Rusty Razor Blade

SSH Reverse Tunnel To Access Box Behind Firewall

I frequently need to get access to a machine behind a firewall to do some web development, but I don’t have a VPN available. Not a problem – just use a reverse SSH tunnel. By the end of this tutorial, we’ll be able to SSH to the remote server, as well as view any web pages that server has access to.

We’re going to connect to the remote server using our local port 5000 – here’s how.

The 2 boxes we’ll use will be my.home.com (also referred to as localhost) and my.remote.com. We’re assuming you somehow have access to my.remote.com – maybe while at work or through some tool like Citrix. You might want to add monitoring to this to make it stable, but that’s outside the scope of this tutorial. Also, you’ll need direct outside access to your home machine – so you might need to configure your router to do port forwarding.

1. First, from the remote server, SSH back to yourself.
   

   ssh -R 5000:localhost:22 username@my.home.com

   You can now SSH to the remote box through the tunnel by typing

   ssh localhost -p 5000

   All local traffic that connects to port 5000 is being forwarded via SSH through your reverse tunnel, back to port 22 on the remote machine.

   The other half of the problem is viewing web pages of dev boxes behind the firewall – it turns out this is pretty easy once you’ve got the reverse proxy going.

2. On your home machine type the following:

   ssh -D 9999 username@localhost -p 5000

3. Next, you’ll need to set up a SOCKS proxy. Open your browsers settings and it to the server “localhost” on port 9999. This will forward your traffic back through the tunnel and to the remote server. I do this using FoxyProxy & Firefox, so I can limit the domains that actually route through the proxy.

   

That’s about it – you should now be able to visit any site that’s in the private network. You now have command line and full browser access.

Helpful references:

howtoforge.com/reverse-ssh-tunneling

embrace ubuntu

These icons link to social bookmarking sites where readers can share and discover new web pages.
• 
• 
• 

Posted in links | 1 Comment »

Textmate – Stop ._ Backup Files

Pretty sure this stops TextMate from creating the ridiculous backup files in my network shares.

defaults write com.macromates.textmate OakDocumentDisableFSMetaData 1

Posted in textmate, tips | No Comments »

CANCEL MY GOOGLE!

I can’t believe this stuff exists… I love the internet.

hello i am 82 years old and google is on my computer withour permission IT IS UNCONSTITUTIONAL. my compoter is slow now and i want to contact the internet what is the number?

Original awesome post

Posted in links | No Comments »

Running Puppet Master on Mac OS X Snow Leopard

As of a few hours after this post, I’ve given up trying to get Puppet Master running on Snow Leopard. There appears to be an issue with the SSL certificates generated that’s preventing puppetd from getting it’s recipes. There doesn’t appear to be any way to disable this. I have switched to a CentOS VM, which worked perfectly the first time. The Unixy underpinnings of my Mac seem to be getting less and less useful every day.

I kept getting the below error when trying to start puppet, even though I had created the user and group through the accounts prefs pane. Apparently that’s not good enough for the PuppetMaster to run.

For some reason this figuring this out was a huge pain. These are the steps I took to getting it installed. If it looks simple, well, that’s because it really is. Most people suggest solving this with MacPorts, but then I still wouldn’t know how to set up users and groups on Snow Leopard, so I’d just be screwing myself over in the long run.

Anyways, here’s the error I was getting:

err: /File[/var/puppet/rrd]: Failed to retrieve current state of resource:
Could not find group puppet

How to solve:

1. Install Facter and Puppet


This is easy enough – Snow Leopard comes with Ruby by default. Both can be downloaded from the Reductive Labs download page.

2. Install Server Admin Tools.


As of this blog entry, you can find them in Apple’s downloads section, although it was kind of a pain to find.

3. Enable Remote Management for youself


I was not able to connect to localhost until I enabled this option. You can control which users have management rights, so I’m not to concerned here.

4. Create user and group for puppet.


Use the GUI tool to create new a puppet user and group. You should now be able to start the pupptermasterd (yay!)

I’ll expand this post if I realize I forgot anything, or if questions come in.

Posted in mac, puppet | No Comments »

Dear Priceline: Seriously, WTF?

Dear Priceline,

You really can’t do better than $680 for a flight from LAX to Vegas? Seriously, why is this the #1 listing? For those of you who aren’t aware, it’s a 1 hour flight that normally costs $60 each way.

Southwest (cropped out middle prices for simplicity)

Lame.

Posted in Uncategorized | No Comments »

The Lack of Flexibility of Stored Procedures in MySQL

Over three years ago I wrote about how you cannot use a stored procedure in a subquery. Well, it’s 2010, and I’m still annoyed by this and a handful of other things.

I was just working today on a report consisting of a series of queries, taking about a minute to generate. Some of the data would be created in a temporary table and queried against multiple times for performance reasons, and ultimately spit out into a CSV file for someone to examine later. I also would like to be able to return the result set, and perform queries on it, which is much faster than querying a view.

