Configuring BdtWebServer

Mono XSP is a lightweight and simple webserver written in C# which runs run ASP.NET applications.

To install Mono XSP run the following:

$ apt-get install mono-xsp2
$ apt-get install libmono-system-runtime2.0-cil

To ensure that XSP is properly installed you can install the ASP.NET 1.1 and 2.0 demo pages.

$ apt-get install asp.net2-examples
$ xsp2 --applications /:/usr/share/asp.net2-demos

When the server has successfully started, point your browser to http://localhost:8080 (the default port for XSP web server is 8080) to display the web page below:

ASP.NET Examples

If the following error is encountered:

System.InvalidOperationException: Standard output has not been redirected or process has not been started.

Run the following command to address the issue:

ln -s /usr/bin/gmcs2 /usr/bin/gmcs

Now the BdtWebServer is ready to be started:

xsp2 --port 8080 --nonstop --applications /:/opt/bdt.bin.1.4.3066.mono/BdtWebServer

--nonstop don’t stop the server by pressing enter. Must be used when the server has no controlling terminal.

Configuring BdtClient

Setting up the BdtClient to establish a connection to BdtWebServer is similar to BdtServer with the exception that the name attribute is set to BdtServer.soap in the service tag of the configuration file.

<service name="BdtServer.soap" .../>

Security Issue

When hosting the BdtWebServer application in a web server the BdtServerCfg.xml (which contains the username and passwords) will be exploit when you point the web browser http://my.server:8080/BdtServerCfg.xml.

To address this issue I setup XSP to integrate with Apache/mod_proxy by configuring the following Apache configuration to forbid access to BdtServerCfg.xml

    <Location /BdtServerCfg.xml>
        Order deny,allow
        Deny from all
    </Location>

    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    ProxyRequests off
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/

Finally, I setup a firewall to block port 8080 from public access.

Related posts:

1. HTTP Tunnel Through ISA Server
2. Building Mono from Source
3. SSH through HTTP Proxies

BoutDuTunnel is an open source project written in C# and is compatible with HTTP proxy servers, even if they use NTLM authentication (like ISA Server) and even if they prohibit the “connect method”.

To setup BoutDuTunnel on Ubuntu I had to install Mono.  When using Mono 2.0.1 or 2.4 an error occurred Unexpected binary element: 21 when running the BdtClient.exe. Therefore I installed Mono 1.9.1 by building it from the source.

Instead of installing the latest version of BoutDuTunnel, I installed 1.4.3066 because an error would occur on the BoutDuTunnel server moments after the BoutDuTunnel client connected to it.

Unhandled Exception: System.MethodAccessException: Method `Bdt.Server.Service.TunnelSession:CheckTimeout (Bdt.Shared.Logs.ILogger)' is inaccessible from method `Bdt.Server.Service.TimeoutObject:CheckTimeout (Bdt.Shared.Logs.ILogger,System.Collections.Generic.Dictionary`2)'

Setting Up the HTTP Tunnel

Setting Up BdtServer (on the home computer)

The BdtServer can be setup through the command line or hosted inside Apache/mod_mono.  To setup BdtServer with the command line extract the BoutDuTunnel and modify the BdtServer configuration file.

$ unzip bdt.bin.1.4.3066.mono.zip
$ cd bdt.bin.1.4.3066.mono/BdtServer
$ nano BdtServerCfg.xml

The configuration file is well commented and should be similar to the following:

Configure binary stream/HTTP as the communication protocol to be used.

<service
name     = "BdtServer"
protocol = "Bdt.Shared.Protocol.HttpBinaryRemoting"
port     = "8080"
/>

Require user be authenticated before establishing a communication.

<users>
<username
enabled  = "true"
password = "password"
/>
</users>

To start up BdtServer execute the following:

$ cd bdt.bin.1.4.3066.mono/BdtServer/
$ mono BdtServer.exe

Setting Up BdtClient (on the office computer)

There are two types of client available for BoutDuTunnel:

• BdtClient run by the command line
• BdtGuiClient which provides a GUI interface

To setup BdtClient modify the BdtClientCfg.xml configuration file.

Configure hostname and communication protocol for server with BdtServer.

  <service
    name     = "BdtServer"
    protocol = "Bdt.Shared.Protocol.HttpBinaryRemoting"
    address  = "my.server"
    port     = "8080"
    username = "my.username"
    password = "my.password"
  />

Configure the proxy/ISA server to be used.

  <proxy
    enabled  = "true">
    <authentification
      auto     = "false"
      username = "proxy.username"
      password = "proxy.password"
      domain   = "proxy.domain"
    />
    <configuration
      auto     = "false"
      address  = "proxy.hostname"
      port     = "proxy.port"
    />
  </proxy>

Configure the ports to be forwarded.

  <forward>
    <port22
      shared  = "false"
      enabled = "true"
      address = "my.ssh.server"
      port    = "22"
    />
  </forward>

Run the BoutDuTunnel client to establish a tunnel connection to the BdtServer.

C:\bdt.bin.1.4.3066.mono\BdtClient>BdtClient

Now a SSH connection can be establish to your home computer by connecting through localhost:22

Related posts:

1. Installing BoutDuTunnel Server on Mono XSP
2. SSH through HTTP Proxies
3. Surfing the Web using SSH Tunnel

The first requirement is to have a remote host running an SSH server. e.g. a box at home running OpenSSH. Then, you need to have an SSH client installed on your local machine, for Windows you can use PuTTY.

