Net::FTP

FTP stands for File Transfer Protocol. This is a way to transfer files between network machines. The protocol defines a client(whose commands are provided by this module) and a server(which is not implemented in this module).
Communication is always initiated from the client. The server than responds with a message and a status code (and possibly data).

The FTP protocol allows you to send and retrieve files to the server. Each transfer includes local files (on the client) and remote files (on the server). In this module, if only one is specified, the same file name will used both locally and remotely. This means that if you do not specify a local file name, transferring remote file path to file will try to put the file in local path to file.

netstat -anl

[vagrant@localhost test]$ php -S 192.168.35.10:8000
[Fri Apr 5 08:52:04 2019] Failed to listen on 192.168.35.10:8000 (reason: Address already in use)

netstat -anl

[vagrant@localhost test]$ netstat -anl
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 192.168.35.10:8000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:37780 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 64 192.168.35.10:22 192.168.35.1:54547 ESTABLISHED
tcp 0 0 192.168.35.10:22 192.168.35.1:54544 ESTABLISHED
tcp 0 3520 192.168.35.10:22 192.168.35.1:50521 ESTABLISHED
tcp 0 0 192.168.35.10:22 192.168.35.1:51478 ESTABLISHED
tcp 0 0 192.168.35.10:22 192.168.35.1:51485 ESTABLISHED
tcp 0 0 192.168.35.10:8000 192.168.35.1:54691 TIME_WAIT
tcp 0 0 192.168.35.10:8000 192.168.35.1:54692 TIME_WAIT
tcp 0 0 ::1:25 :::* LISTEN
tcp 0 0 :::443 :::* LISTEN
tcp 0 0 :::3306 :::* LISTEN
tcp 0 0 :::111 :::* LISTEN
tcp 0 0 :::8080 :::* LISTEN
tcp 0 0 :::80 :::* LISTEN
tcp 0 0 :::39668 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 0.0.0.0:42054 0.0.0.0:*
udp 0 0 127.0.0.1:967 0.0.0.0:*
udp 0 0 0.0.0.0:111 0.0.0.0:*
udp 0 0 0.0.0.0:944 0.0.0.0:*
udp 0 0 :::33848 :::*
udp 0 0 :::56935 :::*
udp 0 0 :::5353 :::*
udp 0 0 :::111 :::*
udp 0 0 :::944 :::*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 13 [ ] DGRAM 8502 /dev/log
unix 2 [ ACC ] STREAM LISTENING 11210 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 6744 @/com/ubuntu/upstart
unix 2 [ ACC ] STREAM LISTENING 11270 private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 11274 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 11278 private/bounce
unix 2 [ ACC ] STREAM LISTENING 11282 private/defer
unix 2 [ ACC ] STREAM LISTENING 11286 private/trace
unix 2 [ ACC ] STREAM LISTENING 11290 private/verify
unix 2 [ ACC ] STREAM LISTENING 11294 public/flush
unix 2 [ ACC ] STREAM LISTENING 11298 private/proxymap
unix 2 [ ACC ] STREAM LISTENING 11302 private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 11306 private/smtp
unix 2 [ ACC ] STREAM LISTENING 11310 private/relay
unix 2 [ ACC ] STREAM LISTENING 11314 public/showq
unix 2 [ ACC ] STREAM LISTENING 11318 private/error
unix 2 [ ACC ] STREAM LISTENING 11322 private/retry
unix 2 [ ACC ] STREAM LISTENING 11326 private/discard
unix 2 [ ACC ] STREAM LISTENING 11330 private/local
unix 2 [ ACC ] STREAM LISTENING 11334 private/virtual
unix 2 [ ACC ] STREAM LISTENING 11338 private/lmtp
unix 2 [ ACC ] STREAM LISTENING 11342 private/anvil
