ITauthor

A machine on my network was producing lots of outgoing traffic and I needed to track down what it was up to by getting the destination IP addresses from my router log and doing a whois lookup.

Some whois services are better than other. A good one is at DomainTools:

http://whois.domaintools.com/ 

You can use this by just sticking the IP address you want to check on the end of the URL. For example:

http://whois.domaintools.com/212.58.250.36

I'm still reloading things back onto my home PC after my recent Windows reinstall. It's going to a while yet before it's all back on there. The most recent thing I had to get working again was getting a Remote Desktop session to machines at work.

Setting up Windows Remote Desktop to allow you to use another machine on the same local network is very straightforward. Getting a Remote Desktop connection to a PC on a private external network is a little more tricky. I use PuTTY to SSH to the gateway machine at work.

Part of the PuTTY session is a series tunnels from ports on my local machine to ports on machines on the remote desktop. One of these is a mapping from the localhost port 3389 to port 3389 on a machine at work. Port 3389 is the port used by Remote Desktop, so this tunnel should mean that, once PuTTY has connected me to the external network, I can Remote Desktop to localhost and I will, as if by magic, get the login prompt for the remote machine.

However, having copied back into PuTTY the sessions from my previous Windows installation*, when I connected to the remote machine and then did a Remote Desktop to localhost I got the error message: "The client could not connect. You are already connected to the console of this computer. A new console session cannot be established."

The reason for this, it turns out, is that Remote Desktop knows it shouldn't allow circular connections: from this computer to this computer. So it rejects attempts to connect to 127.0.0.1. Now, as localhost resolves to 127.0.0.1, this gets rejected also.

However, on Windows, all other IP addresses in the 127.x.x.x range also represent the local machine, and Remote Desktop does not block these addresses. So this allows you to map port 3389 on one of these addresses (e.g. 127.0.0.2 or 127.254.254.254) to port 3389 on a remote PC and then you can specify that address in the Remote Desktop login window.

Note: Although the Source port field is clearly intended just for a port number, you can also put an IP address in there, followed by a port number - for example, 127.254.254.254:3389 - and then the remote IP address or hostname, followed by the port number, in the Destination field.

 

* The PuTTY sessions for each Windows user are stored in the Windows registry in:

HKEY_USERS > [GUID for user] > Software > SimonTatham

Before reinstalling Windows I'd exported the whole registry to a .reg file on my network drive. To put the details into the new registry all I had to do was open up the .reg file in a text editor, save it with a name like putty.reg on the desktop of the target PC, delete everything in the file after the first line up to the start of the HKEY_USERS > [GUID for user] > Software > SimonTatham section and everything after that section, then save it again. Then you just need to right-click the icon on the desktop and choose Merge.

After reinstalling Windows recently I found I had a problem accessing the Internet. The problem was DNS-related because pages loaded incredibly slowly but, provided they didn't time out first, would eventually load. I realised that turning off my SmoothWall Web proxy solved the problem, but without the Web proxy I couldn't use Dan's Guardian.

Dan's Guardian is a content filtering service that can be installed as an add-on to SmoothWall. I have SmoothWall running on an old PC, behind my Sky router, as an always-on firewall for my home network. Because I have two kids, I want to filter Internet content and Dan's Guardian does a pretty good job of this. I like it because it's very configurable and allows me to determine the level of filtering, specific sites or domains to block, exceptions to filtering, types of files to block and so on. However, Dan's Guardian relies on transparent Web proxying being enabled, so I need to have that turned on:

 

Anyway, I couldn't figure out what the problem was until I eventually found a page on the SmoothWall Support site called "Using ident on Windows XP - common problems", which says:

Ident is a service running on port 113 and as such, port 113 needs to be opened on the workstations, in order for ident to be able to server the username. If the built-in firewall is enabled on any Windows operating system, it needs to be configured to allow access to port 113. This can be done using a log-in script or by manually configuring the Windows firewall software. Please refer to the Windows documentation for information on how to do this.

