MoonPoint Support Logo


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals

Advanced Search
Sun Mon Tue Wed Thu Fri Sat

Tue, May 18, 2010 4:17 pm

Id Command

If you need to determine your user identifier (uid) and group identifer (gid) on a Unix or Linux system, you can use the id command.

[/os/unix/commands] permanent link

Thu, May 13, 2010 6:28 pm

Remote Printing via SSH Port Forwarding

I need to print from my MacBook Pro laptop when I'm using a wireless connection to a Xerox WorkCentre 5030 printer on a wired network behind a firewall. The ports I would need to use to send print jobs to the printer aren't open on the firewall, but I can make an SSH connection from the wireless network to a server behind the firewall. So that gives me a means to print from the laptop while it is on the wireless network. I can simply port forward print jobs via an SSH tunnel.

I can use the Terminal program which is in the Applications/Utilities folder on the Mac laptop - the Terminal program comes with OS X. If the server behind the firewall is accessible as and my userid on it is jsmith, and the printer I want to access has an IP address of, I can use the following command:

ssh -L 9100:

That -L option allows me to specify a port on the local system, i.e. my laptop, to be forwarded to some other port on whatever system I specify after the first ":". In this case, once I've established an SSH connection to, any data I send to TCP port 9100 on the laptop will automatically be forwarded through the SSH tunnel I've established to port 9100 on I don't have to specify an IP address, I could also use a name, such as, if that was a name assigned to the printer and that name was usable outside of the firewall.

The reason I used port 9100, is that port is used by the Xerox WorkCentre 5030 to listen for print jobs over the network. That port is a de facto standard port used by many networked printers. It is used by Hewlett Packard (HP) on their JetDirect cards and is widely used by other printer manufacturers as well. The connection established via this port is usually full duplex and provides error messages and status information during printing. Port forwarding via port 9100 also has the advantage over using port 515, i.e., the LPD (RFC 1179) protocol, in that it doesn't require the use of the root account on the Mac, since the port number is above 1023.

I also need to add a printer to the Mac that points to the SSH tunnel. To do so, I can use the steps below (note: you should establish the SSH connection first prior to adding the printer, so that your system can communicate with the printer to determine options the printer supports):

  1. Click on the "Apple" at the top left corner of the screen.
  2. Select System Preferences.
  3. Under Hardware, select Print & Fax.
  4. Click on the "lock" icon to make changes and provide the correct password.
  5. Click on the "+" to add a new printer.
  6. For Protocol, select "HP Jetdirect - Socket".
  7. For Address, put, which is the "loopback" address for the local system (you could also use localhost, instead).
  8. You can leave Queue blank.
  9. For Name, put in some name that is meaningful to you, e.g., I used Xerox 5030 (port forwarded) to distinguish the printer I created from Xerox 5030, which I use when the laptop is on the same network as the printer.
  10. For location, put in whatever you wish to describe the location of the printer.
  11. For Print Using, select the printer to which you will be printing, so the correct printer driver is installed.
  12. Then click on the Add button.

Now, whenever I've established the SSH connection, I can print to the printer I added. I can print to other printers behind the firewall by adding a printer to the Mac with a different name and the appropriate driver, e.g., I also added an HP Color LaserJet CP3525 printer. If its address is, I can print to it instead by using ssh -L 9100:, instead of for the other printer. You can only port forward port 9100 to one destination at a time, so I would need to exit from the prior SSH connection first, if I was already port forwarding port 9100 to the other printer.

[/os/os-x] permanent link

Wed, May 12, 2010 8:48 pm

Detecting Altered Images

If you see an image posted somewhere on the Internet or have one sent to you by email that you suspect has been " photoshopped", i.e. digitally altered, are there any methods that will assist you in making that determination? There are indeed methods and tools to assist you. If the image is a jpeg image, you can upload the image or submit the URL for its location on the web to the Image Error Level Analyzer. Additional information on how to detect "shopped" images can be found at Body By Victoria and Photoshopping and Digital Forensics.

[/os/windows/software/graphics/adobe/photoshop] permanent link

Fri, May 07, 2010 8:13 pm

Burning an ISO File to Disc Under Linux

To burn a .iso file to a disc, you can use the cdrecord command under Linux, if you have the cdrecord package installed. E.g., cdrecord -v slax-6.1.2.iso. The -v option, increments the general verbosity level by one. This can be used to display the progress of the writing process.