unix 2 [ ACC ] STREAM LISTENING 11346 private/scache
unix 2 [ ] DGRAM 7122 @/org/kernel/udev/udevd
unix 2 [ ACC ] STREAM LISTENING 9985 /var/lib/mysql/mysql.sock
unix 2 [ ACC ] STREAM LISTENING 8580 /var/run/rpcbind.sock
unix 3 [ ] STREAM CONNECTED 72333
unix 3 [ ] STREAM CONNECTED 72332
unix 2 [ ] DGRAM 72329
unix 3 [ ] STREAM CONNECTED 72251
unix 3 [ ] STREAM CONNECTED 72250
unix 2 [ ] DGRAM 72247
unix 2 [ ] DGRAM 71574
unix 3 [ ] STREAM CONNECTED 66767
unix 3 [ ] STREAM CONNECTED 66766
unix 2 [ ] DGRAM 66763
unix 3 [ ] STREAM CONNECTED 63845
unix 3 [ ] STREAM CONNECTED 63844
unix 2 [ ] DGRAM 63841
unix 3 [ ] STREAM CONNECTED 63730
unix 3 [ ] STREAM CONNECTED 63729
unix 2 [ ] DGRAM 63726
unix 2 [ ] DGRAM 40479
unix 2 [ ] STREAM CONNECTED 18047
unix 2 [ ] STREAM CONNECTED 16398
unix 2 [ ] DGRAM 12216
unix 2 [ ] DGRAM 11375
unix 3 [ ] STREAM CONNECTED 11349
unix 3 [ ] STREAM CONNECTED 11348
unix 3 [ ] STREAM CONNECTED 11345
unix 3 [ ] STREAM CONNECTED 11344
unix 3 [ ] STREAM CONNECTED 11341
unix 3 [ ] STREAM CONNECTED 11340
unix 3 [ ] STREAM CONNECTED 11337
unix 3 [ ] STREAM CONNECTED 11336
unix 3 [ ] STREAM CONNECTED 11333
unix 3 [ ] STREAM CONNECTED 11332
unix 3 [ ] STREAM CONNECTED 11329
unix 3 [ ] STREAM CONNECTED 11328
unix 3 [ ] STREAM CONNECTED 11325
unix 3 [ ] STREAM CONNECTED 11324
unix 3 [ ] STREAM CONNECTED 11321
unix 3 [ ] STREAM CONNECTED 11320
unix 3 [ ] STREAM CONNECTED 11317
unix 3 [ ] STREAM CONNECTED 11316
unix 3 [ ] STREAM CONNECTED 11313
unix 3 [ ] STREAM CONNECTED 11312
unix 3 [ ] STREAM CONNECTED 11309
unix 3 [ ] STREAM CONNECTED 11308
unix 3 [ ] STREAM CONNECTED 11305
unix 3 [ ] STREAM CONNECTED 11304
unix 3 [ ] STREAM CONNECTED 11301
unix 3 [ ] STREAM CONNECTED 11300
unix 3 [ ] STREAM CONNECTED 11297
unix 3 [ ] STREAM CONNECTED 11296
unix 3 [ ] STREAM CONNECTED 11293
unix 3 [ ] STREAM CONNECTED 11292
unix 3 [ ] STREAM CONNECTED 11289
unix 3 [ ] STREAM CONNECTED 11288
unix 3 [ ] STREAM CONNECTED 11285
unix 3 [ ] STREAM CONNECTED 11284
unix 3 [ ] STREAM CONNECTED 11281
unix 3 [ ] STREAM CONNECTED 11280
unix 3 [ ] STREAM CONNECTED 11277
unix 3 [ ] STREAM CONNECTED 11276
unix 3 [ ] STREAM CONNECTED 11273
unix 3 [ ] STREAM CONNECTED 11272
unix 3 [ ] STREAM CONNECTED 11269
unix 3 [ ] STREAM CONNECTED 11268
unix 3 [ ] STREAM CONNECTED 11266
unix 3 [ ] STREAM CONNECTED 11265
unix 3 [ ] STREAM CONNECTED 11209
unix 3 [ ] STREAM CONNECTED 11208
unix 3 [ ] STREAM CONNECTED 11206
unix 3 [ ] STREAM CONNECTED 11205
unix 2 [ ] DGRAM 11167
unix 2 [ ] DGRAM 8661
unix 3 [ ] STREAM CONNECTED 8461
unix 3 [ ] STREAM CONNECTED 8460
unix 3 [ ] DGRAM 7139
unix 3 [ ] DGRAM 7138

ん?listenになってる??ランダムでポートが使われているってこと??

「上記コマンドで該当のPIDをを見つけ、killすれば解決する?」
[vagrant@localhost test]$ lsof -i:192.168.35.10:8000
-bash: lsof: コマンドが見つかりません

なにいいいいいいいいいい

VBoxManage controlvm “guest OS”

Operate specified guest OS

%VBoxManage controlvm "guest os" [ poweroff  | savestate | reset | pause | resume ]

The second argument in controlvm specifies the control option

Added port forwarding settings from the command line in VirtualBox

VBoxManage controlvm "guest OS" natpf1 "nginx,tcp,127.0.0.1,8080,,80"

In this sample, port forwarding 8080 of localhost to port 80.

