1. Forum
  2. SciNet
  3. SCINIX

  • BBS Hosting & Port Opening

    From Shitty@77:1/100 to All on Mon Dec 14 13:37:24 2020
    Thanks for all the tips on good web hosts for my BBS!

    I went with OVHCloud because I like the way they advertised their prices. (No hourly jargon!)

    I set myself up with Ubuntu 18.04 & VestaCP. I got my BBS domain configured properly (I'm able to serve web pages) and now I'm almost ready to run the BBS on there.

    I got stuck on something though: I ran MIS server, but when I try to connect with a telnet client it doesn't connect. There's nothing in the mis log either. The mis screen remains unchanged when I try to connect, so something is up. Does it seem like I don't have my port open? (23?)

    I tried to open it up like this:
    sudo ufw allow 23/tcp
    (But that didn't work - I still couldn't connect.)

    It seems like the port is open - what else can I check?

    Thanks.

    --- Mystic BBS/QWK Gate v1.12 A47 2020/11/23 (Linux/64)
    * Origin: % disksh0p!bbs % bbs.diskshop.ca % SciNet ftn hq % (77:1/100)
  • From Nelgin@77:1/119 to Shitty on Mon Dec 14 12:48:15 2020
    Shitty wrote:
    Thanks for all the tips on good web hosts for my BBS!

    I went with OVHCloud because I like the way they advertised their prices. (No hourly jargon!)

    I set myself up with Ubuntu 18.04 & VestaCP. I got my BBS domain configured properly (I'm able to serve web pages) and now I'm almost ready to run the BBS on there.

    I got stuck on something though: I ran MIS server, but when I try to connect with a telnet client it doesn't connect. There's nothing in the mis log either. The mis screen remains unchanged when I try to connect, so something is up. Does it seem like I don't have my port open? (23?)

    I tried to open it up like this:
    sudo ufw allow 23/tcp
    (But that didn't work - I still couldn't connect.)

    It seems like the port is open - what else can I check?

    Thanks.

    --- Mystic BBS/QWK Gate v1.12 A47 2020/11/23 (Linux/64)
    * Origin: % disksh0p!bbs % bbs.diskshop.ca % SciNet ftn hq % (77:1/100)

    Make sure it's bound to port 23? netstat -anp|grep :23 shoudl do it.
    If it's not installed then ss -tulwn|grep :23
    --- SBBSecho 3.11-Linux
    * Origin: End Of The Line BBS - endofthelinebbs.com (77:1/119)
  • From Warpslide@77:1/156 to Shitty on Mon Dec 14 14:58:10 2020
    On 14 Dec 2020, Shitty said the following...

    I got stuck on something though: I ran MIS server, but when I try to connectwith a telnet client it doesn't connect. There's nothing in the
    mis log either.The mis screen remains unchanged when I try to connect,
    so something is up.Does it seem like I don't have my port open? (23?)

    I had to run sudo ./mis daemon for it to listen on port 23.

    I believe you need to be root to run servers on ports < 1024 if I'm not mistaken. Not sure if that's the case here?

    Jay

    --- Mystic BBS v1.12 A47 2020/11/23 (Raspberry Pi/32)
    * Origin: Northern Realms (77:1/156)
  • From Shitty@77:1/100 to Nelgin on Mon Dec 14 15:16:14 2020
    Make sure it's bound to port 23? netstat -anp|grep :23 shoudl do it.
    If it's not installed then ss -tulwn|grep :23

    Thanks, I tried this, but mis server is still not answering the connection.

    --- Mystic BBS/QWK Gate v1.12 A47 2020/11/23 (Linux/64)
    * Origin: % disksh0p!bbs % bbs.diskshop.ca % SciNet ftn hq % (77:1/100)
  • From Shitty@77:1/100 to Warpslide on Mon Dec 14 15:20:20 2020
    I had to run sudo ./mis daemon for it to listen on port 23.

    I tried that but I got a bunch of errors pertaining to "Missing files" in the data directory, and "Cannot access/does not exist." I've never
    used the daemon parameter, but I will read up on this and thank you for that clue.

    I believe you need to be root to run servers on ports < 1024 if I'm not mistaken. Not sure if that's the case here?

    I have root access now, with my new server.

