Acessing a local machine from the outside using a reverse proxy

Posted on April 30, 2012 by Rafael Steil

This is really neat: have you ever wanted to access your local machine or any other computer that it’s located in the local network from the outside world? I did, many times. The first and most common approach is to enable a DMZ in the router so all traffic that comes through the public IP address (for example, your modem’s IP) goes to a specific local computer. This works faily well, but you have to have access to the router’s configuration, and it is limited to a single destination machine.

If you are in an environment you don’t control, like your company, to change the router configuration is not an option, so how to we solve this problem? Using reverse tunneling through SSH.

For those new to the concept of tunneling, it is a trick that you can do with virtually any ssh client so all traffic from a local port goes to a remote server and port. It is also extremely useful to bypass corporate firewall rules and to use your remote server as a SOCKS proxy (so you can access Hulu from a blocked country). You can find more details at http://www.revsys.com/writings/quicktips/ssh-tunnel.html, http://ocaoimh.ie/2008/02/13/how-to-use-ssh-as-a-proxy-server/ and Google.

But the main question here is the opposite: how to we allow anyone to access our local machines? The answer is a reverse runnel. It is very simple to get it up and running, but it took me some good hours to find the correct approch, even because I didn’t know what to search for in the beginning. The steps are:

Change a setting in your server’s sshd_config
Choose a remote port to connect to
Choose the local (destination) port to route the traffic
Open the revere tunnel

So I have a webserver running on my localhost at port 8080, and I want that when someone calls “example.com” at port 15000, it sees my local webserver. In order to do that, first go to your remove server and add the following line to sshd_config (probably /etc/ssh/sshd_config)

GatewayPorts yes

This is strickly necessary, otherwise the tunnel will only work from the server to your machine (and not from any address to your machine). You can close the ssh session if you want.

Now, from your local machine, open the tunnel:

ssh -N -R "*:15000:localhost:8080" username@example.com

type the ssh password, and that’s all. The “-N” argument just hangs the ssh client, instead of opening a remote shell, “-R” is for the reverse tunnel itself, “*:” is to listen on all interfaces (strickly necessary, otherwise it will only listen in the loopback interface), “15000″ is the port at example.com that users will connect to, “localhost” is your own local machine, and “8080″ is the port in your local machine that will get the traffic.

This is very useful for development purposes, like when I had to test Amazon SNS using an HTTP endpoint.

A thought about Know-how

Posted on March 14, 2012 by Rafael Steil

When a company says that they have dozens of thousands of experience doing <add something here>, but they let their valuable employees leave just like if they didn’t mean anything, the company is actually lying.

Get the public / local IP of your EC2 instance via command line

Posted on February 15, 2012 by Rafael Steil

While you can get the public and private IP address of your Amazon EC2 instance via the AWS Console, it may be extremely useful to query it from anywhere you can make an HTTP request, such a shell script. The operation is really simple, just make a GET request to the following URL from within your EC2 instance:

Local IP:

curl http://169.254.169.254/latest/meta-data/local-ipv4

Public IP:

curl http://169.254.169.254/latest/meta-data/public-ipv4

I often use this feature to pre-configure services and update configuration files, as in EC2 you get a new IP Address each time you reboot.

Setting up SQL logs in Rails 2 and 3 console

Posted on January 25, 2012 by Rafael Steil

When developing Rails applications, it is often desirable to see what ActiveRecord is doing behind the scenes when using the console. By default, log messages in script/console (Rails 2) or rails c (Rails 3) are only sent to log/development.log, which I find quite annoying to keep an eye on. Much better would be if it the messages were sent directly to the console itself.

It turns out that it is very simple to achieve that. Add the following code to your ~/.irbrc file:

# File ~/.irbrc
require 'logger'

# For Rails 2
RAILS_DEFAULT_LOGGER = Logger.new(STDOUT)

# For Rails 3
ActiveRecord::Base.logger = Logger.new(STDOUT)

Simple as that. Restart the console and load any AR model, and the SQL statement should appear right before the data. For the same of simplicity, I set woth RAILS_DEFAULT_LOGGER and ActiveRecord::Base.logger, even because I had sittuations where only having one of the configurations didn’t work so well (for an unknown reason to me)

Complete XCode 4 keyboard shortcuts reference

Posted on December 14, 2011 by Rafael Steil

XCode has had a major redesign starting in version 4. Not only the UI and Compiler have changed, but many keyboard shortcuts did too, and for those used to develop using XCode 3 the transition is a bit hairy. While Apple does not provide a complete reference guide for all the shortcuts (none that I know), some handy developers out there do.

The XCode 4 Keyboard Shortcut Reference Guide has a very complete and extremely useful list of all shortcuts, organized in a pretty PDF file. The download links are:

Manually restoring a WordPress theme after a crash

Posted on November 24, 2011 by Rafael Steil

WordPress is a great blog engine, used by millions of people around the globe, and one of the best things (and probably also one of the main reasons for its success) is an easy to use and huge database of plugins and themes. With just some clicks, you can change the theme or install a cool new plugin to enhance your blog.

