pavement

Masquerading as a Commercial User

From FreeBSDwiki
Revision as of 18:04, 6 August 2012 by 173.88.199.104 (Talk)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Masquerading as a Commercial User

Masquerading as a commercial user is a way for a 24/7 DSL or cable home user to host their own SMTP mail server and web server.


There is a way for non-commercial users to masquerade as a commercial user on the public Internet. The success of masquerading is based totally on whether their ISP has blocked email port 25 and web site port 80 from public Internet access for the ISP's non-commercial users. Sometimes the blocked ports are stated in the ISP's customer usage agreement contract. If you ask the ISP's technical support people it will only give them cause to monitor your account. So what I am saying here is, it may work or may not. If you're caught by your ISP they can terminate your account with them, but since they do not take legal action because the legal costs far outweigh the actual cost of the damages, what do you care, just sign up with a different ISP.

There are no rules or regulations which prohibit a non-commercial user from acquiring an official registered domain name for themselves. Anybody can get a registered domain name. You have to use an official domain name registrar. Each country in the world has one or more commercial companies that are authorized to register the domain name of your choice for a yearly fee. In the USA I use http://www.enom.com/ .

Generally your domain registrar has Internet applications where you can forward your domain name email to your ISP email account or forward all www port 80 requests to your public domain IP address.


The problem is the registered domain name has to be associated with an IP address that points to the non-commercial user 24/7 (IE: that’s 24 hours a day 7 days a week). Non-commercial users get dynamic IP addresses which can change at any time. So you need some way to automatically determine when your dynamic IP address has changed and update your domain name to point to the new IP address. There are services on the public Internet which provide dynamic DNS. They manage your domain name on public domain name servers and you can update the IP address associated with your domain name automatically by using a program that runs on your FBSD system. The following companies provide this service free of charge.

http://www.zoneedit.com/ http://www.dyndns.org

http://www.no-ip.com/ http://www.technopagan.org/dynamic/

FBSD contains a package application to monitor your IP address to see if it has changed, and if it has, it submits an update request to the dynamic DNS service you are using to update your domain name's IP address with the new IP address.

See http://www.freebsd.org/cgi/ports.cgi?query=ez-ipupdate&stype=all


Verifying Ports 25 & 80 Are Open
Before going through all the effort of installing and configuring sendmail and Apache web server, it would be nice to verify that your ISP is not blocking the STMP port 25 and the www port 80. Since you would have to install and configure the Apache server before the port 80 would answer to public requests, an easier approach is needed. You can change the port telnet uses (23) very easily to port 80 so there is an application to respond to port 80 connection requests. This is how you do it.

On the gateway system you want to masquerade as a commercial user:

Edit the /etc/services file. It contains a list of all the ports and the service names that use each port number.

Locate the HTTP 80 statements and comment them out.

Locate the telnet 23 statements and comment them out.

Copy the telnet tcp 23 statement and change the 23 to 80 and uncomment the statement.

Remember what you did, because after your test you will have to put this file back to its original condition by deleting the statement you added and uncommenting the ones you commented out.

Edit /etc/inetd.conf and un-comment the telnet tcp statement.

Edit /etc/rc.conf and add these statement inetd_enable="YES"

Check your firewall rules to ensure that they allow ports 25 and 80 in from the public Internet.

Reboot your system to enable the changes.

Issue ifconfig and write down your current ISP assigned IP address.

Leave your system up.

Then from a friend's MS/Windows PC that uses a different ISP than you do, use telnet to connect to ports 25 and 80 on your gateway system to see if your ISP is blocking those ports. In the following telnet command xxx.xxx.xxx.xxx is the current public IP address of your gateway system.

Click on start, run.

Enter: C:\windows\command.com

When a native DOS window opens, enter:

telnet xxx.xxx.xxx.xxx 25

If your ISP is not blocking the sendmail port and your friend’s PC does not have a firewall blocking this port, you will get a connected message followed by the sendmail version banner message. Press the keyboard ctrl and ] keys at same time to close the sendmail connection, then enter quit to exit the telnet program.

telnet xxx.xxx.xxx.xxx 80

If your ISP is not blocking the WWW port, and your friend’s PC does not have a firewall blocking this port, you will get a connected message followed by the telnet login prompt. Press the keyboard ctrl and ] keys at same time followed by enter key to close the telnet session.

If you received the connected message from your system’s sendmail port 25, get a registered domain name and use ZoneEdit.com for dynamic IP address updates and point all your domain name email traffic to your sendmail server.

If you did not received the connected message from your system’s sendmail port 25, you can still get a registered domain name and use ZoneEdit.com for dynamic IP address updates and forward your domain name email traffic to your ISP email account.