    --- Mystic BBS/QWK Gate v1.12 A47 2020/11/23 (Linux/64)
    * Origin: % disksh0p!bbs % bbs.diskshop.ca % SciNet ftn hq % (77:1/100)
  • From ryan@77:1/128 to Shitty on Mon Dec 14 12:42:14 2020
    sudo ufw allow 23/tcp

    After this, you still have to reload ufw to make the change take effect.

    --- Mystic BBS v1.12 A46 2020/08/06 (Linux/64)
    * Origin: monterey bbs (77:1/128)
  • From Shitty@77:1/100 to ryan on Mon Dec 14 16:33:40 2020
    sudo ufw allow 23/tcp

    After this, you still have to reload ufw to make the change take effect.

    Thanks for that tip - When I tried to reload it, I found out that "Firewall not enabled." So now I'll assume that my problem isn't a firewall issue.

    --- Mystic BBS/QWK Gate v1.12 A47 2020/11/23 (Linux/64)
    * Origin: % disksh0p!bbs % bbs.diskshop.ca % SciNet ftn hq % (77:1/100)
  • From Nelgin@77:1/119 to Shitty on Mon Dec 14 17:15:06 2020
    Shitty wrote:
    Thanks for all the tips on good web hosts for my BBS!

    I went with OVHCloud because I like the way they advertised their prices. (No hourly jargon!)

    I set myself up with Ubuntu 18.04 & VestaCP. I got my BBS domain configured properly (I'm able to serve web pages) and now I'm almost ready to run the BBS on there.

    I got stuck on something though: I ran MIS server, but when I try to connect with a telnet client it doesn't connect. There's nothing in the mis log either. The mis screen remains unchanged when I try to connect, so something is up. Does it seem like I don't have my port open? (23?)

    I tried to open it up like this:
    sudo ufw allow 23/tcp
    (But that didn't work - I still couldn't connect.)

    It seems like the port is open - what else can I check?

    BTW, running on port 23 is dangerous for the simple fact that it runs as root. There are ways around it such as using capabilities, but the easiest would be to use iptables and redirect port 23 to something like 10023. That allows you to run your bbs on both 10023 as a non-root user, and port 23 by using a safe iptables redirection.

    This also works for ssh, and other protocols.
    --- SBBSecho 3.11-Linux
    * Origin: End Of The Line BBS - endofthelinebbs.com (77:1/119)
  • From ryan@77:1/128 to Shitty on Mon Dec 14 16:47:39 2020
    Thanks for that tip - When I tried to reload it, I found out that "Firewall not enabled." So now I'll assume that my problem isn't a firewall issue.

    Maybe 'sudo tail -F /var/log/syslog` while you try to telnet in and see what log lines are revealed?

    --- Mystic BBS v1.12 A46 2020/08/06 (Linux/64)
    * Origin: monterey bbs (77:1/128)
  • From Shitty@77:1/100 to Nelgin on Mon Dec 14 20:13:14 2020
    BTW, running on port 23 is dangerous for the simple fact that it runs as root.There are ways around it such as using capabilities, but the
    easiest would beto use iptables and redirect port 23 to something like 10023. That allows youto run your bbs on both 10023 as a non-root user, and port 23 by using a safeiptables redirection.

    Thanks for this advice too! Once I get around this non-connection issue I will try that.

    --- Mystic BBS/QWK Gate v1.12 A47 2020/11/23 (Linux/64)
    * Origin: % disksh0p!bbs % bbs.diskshop.ca % SciNet ftn hq % (77:1/100)
  • From Shitty@77:1/100 to ryan on Mon Dec 14 22:22:40 2020
    "Firewall not enabled." So now I'll assume that my problem isn't a firewall issue.

    Maybe 'sudo tail -F /var/log/syslog` while you try to telnet in and see whatlog lines are revealed?

    I checked it while Netrunner was trying to connect, but it didn't show any errors, just some "CRON" stuff. Then I checked it while not trying to connect, and it looked identical.

    I'm new to VestaCP. I just noticed that I have the website files (in a public_html folder) within the admin folder. Could it be that Mystic's server (mis) is unable to respond because Mystic can't do sudo commands?

    Sorry, I'm an admitted lamer. But I think that eventually one of these clues are going to get me back up and running.

