Tip:
Highlight text to annotate it
X
this is the Linux user group
and today we talk about Linux, Internet
ports, and firewalls. Linux is a free and open source operating system. It
was written by
Linux Torvalds in 1991 and since then it's been
community developed and it's become
the most popular server operating system and it runs more than 95 percent of the
world's fastest 500 supercomputers
and it's the leader in cloud computing
[inaudible]
mmm and it runs on almost every embedded device on the planet
like Android phones and tablets network routers and smart TVs
So and the reason Linux is so popular
is the reduced operating system cost, it's free
and since its open source
and people constantly make changes to it you get more performance and stability
it's more secure and it's more customizable to your needs so for
embedded systems
known you can adapt it to your device
now the Internet is a network of computers
all over the world and the most commonly used things on the internet are the worldwide
web
and email and peer to peer services like
file sharing but most services use the
client server model especially like the world wide web and email they
both work on the client server model
but in a client server model you have a client
it sends a request to a web server which sends an appropriate response back to
the client
and at all travels through the internet all this communication
so on internet addressing
I'll I'll compare it to the postal address system to make things
a little clear so a domain name is
like Google dot com that's like the name of
a building let's say Centennial court is a building that I know
and IP addresses the building's
actual street address so that may be two hundred Mitchel street or something
so I'm sorry a building's
yeah and an IP address is usually a set of four numbers so
you must have IP addresses all the time and
the protocol it it's like a virtual
sub address within that now for that
so the IP address points to a machine and the port
points to a virtual end point inside that machine and it's it's like an
apartment number inside the building
so
the domain name is is a well-known registered name for that
say so google.com yahoo.com these are all
registered domain names and like you said you cannot just pick a name you have to
pay for it
the registration agencies you have to pay
as much as from ten dollars a month to thirty dollars on
sorry ten dollars a year to thirty dollars an year
to reserve a name for you and then
when you when you run a server
you have an IP address the their DNS service
will map that name to that IP address address
so is google.com a single powerful machine
yet it it's going to be a whole bunch of computers
for a large website it's usually multiple IP addresses
running multiple
servers at different locations because they want to speed up access to that
thing
so in every geographical region its running
a copy of the web server and anytime somebody requests google.com
they automatically determine the closest one and send you to that address
for smaller websites it is usually a single IP
so if I'm running a personal website
then it'll just be a single one to one mapping and so the DNS services just like
yellow pages
so if you if you look up
the name of this building is the ERB that's what anybody
knows it by and if you want the street address you look at the yellow pages or
something like that so
DNS works just like that now
a server is a machine connected to the Internet
it could be running more than one service at the same time
so it could be offering both world the
web page service and an email service but
we talked about ports
so the world wide web services offered through port 80
and the email services is served through port 25
and so ports are a virtual concept so when you
plug in a cable to your computer you are getting an IP address
for that computer you not getting a port so ports are a virtual
connection end point in your computer and
that that helps keep data separate and so it'll keep the
the worldwide the HTTP traffic separate from the email traffic
again back to the postal example so in this building there are two departments bio
engineering and CSE
and bioengineering is operating from the second floor and CSE is
operating from the 6th floor and that's like port numbers in the computer
by looking at the floor number you can
direct mail to the correct department
so what makes the server different from a normal computer
a server is running a special program
to handle user requests so if you want to run a web server
you'll be running a program called apache or nginx
which run all the time and they listened to port 80
because that the standard port for HTTP
so it's always running it's always listening for data on that connection
email programs like sendmail they listen on port 25
and that's how a single website a
webserver is able to do multiple things it can do
web it can do email it can do many things so
on the client like on our laptops on our personal computers
we run client software so for accessing the world web them
we use a web browser like Firefox Chrome Opera and email clients like thunderbird
and out
look so for every new connection
the client has to you crea use a new port a fresh port
and it cannot use one of those standard ports right because those are reserved
so it picks a random number beyond
thousand 24 any random number because
an outgoing connection must also have a port number incoming connections need a
port number ongoing connections need the port num
so it will randomly pick up or and it will transmit data
from that port to port 80 of the web server
because the server is always listening on port 80
the google.com web sever so my
local port might be 5357 but that connects to port 80 of the web so
same thing for email the email program will use a
a different random port and but will connect to port 25 on the email server
so this lets multiple connections to occur to the same server
and the server it
responds to the same port from which the request came if the request came from
port 5357 for a web page it will send the web page back to the same
and this is a figure explaining the same thing so
if I open Firefox and one tab accesses google.com
since it since a new connection it'll randomly pick a port number
and connect to port 80 of google.com if I open another tab and I access
yahoo.com it will again
open a random port and connect to port 80 of yahoo.com servers
and if I'm trying to send an email again a random port but connected to
port 25 of the email server
so so the client is able to handle multiple connections
because using port the data doesn't get mixed up
that's the advantage so
Linux as we said it's it's very popular as a web server
why because its robustness it has become really stable
you can run it for 24x7 so I have a Linux machine in my lab
running for
133 days and
and it's never crashed in things nothing wrong with it
so and the other reason is it
it's free and there is a bunch of free software than that integrates really
well
and lets you so very complex website and google.com needs
HTML it needs dynamic pages
it needs databases so we have
a free web servers like Apache Nginx
we have PHP available for free we have MySQL for databases
so it makes a very good combination that's free
yes so if you want to a set up a basic static website like you said
all you need is a Linux computer and install apache
or Nginx package
and just go through configuration if you see
if there is anything to be configured but the default installs in both
these are good enough you know they they work out of the box
but you can still take a look and then save your web content in the designated
folders so
the website thats supposed to be sent to
clients requesting the website that those files need to be at a particular
location
and that's determined by the configuration
and once if this set up and running
you can give your IP address to other people and they can just
type in the IP address in their web browser and they'll see the website
so I'll I'll try to do. Whats the difference between Apache and Nginx?