Fortunately, MySQL’s awesome SELECT … INTO OUTFILE can easily write CSV files to disk, so I’m covered there.

So when I started working on this, I was thinking this would be a great opportunity to demonstrate the flexibility and usefulness of stored procedures – after all, we will likely be needing this report again. However, there’s an issue. You can’t return a result set from a stored proc that you can actually do anything with. Everything gets spit directly back to the client. So, what are the alternatives?

Read the rest of this entry »

Posted in mysql, rant | 5 Comments »

Redhat/Centos: Control Apache Startup with Chkconfig

Copy apachectl (or symlink it) to /etc/init.d/httpd, and add these two lines at the end of the comment section:

# chkconfig: 2345 64 36
# description: script for starting and stopping httpd

chkconfig –add httpd

These commands will now work:

service httpd start
service httpd stop

Additionally, apache will start when the system boots. You can accomplish this by using rc.local too, if you prefer, but I think it’s more convenient to have everything be service based where you can use chkconfig to manage startup / shutdown.

Posted in linux | No Comments »

Linux/OSX: find out what network ports are in use

To get a quick idea of what ports you have open on your local box, you can use nmap.

~ jhaddad$ nmap localhost
Starting Nmap 5.00 ( http://nmap.org ) at 2010-01-05 11:06 PST
Interesting ports on localhost (127.0.0.1):
Not shown: 499 closed ports, 492 filtered ports
PORT STATE SERVICE
80/tcp open http
88/tcp open kerberos-sec
548/tcp open afp
631/tcp open ipp
3306/tcp open mysql
3325/tcp open unknown
5900/tcp open vnc
9000/tcp open cslistener
10000/tcp open snet-sensor-mgmt

For more detailed information, try netstat:

netstat -an

You’ll get a breakdown of every socket open on your machine – useful for figuring out who’s connected and from where.

The OSX version of netstat lacks a few options – such as the useful ‘-p’ option to display the process id (PID) – which can be useful combined with kill to get rid of unwanted connections – for instance,an SSH tunnel accidentally left open.

Posted in apple, linux, tips | 2 Comments »

MacBook Air Battery Drain While Sleeping

I bought a MacBook Air in June this year, refurbished. I didn’t really use it a lot for day to day work, and when I didn’t use it I was charging it. It was very convenient – it weighs practically nothing and has almost no impact on me while traveling. When I cut back on using it, I noticed a few things.

1. When I’d leave it unplugged for a few days, the battery would be dead. After a bit of testing I noticed I was losing roughly 25% of my battery life overnight if it wasn’t unplugged.
2. It started creaking when I’d open it. I was genuinely concerned it would just fall apart when I was trying to open it.

Obviously both of these things suck, so after a bit I brought it to the Apple store. They pretty much replaced everything in it – battery, logic board, screen bezel, hinges, and gave it back to me. So problem #2 was solved, but for some reason I kept seeing the battery issue.

I brought it back Monday of this week. The guy there (Ryan) explained to me that since I wasn’t up to date w/ my software, the tech guys would basically just give it back and refuse to work on it. He suggested resetting the PRAM and calibrating the battery. He also didn’t seem to think that losing 25% battery overnight was weird, even though I’ve owned 2 MacBook Pros and 2 iBooks that never had this issue – I could leave my MacBook Pro unplugged for days and it would only lose a few %.

I did these things, but it didn’t make a difference. It was only after a ton of looking around that someone suggested turning off bluetooth.

After turning off bluetooth, I let the laptop sit overnight in sleep. I checked it the next morning, and it was only down 4% from the night before. Huge improvement. I think I could have accomplished the same thing if I turned off the “Allow Bluetooth devices to wake this computer” setting, but since I’m not using it, I’d rather just disable it.

Anyway, if anyone knows anything else about this issue, I’m interested to find out more. I like the Air as a “sit on the couch and browse the web” laptop, hate it for doing any sort of IDE development. Also not great for playing Scrabble on Facebook – it can’t hold the entire board on the screen. Lame.

Posted in apple, tips | No Comments »

Stored Procedure For Finding Columns In MySQL

Looking for instances particular column in a large schema can be a pain. Fortunately the information schema makes this pretty easy, if your columns have a consistent naming convention.

SELECT table_schema, table_name, column_name
FROM information_schema.columns
WHERE column_name LIKE '%some_name%';

Now, if we want to wrap this up into an easy to use stored procedure, we can do something like this:

drop procedure find_column;
delimiter //
CREATE PROCEDURE find_column(c varchar(255))
begin
	SET @a = CONCAT("%", c, "%");
	SELECT table_schema, table_name, column_name, column_type
		FROM information_schema.columns
		WHERE column_name LIKE @a;
end
//
delimiter ;

We need to use the concat statement in order to properly get the quotes in there without using the literal string “c” in the LIKE statement.

You can do a search as follows:

CALL find_column("some_column");

Learn more on the MySQL Stored Procedures section of mysql.com

Edit: added column type on suggested by Roland Bouman.

Posted in mysql, stored procedure | 3 Comments »