    --- Mystic BBS/QWK Gate v1.12 A47 2020/11/23 (Linux/64)
    * Origin: % disksh0p!bbs % bbs.diskshop.ca % SciNet ftn hq % (77:1/100)
  • From ryan@77:1/128 to Shitty on Mon Dec 14 23:25:39 2020
    I'm new to VestaCP. I just noticed that I have the website files (in a public_html folder) within the admin folder. Could it be that Mystic's server (mis) is unable to respond because Mystic can't do sudo commands?

    If Mystic failed to bind to port 23 (and other low ports) you'd see it in Mystic logs. Have you looked there?

    --- Mystic BBS v1.12 A46 2020/08/06 (Linux/64)
    * Origin: monterey bbs (77:1/128)
  • From Warpslide@77:1/156 to Shitty on Tue Dec 15 08:34:14 2020
    On 14 Dec 2020, Shitty said the following...

    Sorry, I'm an admitted lamer. But I think that eventually one of these clues are going to get me back up and running.

    Do we know if mis is actually listening on 23?

    Maybe try:
    netstat -l -n -p --inet

    pi@bbs:~ $ netstat -l -n -p --inet
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program
    tcp 0 0 0.0.0.0:24553 0.0.0.0:* LISTEN 5997/./mis
    tcp 0 0 0.0.0.0:24554 0.0.0.0:* LISTEN 5997/./mis
    tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 5997/./mis
    tcp 0 0 0.0.0.0:2323 0.0.0.0:* LISTEN 5997/./mis [snip]

    In my case I have telnet listening on 2323 & SSH on 2222. 24553/4 are bink and then I just forward 23 -> 2323 and 22 -> 2222 on my router.

    Jay

    --- Mystic BBS v1.12 A47 2020/11/23 (Raspberry Pi/32)
    * Origin: Northern Realms (77:1/156)
  • From Shitty@77:1/100 to ryan on Tue Dec 15 10:22:38 2020
    If Mystic failed to bind to port 23 (and other low ports) you'd see it in Mystic logs. Have you looked there?

    I looked at the logs, but for the past few days there's nothing logged in mis.log besides "TELNET Listening on Port 23.."

    The errors.log & node logs are empty too.

    I suspect that I did something wrong with DNS management. Connections on port 80 work as expected, but port 23 is not taking any connections, and it's the same if I switch to, for example, port 10023. <- Nothing happening, nothing being logged by Mystic or Ubuntu.

    What do you typically do with DNS settings when running Mystic?

    --- Mystic BBS/QWK Gate v1.12 A47 2020/11/23 (Linux/64)
    * Origin: % disksh0p!bbs % bbs.diskshop.ca % SciNet ftn hq % (77:1/100)
  • From Shitty@77:1/100 to Warpslide on Tue Dec 15 10:45:10 2020
    Do we know if mis is actually listening on 23?

    Maybe try:
    netstat -l -n -p --inet

    I don't know how to copy/paste with Putty, but I did the command and got the list, and it does NOT show any listening on port 23.

    There are other ports in action but not 23, although I do have mis running and mis says it's "listening on port 23."

    I tried also tried this same thing with port 10023, and while mis says "LIstening on port 10023" ubuntu does NOT list 10023 as "listening."

    --- Mystic BBS/QWK Gate v1.12 A47 2020/11/23 (Linux/64)
    * Origin: % disksh0p!bbs % bbs.diskshop.ca % SciNet ftn hq % (77:1/100)
  • From g00r00@77:1/138 to Nelgin on Tue Dec 15 11:14:26 2020
    BTW, running on port 23 is dangerous for the simple fact that it runs as root.There are ways around it such as using capabilities, but the

    FYI

    MIS binds the ports immediately on execute and then drops root access using setGID and setUID to the owner of the binaries. So the idea is if you start it as sudo, it should immediately bind the ports (even before the servers are loaded) and then run as the group/user assigned to the binaries.

    Unless root specifically owns the binaries then it should not even allow you to run as root if you try.