Establish an SSH tunnel using PuTTY:

Create a new PuTTY session

Run PuTTY and create a new session to connect to the remote host. Fill in the hostname, the port (usually 22), make sure SSH is checked.

Configure the Secure Tunnel

Click on “Tunnels” on the left panel to set up dynamic fowarding for a local port. Under “Add new forwarded port” type in the port number (e.g. 4080) for the source port, leave the destination blank, and check Auto and Dynamic. Then click the “Add” button. You should see D4080 listed in the “Forwarded Ports” box.

Establish an SSH tunnel on Linux:

Use the following command:

$ ssh -D 4080 username@remote_host_server

The tunnel is created when you login to the SSH server.

Configuring Your Web Browser:

To use the SSH tunnel as a SOCKS proxy you need to change the connection settings in the browser.

In the Firefox Connection Settings:

• Check “Manual Proxy Configuration:”
• Fill in 127.0.0.1 for the “SOCKS Host:” and 4080 for “Port:”
• Check “SOCKS v5″

Once everything is done you are now surfing the web securely.

Related posts:

1. SSH through HTTP Proxies
2. Remote Desktop with SSH Tunneling
3. HTTP Tunnel Through ISA Server

To create a HTTP tunnel I chose to use the GNU HTTP Tunnel software which does the work to encapsulate TCP into HTTP requests. For the Windows platform a binary version is also available

Setting up the tunnel

On the home computer (server):

Install the GNU HTTP Tunnel with the following command:

$ apt-get install httptunnel

Start the HTTP Tunnel server:

$ hts --forward-port localhost:22 8080

Here the HTTP Tunnel server receives HTTP requests through port 8080, decapsulates and re-assembles the ssh stream and forwards it to port 22, the SSH server.

On the office computer (client):

Start the HTTP Tunnel client:

$ htc --forward-port 900 --proxy OfficeProxy:8080 HomeComputer:8080

Here the HTTP Tunnel client listens on port 900 for a ssh stream, as well it establishes a TCP connection which can pass data back and forth to the home computer through the HTTP proxy.

If the proxy requires authentication, add --proxy-authorization username:password to the htc command line.

Finally to establish a SSH connection run the following:

$ ssh username@localhost:900

For information: Punching holes into firewalls

Related posts:

1. HTTP Tunnel Through ISA Server
2. Surfing the Web using SSH Tunnel
3. Installing BoutDuTunnel Server on Mono XSP

Remote Desktop is very convenient, it suffers from to flaws: Although the connection uses 128-bit encryption, it still has the man-in-the-middle vulnerability where the traffic can be decrypted along the way. The default port of Remote Desktop is also 3389 which in most circumstances is blocked by firewalls in the network.

A solution to these flaws is to use Remote Desktop through a SSH tunnel.

SSH Server

The first requirement is to have an SSH server existing on your network. If you already have a Linux server like Ubuntu then you can install OpenSSH. However, if you only have computers with Windows then you can install copSSH.

Port Forwarding for SSH

To access the SSH server from a remote location you need to do port forwarding on port 22 through any firewall and router.

Enabling Remote Desktop

To enable Remote Desktop on Windows XP, right click on “My Computer”, and select “Properties”. Under the “Remote” tab check the box “Allow users to connect remotely to this computer”. The Remote Desktop user will require a password associated with the account.

Connecting to the SSH Server

To connect to your SSH Server remotely requires knowledge of your public IP address. This can be checked easily using the website http://checkip.dyndns.org. If you are using an ISP that provides you with a dynamic IP address, then you can setup a free account with No-IP http://www.no-ip.com or DynDNS http://www.dyndns.com where they can provide you with a fully qualified domain name.

Install/Configuring PuTTY

To open a SSH tunnel from the remote computer to your SSH server, you need to install PuTTY http://www.chiark.greenend.org.uk/~sgtatham/putty on the remote client computer. Open the application after installation is completed.

1. Expand “SSH” under “Connection”, and then go to “Tunnels”.
2. Under “Add new forwarded port:” enter a port number beside “Source port” e.g. 3390
3. Beside “Destination” enter your computer name or computer local IP address along with the port for Remote Desktop 3389 e.g. 192.168.1.10:3389, and click on the “Add” button.

Use a different Source port for each additional Remote Desktop host PC.

To improve traffic click on “SSH” under “Connection”. Check the box “Enable Compression”

Click on “Session” and under the “Host Name (or IP address)” enter the public IP address or a fully qualified domain name of the SSH server PC. Enter a unique name in the “Saved Sessions” window and click on “Save”. Click on “Open” and login to the SSH server with the appropriate user and password information.

SSH Tunneling the Remote Desktop session

Establishing a Remote Desktop connection through SSH tunnel is accomplished when PuTTY is started and the user has logged on to the SSH server. To Remote Desktop from the client computer, on the client computer go to “Start” > “All Programs” > “Accessories” > “Communications” and select “Remote Desktop Connection”. In the “Computer:” textbox enter “localhost:3390″, and click on the “Connect” button.

Related posts:

1. Remote Desktop on Ubuntu
2. Remote Desktop on Xubuntu
3. Portable Remote Desktop Client for Windows