VBoxManage controlvm "guest OS" natpf1 ssh,tcp,,22022,,22

etc/sysconfig/network-scripts/ifcfg-eth0

The interface configuration file controls the software interface of individual network devices. The system uses these files at boot time to decide which interface to activate and how to configure. These files are usually named ifcfg-name. Name refers to the name of device controlled by the configuration file.

Ethernet interface
etc/sysconfig/network-scripts/ifcfg-eth0 is one of the most common interface files. It controls the system’s first Ethernet network interface card or NIC. In a system with multiple NICs, there are multiple ifcfg-ethx files. Because each device has its own configuration file, the administrator can control how each interface works separately.

[vagrant@localhost tests]$ cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
BOOTPROTO="dhcp"
IPV6INIT="yes"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"

何!?

onboot=”yes”

yes- the device must be activated at boot time.
no – this device does not need to be activated at boot time

sed -i -e "s/ONBOOT=no/ONBOOT=yes/" /etc/sysconfig/network-scripts/ifcfg-eth0

Windows10 VPN connection

With VPN connection, you can connect securely via the company’s network or the Internet(when working in a public place like a coffee shop).

Before connecting to VPN, it is necessary to prepare a VPN profile on the PC. You can create a VPN profile yourself or set up a workplace account to get a VPN profile from your company.

On the add VPN connection screen, do the following:
Under VPN Provider, select Windows(built-in). In the Connection name box, enter the friendly name of the VPN connection profile(for example, your VPN). This is the name of the VPN connection search for when connecting. In the server name and address box, type the VPN server address.
Under [VPN type], select the type of VPN connection to be created. You need to know the type of VPN connection used by user computer or VPN service. In the type of sign-in information, select the type of sign-in information (credential information) to use. It will be a user name and password, a one-time password, a certificate, or a smart card if you connect to VPN at work. Enter a user name and password in each box(optional).

VPN Connection

VPN is a virtual private network built using public lines. It is a technology that allows you to share data and information using a VPN device such as a router with VPN function even if you are a remote location. The merit of VPN is that it costs less than leased line. Especially for Internet VPN it is inexpensive because it uses normal internet line contract.

VPN is a network technology that has been in use since the 2000s, with the background of the development of IT technology and virtualization technology in the background. Besides low-cost merits, data communication is also secured for safety, so more enterprises are introducing it.

Mechanism and features of VPN connection using the Internet
To establish a VPN connection between business offices located in geographically remote places, connect a LAN by installing a VPN dedicated router at both offices. This creates a virtual leased line via the Internet and allows you to access data on each other’s servers even if you are at a remote place. Because it becomes like connected to a common LAN, even you are away, you can share files and the work the same way.

Writing automatic configuration script, PAC file

In the PAC file, describe the processing condition for specifying the proxy server to use based on the information such as the URL of the access destination. Within script processing, it returns the destination(URL or IP address) and port number of the proxy server matching the condition such as the host name of the URL and the IP address.

PAC file sample

function FindProxyForURL(url, host){
  if(isPlainHostName(host)){
    return "DIRECT";
  } else {
    if (shExpMatch(url, "http://www.bing.com/")){
      return "PROXY www.bing-proxy.com:6060";
    } else if (shExpMatch(url, "http://www.microsoft.com/")){
      return "PROXY www.microsoft-proxy.com:7070";
    } else {
      return "PROXY www.other-proxy.com:8080"
    }
  }
}

Proxy server setting method of Windows 10

When browsing a web page on the internet, it may be set to access via a specific server. This server is called “Proxy server”. It can also be used for non-web access.

The main advantages of this setting are as follows.

Caching can be used when viewing the same web page from multiple personal computers.
(It is unnecessary for all the personal computers to acquire the same data, and the communication volume is reduced)
You can use the “filter” function of not accessing specific URLs.
It is possible to collectively record access histories of all personal computers.

Let’s see how to set “proxy server” on Windows 10.

Open setting and chose network and internet.

Here you can see proxy.

