October « 2009 « myGUIDE

20Oct/090

NinfG and Firewall

The latest version of NinfG (version 5.0) has a lot to offer in terms of allowing client-server connectivity. First, it introduces the invoke server module separating components used to invoke remote applications from the core. This does not only decouple NinfG from the Globus Toolkit like the previous versions, but it also allows the use of other middlewares such as SSH to execute remote commands. Since most Linux distributions already include some form of SSH, this makes the installation of NinfG more useful and a lot easier. You don’t have to install the Globus Toolkit just to install NinfG. The other feature I like is the communication proxy module, which tries to solve firewall-related problems. Unfortunately, NinfG currently only supports a communication proxy for the Globus Toolkit. If you don’t want to install the Globus Toolkit and only employ SSH invoke server, you are out of luck.

In this post, I would like to introduce a work-around of the firewall problem using only the SSH invoke server. The assumption is that the NinfG client and server applications are separated by a firewall. We would like also to assume that the client machine, where the client application is running, can connect to the server machine via SSH directly or via virtual private network. In this way, we can then use the SSH invoke server. If not, we are completely out of luck.

Although NinfG version 5 can now use SSH to invoke remote commands, it still has the same firewall problem inherent when using the Globus Toolkit. The reason is that the server application still needs to connect back to the client application. So if there is a firewall in-between client and server applications, this connection always fails and thus the entire application fails even if the client can connect to the server via SSH (since SSH connection is usually only allowed one way). This is further compounded if the client machine is in a NAT network.

To solve the problem, we should find a way such that the server application does not have to connect back directly to the client application, which causes the connection failure. My solution is therefore to use SSH port forwarding. Since we can connect to the server via SSH, we can instruct SSH to forward a port from the server machine to a local port in the client machine. We can then configure the server application to connect to this local port (in the server machine) instead of connecting directly to the client machine. At the same time, we can also configure the client application to listen to this specific local port.

Fortunately, NinfG allows us to do this using the configuration file. The specific section to use is the CLIENT section. The CLIENT section of the configuration file can look like this:

<CLIENT>
hostname localhost
listen_port 2222
</CLIENT>

This will trick the server application to connect to port 2222 in localhost (which is set to be the hostname of the connecting client). But local port 2222 in the server machine is forwarded to the client’s local port 2222 via SSH. So when the server application connects to this port, it is indirectly connected to the client application and thereby establishing the server and the client connection with SSH working in the background. The SSH command to achieve this is as follows (run from the client machine)

[user@client]$ ssh –R 2222:localhost:2222 remoteserver.com

For a more general setting, you can use a third machine which is globally accessible via SSH. You can then use SSH to forward a port from this third machine to a local port in the client machine and configure NinfG’s server applications to connect back to this machine in the forwarded port. The CLIENT section of the configuration file will now look like this assuming thirdserver.com is the hostname of the third machine.

<CLIENT>
hostname thirdserver.com
listen_port 2222
</CLIENT>

And the SSH command is

[user@client]$ ssh –R 2222:localhost:2222 thirdserver.com

This also assumes that you have an account in thirdserver.com machine. Or else, you will not be able to connect to it. In general, you should allow the forwarded port to be available to any machine, not just thirdserver.com. In this way, other server applications residing in other machines can connect to your client application via thirdserver.com. To do this, you can set GatewayPorts to yes in /etc/sshd_config in thirdserver.com.

Filed under: Howto, solutions No Comments

7Oct/090

How to change hostname in Linux

In order to change the hostname of your linux machine, you can do the following:

1) Edit file /etc/sysconfig/network using your favourite editor, say using vi.

[root@mycomp]# vi /etc/sysconfig/network

2) Look for the line with HOSTNAME in it and change the entry to the desired hostname

HOSTNAME=mycomp.mydomain.com

3) Save the file and restart xinetd service

[root@mycomp]# /sbin/service xinetd restart

That’s it! You have just changed your hostname in Linux platform

Tagged as: hostname, linux No Comments

6Oct/090

Regular expression

Especial Characters:

[
\
^
$
|
?
*
+
.
(
)

If you want to use any of the above characters as a literal in a regular expression, you need to escape them with a backslash. For example, 1\+1=2 will search 1+1=2.

With a character class or character set, you can tell the regex engine to match only one out of several characters. This can be done by simply placing the characters you want to match between square brackets. For example, if you want to match ‘a’ or ‘e’, simply use [ae]. Thus, gr[ae]y will match either gray or grey, but not graay, or graey, or similar strings.

To specify a range of characters or numbers, you can use a hyphen inside a character class. For example, [a-z] will match a single character from a to z, and [0-9] will match a single digit from 0 to 9.

Typing a ^ after the opening bracket will negate the character class. For example, q[^u] means a ‘q’ followed by characters not a ‘u’.

Note that the only metacharacters inside a character class are the closing bracket ], the backslash \, the caret ^, and the hyphen –. To include these characters inside a character class, you need to escape them with a backslash.

Short hand character classes include \d for [0-9], \w for “word character” or [0-9a-zA-Z_], and \s for “whitespace character”. Negated short hand character classes include \D for ^\d, \W for ^\w, and \S for ^\s.

The dot (.) matches a single character without caring what that character is, except new line characters.

Anchors match position before, between, or after characters. The caret ^ matches the position before the first character in the string. For example, applying ^a to “abc” matches ‘a’. But ^b will not match “abc” at all because ‘b’ cannot be matched at the start of the string. Similarly $ matches right after the last character in the string. c$ matches ‘c’ in “abc”, while a$ does not match at all.

\b for word boundaries. For example, \bis\b will match “is” in “This island is beautiful.”

Alternation or | is used to match one regular expression out of several regular expressions. For example, apple|banana|oranges. Note, you can use round brackets for regex grouping (e.g., \b(cat|dog)\b.

The question mark ? makes the preceding token in a regular expression optional. For example, colou?r matches both colour and color. You can make several tokens optional by grouping them together and attaching the question mark at the closing round bracket, such as Nov(ember)? which will match “Nov” and “November”.

The asterisk or star or * tells the engine to match the preceding token zero or more times. The plus + tells the engine to match the preceding token once or more times. You can limit the repetition by using {min,max} where min is a positive integer number indicating the minimum number of matches and max is an integer equal to or greater than min indicating the maximum number of matches. If comma is present but max is omitted, the maximum number of matches is infinite.

Tagged as: regex, regular expression No Comments