If you need to determine your user identifier (uid) and group identifer (gid) on a Unix or Linux system, you can use the
id command.
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
id command.
I can use the Terminal program which is in the Applications/Utilities
folder on the Mac laptop - the Terminal program comes with OS X.
If the server behind the firewall is accessible as server1.example.com and
my userid on it is jsmith, and the printer I want to access has an IP address
of 192.168.1.50, I can use the following command:
ssh -L 9100:192.168.1.50:9100 jsmith@server1.example.com
That -L option allows me to specify a port on the local system,
i.e. my laptop, to be forwarded to some other port on whatever system I
specify after the first ":". In this case, once I've established an SSH
connection to server1.example.com, any data I send to
TCP
port 9100 on the laptop will automatically be forwarded through the SSH tunnel
I've established to port 9100 on 192.168.1.50. I don't have to specify an
IP address, I could also use a name, such as printer1.example.com, if that
was a name assigned to the printer and that name was usable outside of the
firewall.
The reason I used port 9100, is that port is used by the Xerox WorkCentre 5030 to listen for print jobs over the network. That port is a de facto standard port used by many networked printers. It is used by Hewlett Packard (HP) on their JetDirect cards and is widely used by other printer manufacturers as well. The connection established via this port is usually full duplex and provides error messages and status information during printing. Port forwarding via port 9100 also has the advantage over using port 515, i.e., the LPD (RFC 1179) protocol, in that it doesn't require the use of the root account on the Mac, since the port number is above 1023.
I also need to add a printer to the Mac that points to the SSH tunnel. To do so, I can use the steps below (note: you should establish the SSH connection first prior to adding the printer, so that your system can communicate with the printer to determine options the printer supports):
127.0.0.1, which is the "loopback"
address for the local system (you could also use
localhost, instead).Xerox 5030 (port forwarded) to distinguish the printer
I created from Xerox 5030, which I use when the laptop is on
the same network as the printer.
Now, whenever I've established the SSH connection, I can print to the printer
I added. I can print to other printers behind the firewall by adding a
printer to the Mac with a different name and the appropriate driver, e.g.,
I also added an HP Color LaserJet CP3525 printer. If its address is
192.168.1.61, I can print to it instead by using
ssh -L 9100:192.168.1.61:9100 jsmith@server1.example.com,
instead of 192.168.1.61 for the other printer. You can only
port forward port 9100 to one destination at a time, so I would need to exit
from the prior SSH connection first, if I was already port forwarding port 9100
to the other printer.
[/os/windows/software/graphics/adobe/photoshop] permanent link
cdrecord command
under Linux, if you have the
cdrecord package
installed. E.g., cdrecord -v slax-6.1.2.iso. The -v
option, increments the general verbosity level by one. This can be used to
display the progress of the writing process.
CDRecord is a command line CD/DVD recording program. Cdrecord is an application for creating audio and data CDs. Cdrecord works with many different brands of CD recorders, fully supports multi-sessions and provides human-readable error messages.
You can use the get policy command to obtain a list of existing
policies, aka firewall rules.
ns5xp-> get policy
Total regular policies 1, Default deny.
ID From To Src-address Dst-address Service Action State ASTLCB
1 Trust Untrust Any Any ANY Permit enabled -----X
You can use the get service command to obtain a list of existing
services. You will see the standard services, e.g., SSH, TELNET, TFTP, etc.,
as well as any custom services you've created.
Let's asume I want to use port 1222 for SSH connections to a system named Server1, which is on the trusted side of the firewall with IP address 192.168.0.4. In this case the firewall is not using Network Address Translation (NAT). I could use the following commands:
set address trust "Server1" 192.168.0.4 255.255.255.255 "Web server #1"
set service "Server1 SSH" protocol tcp src-port 0-65535 dst-port 1222-1222
set policy id 2 name "Server1 SSH" from "Untrust" to "Trust" "Any" "Server1"
"Server1 SSH" permit log count
With the set address command, I indicate that the system is on
the trusted side of the firewall and that I want to associate the name
Server1 with the IP address for the system, which is 192.168.0.4.
Since the name is associated with one specific IP address, I use a subnet mask
of 255.255.255.255. I then add a comment about the system, i.e.,
"Web server #1" in this case.
I then create a custom service, which I name "Server1 SSH". It
uses the TCP protocol. I don't care about the source port, but the nonstandard
destination port I am using for SSH is 1222. I put in
1222-1222 for the port range, since I'm just using one port.
For the above policy, I'm assuming that there is no existing policy id
2, so I'm using that for the policy number. After
the policy id number is specified, in this case 2, I specify a name
for the policy to make its purpose clear, Server1 SSH
in this case. I then specify the direction of the data flow, which is
from "Untrust" to "Trust". I want to allow any source IP
address to connect, so I use "Any" for the source and then
use "Server1", which is the named address I created with a
prior command, for the destination. I then specify the service. If it
was for SMTP email, I could have used SMTP, but, in this
case, I'm using the custom "Server1 SSH" service I set up
with a prior command. I then specify permit, since I want
to permit the traffic, not block it. I've also chosen to log the traffic
and count the packets.
If I don't want to make any further changes, I can use the
exit command. I'll then be prompted as to whether I want
to save the changes I've made.
ns5xp-> exit Configuration modified, save? [y]/n y
If I want to view the service and policy I created, I can use the
get service and get policy id commands.
ns5xp-> get service "Server1 SSH" Name: Server1 SSH Category: other ID: 0 Flag: User-defined Transport Src port Dst port ICMPtype,code Timeout(min) Application tcp 0/65535 47050/47050 30 ns5xp-> get policy id 2 name:"Server1 SSH" (id 2), zone Untrust -> Trust,action Permit, status "enabled" src "Any", dst "Server1", serv "Server1 SSH" Policies on this vpn tunnel: 0 nat off, url filtering OFF vpn unknown vpn, policy flag 0000, session backup: on traffic shapping off, scheduler n/a, serv flag 00 log yes, log count 1, alert no, counter yes(1) byte rate(sec/min) 0/0 total octets 0, counter(session/packet/octet) 0/0/1 priority 7, diffserv marking Off tadapter: state off, gbw/mbw 0/-1 No Authentication No User, User Group or Group expression set
Additional information on creating firewall rules can be found in Juniper Network's Concepts & Examples ScreenOS Reference Guide Volume 2: Fundamentals.
References:
I installed TVersity 1.8 Beta software to stream video stored on a Windows 7 PC to a Wii today. TVersity is free software that allows one to stream video and music from a Windows PC to console systems, such as the Wii, Xbox 360 and PS3.
[ More Info ]