yes so Apache is a very old and
Nginx is new but its optimized for size and speed
it it can serve smaller website
but a bigger website with millions of users and millions of threads
so as the number of
you know parallel users grows the program needs to be stable enough to handle all the that
so
apache is good at that but it can be slow and it will use a lot of you memory
but Nginx is very small and runs quickly
but it cannot handle too much traffic
for smaller website people have started adopting that one
if I wanted to install apache on my Machine home I'd just say sudo
on ubuntu or Debian machine this is the command apt
get install so the packages name is apache 2
and I already have it installed so
it won't do anything and then
it says look at the configuration files but like I said the configuration is
all set you don't need to do anything
you can just one thing to know is that
apache needs all the files to be in this folder
slash var slash WWW so
this particular location is the default location for apache
web pages so if I look for files in this folder
film
no yeah three Ws and
so I have an index.html thats the default page that is returned
has been the so in my web browser if I
and just to make sure apache is running I'll say
sudo service apaches tart
it's probably already running so nothing happened I can go here and I can
type so if if you're running
if you're trying to access a service on your own machine you have to
use the address called local host
as the local post and this is this is the default web page served by this web server
this is making
a request to my local web server an the server is returning this page so I
have another another page saved at that location
so what this means is you can add content to that folder
and it shows up here so I called it new
index dot html so thats another page
that I wrote so this is being served from my laptop running apache
so this is a I
in in this this is listed all the content needs to be in this
slash var slash WWW folder so I created a file new index.html or
or I can just replace the old one eventually you will want to replace the
old one
and you can just write the html code inside that page
so very simple html page and I have an image file there
that shows a that's all you need to do
to get a web server running
yeah and now
now I I can figure out my IP address and I can give you my IP address
so try try to accessing
dot dot
so we saw that he was able to access this website on this
computer
knowing the IP address but
umm the thing is this this this isn't easy although all the time
so it worked now but it may not work
and while the reasons for failure is a firewall
which might be blocking this connection or sometimes
a there is something called network address translation going on
that if you're behind a router that you have to configure first
and over here so
right now I'm using an ethernet cable plugged into my laptop
if I was connected on the wifi this wouldn't work again because
wifi is a little insecure so UTA blocks
wifi devices from being servers or it blocks them from
other wifi device that's that's the thing it's called wifi client
isolation
so you cannot connect from one wifi device to another
but right now I'm using an ethernet cable so it worked out
so know whats fire wall
its its a piece of software that blocks
connections to ports and computer which are not supposed to be servers
so right now he uses his laptop for internet email
but normal people don't run web servers
so they shouldn't be having those ports open
so if anybody tries too access those ports from
out side the firewall ill block those attempts
and and the reason is open port are
a security risk saying you had an open especially in windows
um they have a lot of
services hidden services running which are listening on ports
and if you don't update your computer somebody will figure out a way to
to hack into the service so
but thats discussed in the security club you have
different types of attacks you can use to
and most of the time its buffer overflow attacks
you specify a string especially formatted string which
lets you become the root user and all those things
so anything that's acting as a server but is not being maintained is
a big big
security risk so many companies
block port 80 on the networks
and even UTA might block port 80but it doesn't right know
if they see your machine running all the time in
they run scans on all machines
at regular intervals if you look at your server's logs you see
a specific UTA machine trying to attack you in different ways to figure out
an vulnerability so if they find you
you have you know loopholes
they will block you and things like that so
right now we didn't have to do anything but sometimes
the firewall of your
the organization's firewall is blocking you and you cannot do anything about it
and you still want to run a website so what you can do is you can run your server
on on on a different port instead of running it on port 80
I can run it on 8080 the only problem is if somebody
tries to access that from their client their client will send a request to port 80
and they won't get anything back
so I have to tell the person that umm when you type in my IP address also
specify the port
port number so you'll have to type in the IP address then colon
8080 so many times you see that somebody gives you an IP address but
they also specify a Port
that's because they're trying to use a non-standard port to them
word
the default is eighty if you don't give a port number it will always try to
connect to port 80 and all big web servers
the web sites they are listening on port 80
should work but I'm saying in case you're port 80 is blocked so what can
you do
you can run your server at a different port but they are you will have to tell everybody
to connect to you aren't that different port static
so to make this change you can go to the
apache config file
so apache config files are in this world slash etc
slash apache 2
this is for storing the config files for the web server
so I i'm not going to do anything I'm just going to show you that they've been this way
today the phone call reports
but gone and it has a line Listen 80
so it will run continuously and listen
it alone don't miss the in this and that port 80 I can change it to
a different number and server will start listening at that
you have to restart the server for changes to take effect
and also in this file so it clearly says also change the port number
in this file also to make those changes and restart the server
it start listening a different port but right now we don't have to do this as UTA
is not blocking port 80
on my computer on so. What do you mean by a dynamic website?
