HYPERAXE

Finally, after some tinkering and trial and error.. I finally made an SSH tunnel for JProfiler between NAT networks to work..

Here’s the scenario. We have a remote server where a java based web application runs and we want to monitor the said application using JProfiler to test it for memory leaks.

I am now facing the following challenges:

1. We have no root access to the server.
2. We have no administrative rights to the network and firewall, thus we can’t open and close access ports at will.
3. The server is behind a firewall and access to it is only done through NAT.

Here are the only things I have:

1. SSH access to the remote server using a normal user account.
2. Read/Write permission to the application server files.
3. A cup of coffee and a pack of cigarette. Hehehehe!

The remote server have an internal IP, let’s say 192.168.128.7 and it can be accessed from the outside using a NAT external IP, like 203.192.28.31. So the problem now is, how can I open up a port in the remote server where the JProfiler server integration script would listen for connection and in turn connect my JProfiler program through it? Well how else, through a SSH tunnel of course!

I tried running the following SSH tunnel command from one of my Solaris test servers (using the default JProfiler port 8849) :

ssh -g -N -L 8849:203.192.28.31:8849 user@203.192.28.31

This should be the normal setup in which my test server should establish a SSH connection to the remote server, listen to port 8849 and then forward any connections to it to port 8849 of the remote server using the SSH tunnel.

For some reason this doesn’t seem to work, but for HTTP ports (80) and other access ports it seems to work but for JProfiler even if I don’t use default port 8849, the remote server doesn’t seem to receive the forwarded request. The only culprit I can think of here is the NAT setup of the remote server.

After much thinking, I came up with the idea that instead of using the external NAT IP of the remote server in ssh forwarding, I would just use the internal IP and just use the external IP to connect the test server to the remote server through SSH. Here’s the command I used:

ssh -g -N -L 8849:192.168.128.7:8849 user@203.192.28.31

Walaaah! It worked and I was able to connect.

I guess…the coffee and pack of cigarette did the trick ..

Early this morning, one of my colleagues in the office reported a problem with one of our Solaris (SPARC) servers. He claimed that he can’t login as root anymore. I verified the report and it was true. I’m not sure though if the problem was due to disk corruption since the disk was quite slow and we had to fsck the disk several times in single user mode, or it’s a security breach wherein someone managed to get into the server and change the root password. We’re still trying to confirm the cause of the problem but first things first .. we have to bring up the server since it’s being used by one of our development team for their current project.

Here’s what I did to bring up the server and reset the root password (I think this would also be useful for those password forgetful admin).

1. Through a terminal window, enter the LOM prompt and then boot the server from the CD-ROM:

#.

lom> break

ok> boot cdrom -s

2. After booting from the CD-ROM, mount the / partition. In this example, let’s say that your / partition on the disk is /dev/dsk/c0t0d0s1:

mount /dev/dsk/c0t0d0s1 /mnt

Note: You may want to check the disk for errors first by executing the command:
fsck -y /dev/dsk/c0t0d0s1

3. Now edit the /etc/shadow file using vi located in the /mnt directory (/mnt/etc/shadow). Just look for the line that looks something like this:

root:1d7jJmN023LM:12573::::::

This is the root account password data and what we want to do next is to make the password blank so edit the line so it woul look like this (removed the alpha-numeric characters after root:

root::12573::::::

4. Reboot the system and the root password would be blank so you can logon as root to the server without entering any password. Make sure that you change the password as soon as possible.

That’s all folks! Ciao!

I finally found a way in Qmail to forward carbon copy of all outgoing messages to an email address of your choice instead of writing it on a log file of a server.

Basically, you would need the source file extra.h of your Qmail installation. The said file would contain this lines:

#ifndef EXTRA_H
#define EXTRA_H

#define QUEUE_EXTRA “”
#define QUEUE_EXTRALEN 0

#endif

If for example you want to forward carbon copies of outgoing messages to postmaster@mysite.com, you just have to change the values of QUEUE_EXTRA and QUEUE_EXTRALEN like this:

#define QUEUE_EXTRA "Tpostmaster@mysite.com\0"
#define QUEUE_EXTRALEN 23

QUEUE_EXTRA would contain the email addres where you want the outgoing messages to be forwarded to. You just have to enclose the email address between a T and a \0.

On the other hand QUEUE_EXTRALEN would contain the number of characters of your email address plus 2 ( T is considered 1 additional character and \0 is also considered as 1). In this case, since postmaster@mysite.com contains 21 characters, adding 2 would make it 23 (basic math, ei ) .