And then a lightbulb went on and I remembered that I'd previously had Windows Firewall turned off. Sure enough turning it off again solves the problem and lets me access the Internet via the transparent proxy. But, as the quote describes, you can run Windows Firewall so long as you add port 113 as an exception. To do this, go to Control Panel, open up Windows Firewall, click the Exceptions tab:

Click the Add Port button and add port 113, with a description:

The problem:
Set up command-line FTP access to a Windows 2003 Server machine to allow scripts to save files to that server via FTP.

The solution:
FileZilla - but you need to know the recipe of the secret sauce!

I started by installing Windows own FTP server (an extra Windows component that you can add via Add/Remove Programs). I then enabled this in the IIS Manager. However, the problem I got was that, although I could FTP to the server I couldn't save anything, do an ls or a pwd or anything useful.

So plan 2, after disabling Windows FTP, was to use FileZilla. This is an open source FTP/SCP project and you can download server and client software here:

http://filezilla-project.org/

However, I'd recently installed Apache/PHP/MySQL using the very wonderful XAMPP (see XAMPP - Web server + MySQL in minutes), so I already had FileZilla, I just hadn't enabled it. I did so and everything seemed to work except that when I FTPed to the machine as any user, with a legitimate password I'd get a "530 Login or password incorrect" message:

C:\Documents and Settings\ac>ftp showcase.memex.co.uk
Connected to showcase.memex.co.uk.
220-FileZilla Server version 0.9.23 beta
220-written by Tim Kosse (Tim.Kosse@gmx.de)
220 Please visit http://sourceforge.net/projects/filezilla/
User (myserver.myorg.co.uk:(none)): Administrator
331 Password required for administrator
Password:
530 Login or password incorrect!
Login failed.

The secret is that you have to go into the Admin program for FileZilla and add users/groups in there, specifically assigning each access to parts of the file system and defining what they can do (e.g. read, write, etc).

With XAMPP this is easy. From the XAMPP Control Panel, click Admin for FileZilla:

Enter the Administrator password:

Create groups with the appropriate access rights. Then create users and assign them to a group:

Now you can open up a command console on a remote machine, enter ftp servername and log in to the server to put/get files as required.

ITauthor.com was offline all last week due to my firewall PC breaking down. I host my own web site on a machine that, seven and a half years ago, was the top-of-the-range model: Pentium II, 333 MHz, 6GB hard disk. I've given it an extra hard disk and more memory, but it's still basically a made-for-Windows-95 machine that has long since been incapable of keeping up with the resource hunger of Windows. It is, however, fine for Linux and seems to cope with Zope fairly well. My web server is on a network of its own behind a firewall. Until a week ago I was using another old PII machine (which I picked up at an auction at work for £20). It had very little memory (I'm not even sure how much) and a 2.4GB hard disk, but it was perfect for running Smoothwall. My set up looks like this:
I have the 2 old PCs (firewall and web server) tucked away in a cupboard where they sit, ticking over, without monitors, keyboard or mice. However, the firewall machine starting making a noise so I took it out to investigate. The noise was a combination of the hard disk and a little fan on the CPU heatsink. Unfortunately the PC was obviously on its last legs because having moved it around, opened it up, poked and prodded it, something gave up and it went from not booting up Smoothwall to not booting at all. I had power but no other signs of life. To cut a long story short, I bought a new firewall machine off eBay. £35 for a Compaq Deskpro in a little mini case with a PIII 533MHz processor, 128MB of memory and a 10GB hard disk. The price included free delivery. The only things wrong with it were a broken power switch button and a dodgey CD. The power switch wasn't an issue, you just had to take the case off to start it, but as it's going to be on 24/7, and it's set to reboot if the power fails, that's fine. The CD drive was more of a problem. Because it's massively over-specked to be a Smoothwall machine I thought I'd swap it and the web server, but the intermittant CD drive caused me hours of grief trying to install Fedora, so in the end I gave up, opted for the easy solution and just installed Smoothwall instead. Installing Smoothwall Express is a cinch, so once I'd decided to just replace the broken machine with the new one I was back up and running in no time. Check out Smoothwall at www.smoothwall.org.