If you received the connected message from port 80, install the Apache web server application on your gateway PC, get a registered domain name, use ZoneEdit.com for dynamic IP address updates and point all your WWW traffic to your Apache web server.

If you did not receive the connected message from port 80, you can still get a registered domain name and use ZoneEdit.com to redirect all your domain name WWW traffic to a different port number, install the Apache web server application on your gateway PC and configure Apache to listen on the different port instead of the default port 80.


Masquerading Using ZoneEdit
ZoneEdit is not a domain name registrar. They provide DNS network management services. They have a national network of DNS (domain name system servers) and have an online control panel for easy user self-management of their own officially registered domain names. Their environment provides a method utilizing the dynamic IP address and web page redirection to enable the user’s public domain name to function like a commercial user. Their service is free of cost for the first 5 domain names with each one being allowed 1,000,000 DNS queries before you have to pay $10.95 for the next million DNS queries. If you have that kind of activity you must be selling something that everybody wants and for sure can afford the $10.95. ZoneEdit does not apply any banners or other form of advertising to the traffic passing through them like some of the other companies that offer the same services. The public Internet users that go to your web site don’t even know they passed through ZoneEdit.

Typically a commercial user has a 24/7 Internet connection with a range of static IP addresses assigned by their ISP. Their IP addresses never change. Their officially registered domain name points to the static IP addresses permanently.

Cable and DSL users have the a 24/7 Internet connection just like a commercial user. They can register their desired domain name if it’s not all ready taken with an official registrar which will permanently associate the domain name with whatever IP address their told. Normally the official registrar has online management menus which, at a minimum, allow you to forward your domain's email to your ISP email account, direct all web site requests to a provided pre-fabricated parking web site, and change the DNS servers that control your domain name's presence on the public Internet from the official registrar DNS servers to any other DNS servers you want.

The problem the non-commercial cable and DSL users have is their IP address is not static. Instead, they get assigned dynamic IP addresses by their ISPs. This means it can change every time their cable or DSL modem is powered off and back on, or if their ISP uses DHCP to assign dynamic IP address automatically, it can change at boot time or periodically when the DHCP lease is renewed. When this happens the registered domain name no longer points to the correct IP address and people on the public Internet can no longer reach the web site. To get back online they have to use their official register’s on-line menus to manually change the permanent IP address and wait while the new domain name / IP address combination is distributed across the national DNS server network before people can find them again.

What ZoneEdit does for you is act as your intermediary by being the permanent IP address for your domain name, and then providing the ability to redirect all email and web traffic directly to the dynamic IP address which is currently assigned to you. In this way, your sendmail email server and apache web server receives the traffic. You would use a simple program on your system that executes at boot time and every time your ISP renews your DHCP lease to inform ZoneEdit of your current IP address. This allows you to always have a relationship between your public Internet official domain name and the IP address which is assigned to you.

Now, because many ISPs block the email server port number 25 and the web site port number 80, the previously described situation no longer helps you. To combat this, ZoneEdit has additional options: email forwarding, and web site redirection which address the ISP blocked ports issue.

Currently, ZoneEdit does not have any way to redirect your domain name email to a different port number instead of port 25 so it can reach your domain name email server. They do have a facility where you define your domain name email users and the email address at your ISP’s email server where you want the email forwarded to.

The ZoneEdit Web site redirect facility is the key to circumventing the blocked port 80 problem. All your domain name web site traffic for port 80 that arrives at ZoneEdit for you is redirected to a different port number at the dynamic IP address which designates your location. It takes the combination of two different ZoneEdit facilities to achieve this: Dynamic IP address update and web site redirection.


Configuring ZoneEdit
First you need to register your desired domain name with an official registrar. In selecting an official registrar the registration cost and yearly renewal costs should not be your only selection criteria. If they do not offer an on-line management menu which allows you to forward your domain's email to your ISP email account, direct all web site requests to a provided pre-fabricated parking web site, and allow the changing of the DNS servers that control your domain's presence on the public Internet from the official registrar DNS servers to any other DNS servers you want, then look for a different official registrar. In the following discussion the example ‘fbsdjones.com’ is the new officially registered domain name.

Go to www.zoneedit.com. In the upper right corner of the screen is the sign up link. Click on this and fill out the form. After completion you have to wait for an email from ZoneEdit with your login ID and password which gives you access to their online management menu application.