so I'm saying that I use I didn't
go through installation of PHP and MySQL a dynamic website or something
where
the content is generated on the fly so
the may access different news sources
grab that data and generate a fresh page every time you go to the website
it will generate a fresh page for you in static websites you have to edit the
HTML code make a new
website and then upload it and that file will be serverd but for a dynamic
site
it's a scripted site
any big site will be a dynamic site
so another thing is is network address translation
so this comes into play because
most ISP's they give you one IP address
so we have an internet connection at home that but connection gets one public
IP address
but in your network you have five or six to devices you have
laptop your desktop your tablet your phone
your friends laptop so all of them are using the same public IP address
and there they might be accessing the same website but somehow all this works
so this is because the router does something called network address
translation
so no because
you cannot get every every device connected to the internet needs to have
an IP address
but you cannot have a valid public AP is because the ISP gave you just one
address you cannot
have the same address for all those devices so the router will
assign a random IP address you could say from my one of these ranges
if you are going to be connected to your home wifi and you look at the IP address you'll see
something like this 192.168.1.5
thats local IP address
so what happens is
now each machine will get a private local IP address of this form
and remember when you are trying to access a website from
from your computer again a random port is
picked and the client and that request first goes to the router and then
to Google.com at port 80 but what happens is
the router umm
it
it it doesn't use the same port number
it assigns another random port number
that's available and then sends the request to google.com
because um say you have another machine which also opens
connection to google.com and in this example it uses a different port
but what if it uses the same port again what if this also happened to use port
2700
then it'll be a conflict so the router every time it receives a request it changes
the
source port number to something else and and then sends a new request
and this is my public IP address this is what it looks like me
this is a normal address IP address and this is
something for things inside a LAN
to this is our network address translation
and on the server
so a web server you know it gets millions all requests from different IP addresses
but in this case it's the same IP address sending
multiple requests so but the
the server is able to look at the source port number because
the router used different port numbers for both connection
so it knows these are two separate connections
and even on
you know it uses things like cookies to differentiate between computers and
all that
but main thing is because of the unique source port number it's able to
will serve different
stuff to so if you're accessing this page it'll give you this page
and if you're accessing a different page you will get the different page
so when the request is coming back
so Google.com will send me response
from its port eighty back to the router's public IP address because
Google.com never sees your private IP address it
only sees the public IP address of the router and the source port so it'll send
back
a response to the same exact port different response to the different port
and when that router receives those packets that looks at the port number
and it has a table it says that
this port was assigned to this IP address
when it access information from this port so it it takes that information
coming on this external port to this machine's
port 2700 so so every time you you make an outgoing connection
so this this
so this mapping is saved by the computer support 2357 external
maps to this machine this port and later on it looks up that information and send
it to the correct machine
I am
now on all major router they also have a firewall built in because
we see that it's doing so much its
its is it's taking all the packets in and then that's changing the packet and
sending them so
the router has full control over what's coming and what's going on
so most routers by default when you buy them they have the firewall turned on
so which means they will block any unsolicited input
incoming packets so umm
and usually the outgoing connections are not limited because thats
that's not a security issue if you're trying to send something that's not it
security issue but if somebody is trying to connect to you that might be a hacker
trying to get min
so by default they are designed to block anything that's
that's not in the NAT table so if somebody tries to connect to port
80 on your computer that won't be in the NAT table
so it will block that connection that request
then because you're not running the web service but say if you are running a web
server on port 80 and you wanted people to connect you and
see your website you have to do something called port forwarding
so again this just says that you cannot have random incoming connections
to do to be able to serve a website you have to enable port forwarding
and this option is available on almost all routers
so what will happen is um on the external port 80 on the router
any traffic that comes in you can make the router send it to a particular
local IP address
so for example my machine one with this local IP address
I'm running a web server like I'm doing on my laptop right now Apache2 is
running in this listening on port 80
so anything that's come on that's coming on the external IP
on port 80 gets forwarded to this local machine at this IP so
this allows it to act as a server even though it's behind a firewalled router
its still able to do you know web servicing
and again outgoing connections are never blocked so
it to load will be able to reply so that's
going to work out and the router keeps track of everything on the
connection is coming
through this port and it keeps track of everything