Use setup script
use automatic configuration script
Just specify the location of the PAC file. In what cases proxy to use is described in the PAC file (programming language, a file written in JavaScript)

Specify the URL of the PAC file
Manual proxy set up
specify your own proxy server(specify address and port)
setting method
specify the proxy server address and port number

iptablesの無効化

iptablesとは一般的なLinuxに搭載されているパケットフィルタ
パケットとは、ネットワーク上を流れるデータの事。パケットフィルタとは、このパケットを選別して、通すものと通さないものを分けるということを意味
iptablesは商用製品に匹敵する、とても高機能かつ高性能なパケットフィルタ
サーバ自身を守ることはもちろん、パケット転送などにも対応しているため、ネットワークアダプタを二つ搭載したマシンの上で動作させパケット転送制御を行うことで、ネットワーク型ファイアウォールとしても使用可能

現在設定されているポリシー
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all — anywhere anywhere ctstate RELATED,EST ABLISHED
ACCEPT all — anywhere anywhere
INPUT_direct all — anywhere anywhere
INPUT_ZONES_SOURCE all — anywhere anywhere
INPUT_ZONES all — anywhere anywhere
DROP all — anywhere anywhere ctstate INVALID
REJECT all — anywhere anywhere reject-with icmp-ho st-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all — anywhere anywhere ctstate RELATED,EST ABLISHED
ACCEPT all — anywhere anywhere
FORWARD_direct all — anywhere anywhere
FORWARD_IN_ZONES_SOURCE all — anywhere anywhere
FORWARD_IN_ZONES all — anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all — anywhere anywhere
FORWARD_OUT_ZONES all — anywhere anywhere
DROP all — anywhere anywhere ctstate INVALID
REJECT all — anywhere anywhere reject-with icmp-ho st-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all — anywhere anywhere

Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all — anywhere anywhere [goto]
FWDI_public all — anywhere anywhere [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all — anywhere anywhere [goto]
FWDO_public all — anywhere anywhere [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_direct (1 references)
target prot opt source destination

Chain FWDI_public (2 references)
target prot opt source destination
FWDI_public_log all — anywhere anywhere
FWDI_public_deny all — anywhere anywhere
FWDI_public_allow all — anywhere anywhere
ACCEPT icmp — anywhere anywhere

Chain FWDI_public_allow (1 references)
target prot opt source destination

Chain FWDI_public_deny (1 references)
target prot opt source destination

Chain FWDI_public_log (1 references)
target prot opt source destination

Chain FWDO_public (2 references)
target prot opt source destination
FWDO_public_log all — anywhere anywhere
FWDO_public_deny all — anywhere anywhere
FWDO_public_allow all — anywhere anywhere

Chain FWDO_public_allow (1 references)
target prot opt source destination

Chain FWDO_public_deny (1 references)
target prot opt source destination

Chain FWDO_public_log (1 references)
target prot opt source destination

Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all — anywhere anywhere [goto]
IN_public all — anywhere anywhere [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain INPUT_direct (1 references)
target prot opt source destination

Chain IN_public (2 references)
target prot opt source destination
IN_public_log all — anywhere anywhere
IN_public_deny all — anywhere anywhere
IN_public_allow all — anywhere anywhere
ACCEPT icmp — anywhere anywhere

Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp — anywhere anywhere tcp dpt:ssh ctstate NEW

Chain IN_public_deny (1 references)
target prot opt source destination

Chain IN_public_log (1 references)
target prot opt source destination

Chain OUTPUT_direct (1 references)
target prot opt source destination

chain forward, chain inputなどがある

Chain INPUT (policy DROP)
Chain FORWARD (policy DROP)
Chain OUTPUT (policy ACCEPT)

ルーティングして、input, forward, outputしてアプリケーションに接続している。
あああああああああ、これやべーやつだ。

sshdのポートを22番以外で開ける

ネットワークの入り口:ゲートウェイから全てのパケットが入ってくるので、サーバ毎にFirewallを設定する必要がある
Linuxであればiptables

22番以外を開ける理由は、22番ポートへの侵入を目的とするアタックを回避する

VPN経由で内部からしかリモートログインできない、特定のIPアドレスからのみリモートログイン出来る、という場合はFirewallが守る

代表的なプロトコル
ssh: tcp 22
http: tcp 80
https: tcp 443

ftpを使うなら tcp20, telnet 23, smtp 25, dns 53, dhcp 67, dp 68, pop3 110, ntp 123

なるほどね。