After receiving your email from ZoneEdit which takes less that 30 minutes to happen, go back to the same URL and this time on the upper left is the LOGIN link. Click on that and a window pops up. Enter the login ID and password contained in the email. The first thing to do is change that password to something you can remember easily. At the top of the screen is the menu bar. Click on ‘User Options’. On the screen that pops up change your password and set the default email address you want to use as the target to forward your domain name email users to. When finished, click on ‘Add Zones’ from the menu at the top of the screen.

At the top of the ‘Add Zones’ screen is a white window which you are to type in your domain name. Enter fbsdjones.com and click on the ‘add zone’ button. It goes and does a lookup on the domain name you entered to see who it’s registered to and displays that information. Scroll down to the end of the screen and click on the ‘Start editing zone’ button.

You're now presented with the ‘Edit Zone’ screen. If you want to set up records to forward you domain email to your ISP email account. Click on the ‘MailForwards’ highlighted link and follow the instructions. That’s real easy to do.

If you are also interested in redirecting all public web site traffic for your public Internet domain name ‘www.fdsdjones.com’ and ‘fbsdjones.com’ to your dynamic IP address using a different port number. Click on the ‘WebForwards’ button.

On the WebForwards screen:

   enter www in the new domain window 

and

   http://ww2.fbsdjones.com:6080/ in the redirects to window. 

The 6080 is the port number your web server should be configured to be listening on. Do not select cloaked, or when one of the many Internet search robots come to your domain name site to collect the meta tags which you painstakingly added to each web page so you get indexed the way you want to in their search engine, your site will not be scanned and all that work will be for nothing. It’s not important here what your domain name is. It’s the www to ww2 and the :xxxx port number which is very important here. You can select any port number you want between 6000 and 9000. The important thing about the port number used is that you configure your web server software to listen on that port number instead on the default of 80. Click on the ‘Add New’ button. A confirmation screen pops up. Select yes to the question about both ‘fbsdjones.com’ and ‘www.fbsdjones.com’ to be forwarded.

At the top of the screen, click on the ‘IP Address (A)’ link. When that screen shows up, this is where you associate your currently assigned dynamic IP address to the name of the web site you previously specified as the redirect target on the ‘WebForwards’ screen. That would be ‘ww2.fbsdjones.com’. So in the name window type ‘ww2’. In the ‘Numeric IP’ window enter your currently assigned dynamic IP address if you know it. If you do not know it, that’s not important right now, so enter 10.0.10.2 just to pass the syntax check and click on the ‘Add new IP address’ button. Answer yes to the confirmation question.

At the top of the screen click on the ‘Add Zones’ link. After that screen displays, click on the ‘Edit Zone’ link and you will get a small box with "Choose Zone’ in it. Click on your zone to get the full zone display screen below. This screen shows all the configuration you did. It should look like this.



What this means is that your public Internet domain name ‘fbsdjones.com’ and the FQDN (IE: fully qualified domain name) ‘www.fbsdjones.com’ has a permanent IP address which directs all the traffic to ZoneEdit. When any traffic arrives for your domain name, ZoneEdit reads the Zone configuration records you built for your domain name and redirects the traffic to ww2.fbsdjones.com with the port number 6080, using the IP address in the IP address field. Email traffic for the specified users is forwarded to your specified ISP email account or accounts.

Now here is the real power and conveyance of using ZoneEdit. The 10.0.10.2 IP address value contained in the ZoneEdit IP address field in the about screen shot can be updated with your current dynamic IP address by your computer executing a simple program.

FreeBSD has a few different specially coded applications in the ports/packages collection to perform this function. I chose the wget application.

pkg_add –rv wget

will download the package and install it. When the install completes, issue the rehash command. This is the format to the wget command to use:

wget -O - --http-user=username --http-passwd=password \ 'http://dynamic.zoneedit.com/auth/dynamic.html?host=ww2.fbsdjones.com'

Put your ZoneEdit issued user ID and your password in the appropriate fields.

Create an /etc/dhclient-exit-hooks file and put the wget command in it. The contents of this file is executed whenever dhclient is run, and the wget command will automatically update your ZoneEdit dynamic IP address.

How this works is the wget command is really issuing a web page request to ZoneEdit's special dynamic IP web site. The packet containing this request also carried the IP address of the requester (IE: your current dynamic IP address). The ZoneEdit special web site captures the requester IP address and updates your zone configuration IP address record with it.

The above wget command displays the result message to the screen and it gets lost. It’s a good idea to log those messages, and you can do that be changing the wget command so it looks like this:

wget –a /var/log/zoneedit.log \ --http-user=username --http-passwd=password \ 'http://dynamic.zoneedit.com/auth/dynamic.html?host=ww2.fbsdjones.com'

You have to create that log like this:

touch /var/log/zoneedit.log

Also add it to newsyslog.conf so it gets archived.

Personal tools