However, sometimes not everything works well, and you may end with a non-working blog if you installed a problematic (or old) theme. You see, my girlfriend loooooves themes, so much that she tries a new one every day. But sometimes one of those themes doesn’t work, thus trashing hers blog, including the admin area.

There is a way to manually fix it, but you will need access to the database (be it via a terminal, or something like phpmyadmin). Open the database where wordpress in installed in, and find the values you’ll have to change:


select * from wp_options where option_name like '%current%' or option_name = 'template' or option_name = 'stylesheet';

It should return something like this:

+-----------+---------+---------------+--------------+----------+
| option_id | blog_id | option_name   | option_value | autoload |
+-----------+---------+---------------+--------------+----------+
|        45 |       0 | template      | Ledgy        | yes      |
|        46 |       0 | stylesheet    | Ledgy        | yes      |
|      5810 |       0 | current_theme | Ledgy        | yes      |
+-----------+---------+---------------+--------------+----------+

In this case, “Ledgy” is my problematic theme, and I want to change to another one that I know that works (like the Default theme, or the previous one, if you remember the name). In order to find the available themes you have, go to the wp-content/themes of your wordpress installation. Each of the directories there represents the theme’s name you’ll use to update the options table. In my case, I know that the “SP142″ works fine.

In order to update the table, execute the following statement:

update wp_options set option_value = 'SP142' where option_id in (45, 46, 5810);

Just make sure to use the correct IDs, and you are done!

Setting up Git colors in the terminal

Posted on November 17, 2011 by Rafael Steil

I am adding this here so I won’t have to try to remember once again which colors I’m used to use with Git. If you already didn’t know, it is possible to set up git so that it colorizes the statuses, logs and so on when working via a terminal, which is much better than the plain old monochromatic scheme.

Add the following to your file ~/.gitconfig:

[color]
branch = auto
diff = auto
status = auto

[color "branch"]
current = yellow reverse
local = yellow
remote = green

[color "diff"]
meta = yellow bold
frag = magenta bold
old = red bold
new = green bold

[color "status"]
added = yellow
changed = green
untracked = cyan

Now, when you use a command like git status, it will use colors to differentiate the information.

Easy, reliable and free SMTP with SendGrid

Posted on October 21, 2011 by Rafael Steil

It is a problem as old as the web itself: which server or service to use when we need to send emails from our website or local computer? It may sound an easy answer, but if your hosting provider does not offer an out-of-the-box service with fair usage rules, setup a SMTP server yourself is a task that can get messy really fast – either to setup and to maintain it.

What would you use? sendmail, postfix, postmaster, procmail, qmail? Damn, probably half of these options even aren’t smtp servers. And after you find one that looks good, there are so many configuration options and terms to deal with that you will want to swear. Not to mention spammers trying to flood your server.

So, instead of going through this deep, dark and painful way, I found out that using a third party SMTP service is one of the best decisions one can make. For the last months I have been using SendGrid and I am totally happy with it: easy and intuitive panel, simple and clear setup instructions, good prices and – the better – they have a FREE account, which you can use to send up to 200 emails per day. If you think for a while, 200 emails per day is A LOT, if you have a small website or small delivery of emails. It is also perfect when you are developing at your local machine and need to test the email delivering of something (like a registration or recover password form).

To integrate you only need to change three SMTP settings in your application:

SMTP Server: smtp.sendgrid.net
Username: your account username (the same you use to login in the website)
Password: your account password (the same for the website)

As usual, the SMTP port is 25.

Besides that, SendGrid.net even has a REST API and plenty of documentation. So, if you are looking for a reliable, easy to use and hassle-free SMTP service, check out SendGrid

Tip – Formatting a FAT32 Hard Drive of up to 2 TB in Windows 7

Posted on October 1, 2011 by Rafael Steil

To have to format an huge hard drive using FAT32 as filesystem is a quite unusual requirement, unless you own a Sony Blu-Ray player (and possible others). While my TV is able to read a NTFS filesystem just fine, it does not reproduce DTS audio, and reencoding the video can take hours depending of your source file. Also, sometimes the TV (an LG 47″ Full HD TimeMachine model) drops frames if the video is very high-res (say, a 1920×1080 .MKV file with an high bitrate), which leds me to use the Blu-Ray player.

The only problem is that it does not read NTFS, only FAT32, so I had to convert my 1 TB hard drive first. In order to do that in Windows 7 (and possible other versions of Windows), it is necessary to appeal to third party tools due to the HD’s size. One of the simplest and fastest that I have found is fat32format, which does a pretty good job, handling drivers of up to 2 TB.

Note: Please bare in mind that while you can format a hard drive of up to 2 TB, FAT32 has a 4GB limit per file, and there is nothing you can to about it. If your files are bigger than 4GB, you will need to slipt them or move to NTFS.

fa32format is a free tool, available at http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htm

On captcha security

Posted on August 1, 2011 by Rafael Steil

Why almost every Captcha library out there generates images so colorful that could almost cause epilepsia, if the very first thing that any captcha breaker will do is to convert the image to grayscale?!

Do, or do not – Rafael Steil

Category Archives: General