After making the changes you have to re-compile the Qmail source code. So if your Qmail source files are located on /usr/local/src/qmail-1.03 you would do something like this:

1. Stop Qmail first
If you’re using daemontools:
svc -d /service/qmail

If you’re using qmailctl:
qmailctl stop

2. Go to your Qmail source directory
cd /usr/local/src/qmail-1.03

3. Recompile the codes
make setup check

4. Start qmail again
If you’re using daemontools:
svc -u /service/qmail

If you’re using qmailctl
qmailctl start

That’s it! Simple but useful for those mail administrators who would like to monitor the mails going out of their servers. Just make sure that you respect the privacy of your users and just try to read those mails that are suspicious or you think are abusive.

I guess this makes sense .. I wonder if Aphilo feels this way and if I had stood up to her expectations.. hmmm..

I just wish I did ..

***************************************************************************

In a brief conversation, a man asked a woman, “What kind of man are you looking for?”

She sat quietly for a moment before looking him in the eye and asking, “Do you really want to know?”

Reluctantly, he said “Yes.”

She began to expound…

“As a woman in this day and age, I am in a position to ask a man what he can do for me that I can’t do for myself. I pay my own bills. I take care of my household without the help of any man… or woman for that matter. I am in the position to ask, “What can you bring to the table?”

The man looked at her. Clearly he thought that she was referring to money.

She quickly corrected his thought and stated, “I am not referring to money. I need something more. I need a man who is striving for perfection in every aspect of life.”

He sat back in his chair, folded his arms, and asked her to explain. She said, “I am looking for someone who is striving for perfection mentally because I need conversation and mental stimulation. I don’t need a simple-minded man.”

“I am looking for someone who is striving for perfection spiritually because I don’t need to be unequally yoked… believers mixed with unbelievers is a recipe for disaster.”

“I need a man who is striving for perfection financially because I don’t need a financial burden.”

“I am looking for someone who is sensitive enough to understand what I go through as a woman, but strong enough to keep me grounded.”

“I am looking for someone who I can respect. In order to be submissive, I must respect him. I cannot be submissive to a man who isn’t taking care of his business. I have no problem being submissive… he just has to be worthy.”

“God made woman to be a help mate for man. I can’t help a man if he can’t help himself.” When she finished her spill, she looked at him.

He sat there with a puzzled look on his face. He said, “You are asking a lot.”

She replied, “I’m worth a lot.”

Last night, I received an email from my boss who’s in our head office in Europe regarding my new and not so new tasks based on his discussions with the management team from there.

Basically, I would continue to provide technical support to our local client which I had actually been working with for more than 3 years now. There are still a couple of issues that needs to be resolved but it would be of less priority since the system is quite stable for now.

I also received a couple of documentation tasks regarding the IMPS (Instant Messaging and Presence Server) Clients (both downloadable and embedded) available in the market today. I’ve started workin on this in the past few weeks but there are a couple of functionalities that I still need to test, such as GPRS (General Packet Radio Service) traffic count for each client as well as PEP (Presence Enchanced Phonebook) compliance.

The most exciting task I received was developing a Symbian based IMPS client. Yippeee!

I must admit that I am new to Symbian development as well as C++ so this would require quite some amount of effort to be able to start things up. Most of my life as a programmer was spent developing applications (both server side and client side) using Java, XML, HTML, xHTML, WML, etc., and just lately, ventured into J2ME/MIDP development. I have basic C programming skills that might be useful, but I haven’t been using it for quite some time except for debugging linux applications in our servers for compilation errors as well as patches for customization, but a complete development cycle in C was out of the picture for quite some time now.

As a starting point, I downloaded and installed Metrowerks CodeWarrior for Symbian Personal Edition version 2.8.3 from the Nokia Forum website. Version 3.0 of the said IDE is actually available but the trial license is only valid for 15 days so I went for version 2.8 which has a 90-day evaluation license; long enough for me to learn Symbian C++ development.

Right now, I’m very much eager to learn this new programming language and most of all, another competence that would add up to my profile, is pretty cool!

Well, for today I decided to spice up this blog a little bit.

During some of my free time, I tried to find a way to broadcast my MP3 files in my file server back in the office so I can hear it wherever I am .. at home, in a cafe, or anywhere where there’s Internet access. Well, I just realized that Shoutcast would do the trick since it can broadcast to WinAmp and the newer version of Windows Media Player (9 and 10), which I commonly use.

My setup was just very simple. The Shoutcast DNAS server resides in an external server in our DMZ (so as not to affect our LAN, security wise), and the Shoutcast broadcasting tool is installed on my file server where all my MP3s are stored. Both servers run on Linux since I don’t usually use Microsoft Windows for my office servers.. well, most of the techie guys out there would know why.

I decided to use Christopher Curtis’ WordPress plugin called Shoutcast what’s on so my blog would contain the link to my shoutcast server and the current song being played so my friends and site visitors would have something to listen to while reading my blog.

So far so good.. I’m now at home while writing this post and listening to my MP3 files broadcasted from my work place. Isn’t it cool?