    --- Mystic BBS v1.12 A47 2020/12/04 (Windows/64)
    * Origin: Sector 7 | Mystic WHQ (77:1/138)
  • From Nelgin@77:1/119 to g00r00 on Tue Dec 15 11:12:13 2020
    Re: Re: BBS Hosting & Port Opening
    By: g00r00 to Nelgin on Tue Dec 15 2020 11:14:26

    MIS binds the ports immediately on execute and then drops root access using setGID and setUID to the owner of the binaries. So the idea is if you start it as sudo, it should immediately bind the ports (even before the servers are loaded) and then run as the group/user assigned to the binaries.

    Unless root specifically owns the binaries then it should not even allow you to run as root if you try.

    Good to know.
    Thanks for the explanation.
    --- SBBSecho 3.11-Linux
    * Origin: End Of The Line BBS - endofthelinebbs.com (77:1/119)
  • From Shitty@77:1/100 to Nelgin on Tue Dec 15 17:08:26 2020
    MIS binds the ports immediately on execute and then drops root access u setGID and setUID to the owner of the binaries. So the idea is if you it as sudo, it should immediately bind the ports (even before the serve are loaded) and then run as the group/user assigned to the binaries.

    Everyone who replied to this thread, thank you! I got the BBS back up.

    One of my sub-folders had the wrong permissions. It was in the middle of a long tree of folders, and I have no idea how that happened! But I'm grateful for all the comments on the thread.

    It's great to have my BBS back up! I was worried about it!

    --- Mystic BBS/QWK Gate v1.12 A47 2020/11/23 (Linux/64)
    * Origin: % disksh0p!bbs % bbs.diskshop.ca % SciNet ftn hq % (77:1/100)
  • From Dumas Walker@77:1/115 to Nelgin on Wed Dec 16 15:58:06 2020

    BTW, running on port 23 is dangerous for the simple fact that it runs as root. There are ways around it such as using capabilities, but the easiest would be to use iptables and redirect port 23 to something like 10023. That allows you to run your bbs on both 10023 as a non-root user, and port 23 by using a safe iptables redirection.

    This also works for ssh, and other protocols.

    Nelgin,
    If one was to set up an iptables rule to redirect traffic from Port 23 to Port 2323, where synchronet is listening, will synchronet still receive the IPA of the outside system attempting to make the connection, or will it receive the IPA of the system where the iptables rule resides?

    Does that answer change if the machine where the iptables rule resides, and where synchronet is running, are the same system?
    #
    --- SBBSecho 3.11-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (77:1/115)
  • From ryan@77:1/128 to Nelgin on Thu Dec 17 03:06:49 2020
    BTW, running on port 23 is dangerous for the simple fact that it runs as root. There are ways around it such as using capabilities, but the
    easiest would be to use iptables and redirect port 23 to something like 10023. That allows you to run your bbs on both 10023 as a non-root user, and port 23 by using a safe iptables redirection.

    IMO a slightly simpler way of handling things is with setcap (posting from
    iPad so can't easily copypaste - google is your friend) which will allow the application itself to bind to low ports so you can skip the whole user permission thing.

    Mystic will also drop root privileges and setuid as the user that owns the
    mis binary, but I've had ancillary problems with that (dosemu being one of them). setcap is a great way to deal with this without adding too much additional complexity.

    --- Mystic BBS v1.12 A46 2020/08/06 (Linux/64)
    * Origin: monterey bbs (77:1/128)
  • From Nelgin@77:1/119 to Dumas Walker on Thu Dec 17 10:46:51 2020
    Re: Re: BBS Hosting & Port Opening
    By: Dumas Walker to Nelgin on Wed Dec 16 2020 15:58:06

    Nelgin,
    If one was to set up an iptables rule to redirect traffic from Port 23 to Port 2323, where synchronet is listening, will synchronet still receive the IPA of the outside system attempting to make the connection, or will it receive the IPA of the system where the iptables rule resides?

    I'm pretty sure you get the originating IP. It's been a while since I've looked but it's easy enough to try it and see in reverse, if you're already running on port 23 just redirect another port to port 23 and see.

    Does that answer change if the machine where the iptables rule resides, and where synchronet is running, are the same system?

    Now that I don't know, again. I would think so since iptables is just forwarding the packet through. Would be interesting to see.
    --- SBBSecho 3.11-Linux
    * Origin: End Of The Line BBS - endofthelinebbs.com (77:1/119)