This isn’t radical, but it tripped me up for half an hour…

SSH tunneling is a great easy way of remotely accessing a network if you’ve access to an SSH account within it - using something like PuTTY you set up whichever ports you want access to and they magically appear locally.

But ftp is a bit trickier - the protocol needs two ports - 21 and another one. I couldn’t figure out how to configure tunnels in PuTTY to let the second port through, even using PASV connections.

But then I twigged all the references to SCP and SFTP which didn’t seem relevant as I wanted to reach a different remote machine to the one I was SSH’d to - tunnel port 22 to the machine you want to reach using PuTTY and then with the tunnel open you can use something like PSFTP to SFTP to the remote machine.

Make sense?

From TrainBlog:

“The zombies of Colchester who in the half light walk the train of despair desperate for a space to stand and mutate in to middle management. Help, can no one show them the light?

Go towards the light, work from home!”

“Feeling Lucky, Buh?….You’ve got Norfolk Enchants!”

I was at the first night of the rescheduled run of the Nimmo Twins “Normal for Norfolk 11: Bat out of Hellesdon” at the Norwich Playhouse last night, and it was worth the wait. Good to see Karl’s humour (hoomur) seems to have survived his ‘incident‘.

As ever, old characters and content and new (I was also at one of the previews last April), but all righteously hilarious, especially for those who know and love Norfolk. Not for ‘foreigners’ from Ipswich though, or those easily offended.

From a song about the Puppet Man to the tune of Elton John’s Rocket Man, to a speech on behalf of the Mardy Party, to the City Councillors and of course everyone’s favourite She-gew.

It would seem the theme this year is the word ‘mardy‘, and an ongoing fascination with ‘taking it up the wrong’un‘

Would I go again? “umfug gnu!“

I had a big problem getting an Ubuntu Feisty Fawn Apache2 instance to use proxying rewrite rules.

Firstly, mod_rewrite is not enabled by default, which is probably no bad thing. So ’sudo a2enmod rewrite’ fixes that.

Now I can use a rule to allow my main server to proxy requests through to a smaller server: ‘RewriteRule ^(.*)$ http://192.168.1.16$1 [P]‘ but no - I’m getting a ‘403 Forbidden’ error. Checking the Apache error log I find ‘attempt to make remote request from mod_rewrite without proxy enabled’

So proxying needs enabling. If I do ’sudo a2enmod proxy’ the error changes to ‘client denied by server configuration’ so I try changing ProxyRequests to on in /etc/apache2/mods-available/proxy.conf, and the very insecure ‘Allow from all’ in the proxy block.

Now I’m getting a warning ‘proxy: No protocol handler was valid for the URL /. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.’ in the error log - so I try ’sudo ln -s ../mods-available/proxy_http.load /etc/apache2/mods-enabled/proxy_http.load’ to manually add the http sub_module and bingo!

Now to tidy up the mess - other than the manually created symbolic link, all I’ve done is tweak /etc/apache2/mods-available/proxy.conf thusly:

<IfModule mod_proxy.c>
#turning ProxyRequests on and allowing proxying from all may allow
#spammers to use your proxy to send email.

ProxyRequests On

# <Proxy *>
# AddDefaultCharset off
# Order deny,allow
# Deny from all
# #Allow from 192.168.1.
# </Proxy>

<Proxy http://mysite.com/*>
Order deny,allow
Allow from all
</Proxy>

# Enable/disable the handling of HTTP/1.1 “Via:” headers.
# (”Full” adds the server version; “Block” removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block

ProxyVia On
</IfModule>

That seems to be working, although I’m sure there must have been a tidier way.

Postscript - WARNING: This has just had unintended consequences - I seem have enabled some grebs to use my network to proxy requests. Other than cloaking the original destination of the traffic (and it seems to be most banner ads and clickthru redirects, from a few IP addresses) I don’t see what has been gained, and if I hadn’t been closely examining logs and traffic recently it could have slipped past my attention.

So with hindsight - think very carefully about enabling proxy-http modules - I don’t know exact details of what went on, but I now regret doing it!