CDRecord is a command line CD/DVD recording program. Cdrecord is an application for creating audio and data CDs. Cdrecord works with many different brands of CD recorders, fully supports multi-sessions and provides human-readable error messages.

[/os/unix/linux/utilities/cd-dvd] permanent link

Mon, May 03, 2010 5:01 pm

Creating a Firewall Rule in a NetScreen Firewall from the Command Line

To create a firewall rule to allow traffic for a custom service, e.g., SSH on a nonstandard port, through the firewall, you can create the custom service and a policy, aka firewall rule, associated with the policy.

You can use the get policy command to obtain a list of existing policies, aka firewall rules.

ns5xp-> get policy
Total regular policies 1, Default deny.
    ID From     To       Src-address  Dst-address  Service  Action State   ASTLCB
     1 Trust    Untrust  Any          Any          ANY      Permit enabled -----X

You can use the get service command to obtain a list of existing services. You will see the standard services, e.g., SSH, TELNET, TFTP, etc., as well as any custom services you've created.

Let's asume I want to use port 1222 for SSH connections to a system named Server1, which is on the trusted side of the firewall with IP address In this case the firewall is not using Network Address Translation (NAT). I could use the following commands:

set address trust "Server1" "Web server #1"
set service "Server1 SSH" protocol tcp src-port 0-65535 dst-port 1222-1222
set policy id 2 name "Server1 SSH" from "Untrust" to "Trust" "Any" "Server1" "Server1 SSH" permit log count

With the set address command, I indicate that the system is on the trusted side of the firewall and that I want to associate the name Server1 with the IP address for the system, which is Since the name is associated with one specific IP address, I use a subnet mask of I then add a comment about the system, i.e., "Web server #1" in this case.

I then create a custom service, which I name "Server1 SSH". It uses the TCP protocol. I don't care about the source port, but the nonstandard destination port I am using for SSH is 1222. I put in 1222-1222 for the port range, since I'm just using one port.

For the above policy, I'm assuming that there is no existing policy id 2, so I'm using that for the policy number. After the policy id number is specified, in this case 2, I specify a name for the policy to make its purpose clear, Server1 SSH in this case. I then specify the direction of the data flow, which is from "Untrust" to "Trust". I want to allow any source IP address to connect, so I use "Any" for the source and then use "Server1", which is the named address I created with a prior command, for the destination. I then specify the service. If it was for SMTP email, I could have used SMTP, but, in this case, I'm using the custom "Server1 SSH" service I set up with a prior command. I then specify permit, since I want to permit the traffic, not block it. I've also chosen to log the traffic and count the packets.

If I don't want to make any further changes, I can use the exit command. I'll then be prompted as to whether I want to save the changes I've made.

ns5xp-> exit
Configuration modified, save? [y]/n y

If I want to view the service and policy I created, I can use the get service and get policy id commands.

ns5xp-> get service "Server1 SSH"
Name:       Server1 SSH
Category:   other          ID:  0   Flag:  User-defined

Transport    Src port     Dst port   ICMPtype,code  Timeout(min) Application
tcp           0/65535  47050/47050                        30        

ns5xp-> get policy id 2
name:"Server1 SSH" (id 2), zone Untrust -> Trust,action Permit, status "enabled"
src "Any", dst "Server1", serv "Server1 SSH"
Policies on this vpn tunnel: 0
nat off, url filtering OFF
vpn unknown vpn, policy flag 0000, session backup: on
traffic shapping off, scheduler n/a, serv flag 00
log yes, log count 1, alert no, counter yes(1) byte rate(sec/min) 0/0
total octets 0, counter(session/packet/octet) 0/0/1
priority 7, diffserv marking Off
tadapter: state off, gbw/mbw 0/-1
No Authentication
No User, User Group or Group expression set

Additional information on creating firewall rules can be found in Juniper Network's Concepts & Examples ScreenOS Reference Guide Volume 2: Fundamentals.


  1. Concepts & Examples ScreenOS Reference Guide Volume 2: Fundamentals
    Juniper Networks

[/security/firewalls/netscreen] permanent link

Sun, May 02, 2010 9:00 pm

Streaming Video to a Wii Using TVersity

I installed TVersity 1.8 Beta software to stream video stored on a Windows 7 PC to a Wii today. TVersity is free software that allows one to stream video and music from a Windows PC to console systems, such as the Wii, Xbox 360 and PS3.

[ More Info ]

[/os/windows/software] permanent link

Once You Know, You Newegg AliExpress by

Shop Amazon Local - Subscribe to Deals in Your Neighborhood

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo