]*name:" | sed "s/[^:]*:[ \t]*//")
        desc=$(cat $f | grep -i "^[ \t]*#[ \t]*desc(ription)?:" | sed "s/[^:]*:[ \t]*//")

        echo -en "Checking $desc ($name) ... "
        if [ $( screen -ls | grep -i $name | wc -l)  == 1 ]
        then
                echo "already running"
        else
                echo -en " starting ..."
                screen -dmS $name -s $f && echo "done" || echo "failed"
        fi
done
)

Set this script to run as often as you like (I have mine set at 5 minutes) using crontab
#crontab -e
*/5 * * * * /home/lee/screens2.sh >/dev/null 2>/dev/null







Job Done!

Port forwarding with ssh

So I've had this all working previously but I had forgotten all the hoops that we're necessary to get it to work.  

 N.B. all of the below assumes that a "proper" vpn solution is not an option


The aim:

To forward a port on network A to a machine on network B in such a way as to be accessible by all machines on network A, using the address that the machine on network B has.

The Caveat:

It is not possible to make an ssh connection from Network A into Network B due to the the firewall setup, however the reverse is possible.  

The solution:

So ssh has this handy -R flag which allows you to forward a port from the remote host to the local network. Setting up a secondary ip address is easy enough using Linux's config tools (yast in my case), ifconfig or ip* The final part of the puzzle is to set up a route from all relevant machines on network A that direct it to the ssh gateway machine.  

The problem:

ssh, by default, does not allow you to specify the remote address to bind to (or rather, you can specify it but the packets will be silently dropped with no error message to indicate what you did wrong).

The Fix:

edit /etc/ssh/sshd_config and add the line
GatewayPorts yes
While you're there I recommend you also add
TCPKeepAlive yes

Why these two options are not enabled by default is beyond me.

The complete solution:


ok, so you have the following setup:
Network A: 192.168.0.0/24
Computer 1: 192.168.0.2, Windows
Computer 2: 192.168.0.3, *nix
Computer 3: 192.168.0.4, *nix, used as gateway
Router 1: internal: 192.168.0.1, external: 10.0.0.1, external port 22 forwarded to 192.168.0.4


Network B: 192.168.1.0/24

Computer 4: 192.168.1.2, Target (service port: 1234)
Computer 5: 192.168.1.3, *nix, used as gateway


Router 2: internal: 192.168.1.1, external: 10.0.0.2


On Computer 3:

Edit (as root) /etc/ssh/sshd_config in your favourite editor and add the following options:
GatewayPorts yes
TCPKeepAlive yes

Use your systems config tools to add a second ip address for the network interface [in yast this is Network Devices->Network Settings->Edit->Add]
Set the ip address to be the same as the target computer (e.g. 192.168.1.2).
Don't worry about it being in a different ip range - we'll fix that later.

Create a new user and create an ssh private key for that user

On Computer 5:


Run the following command as a normal user (or get someone to run it for you): **
#ssh -v -R 192.168.1.2:1234:192.168.1.2:1234 user@10.0.0.1

On Computers 1 & 2:

Configure a route to access the remote computer
network: 192.168.1.0
via: 192.168.0.4

* I only discovered ip existed today. It seems I am not the only one. Spread the word!
** See a separate blog post to follow about how to have this running all the time.