Security policy blues

-

 

When your company's security policy starts to make your life uncomfortable, some will say they are doing a good job, while others will complain. I would rather side with the latter. 

I have been using a server accessible from the Internet for years. A few weeks ago, a message warned me to update the validity of the firewall rule. Unfortunately, that task appears to be above my pay grade. More unfortunate is that the people who that warning message told me specifically to talk to if I happened not to be able to fix it myself claim they cannot do that and that I should talk to somebody else. That pleased me not. 

I am sure I could waste a couple of days going back and forth and get this fixed, but it would be helpful for a short time as I am retiring soon. Alternatively, I considered other more fun solutions that required me to talk with no one else. I have developed some sort of an allergy to people telling me, "That is not my job," when I request something. 

If you do not have access to a server from outside the company's network, a possible solution is to use a Virtual Private Network (VPN) if that is a solution your company offers employees. I have been using that, but unfortunately, not all the networks I am using are VPN-friendly. Last week, I was waiting for my car to be serviced, and I found I could not connect to the VPN, so I could not work with my server. Luckily, I used my cellphone's Internet access to be able to work. However, I do pay for that data connection, not my company. 

So today, I used some time to create a temporary solution. I will use a reverse SSH tunnel using an intermediate server accessible on the Internet. The idea is simple: I make an outgoing SSH connection from my work server to an intermediate server. That connection is kept open, but no terminal is associated with it, nor is data transferred. Its only purpose is to create a reverse tunnel from one port on the intermediate server to the SSH port on my server.

When I want to connect to my server, I will initiate an  SSH connection to a particular port in the intermediate server (connected by a reverse tunnel with the SSH server on my server) and connect without a problem. 

As with every simple plan, there are always some wrinkles. It all worked perfectly from the intermediate server but only if the connection attempt was done on the loopback device, as soon as I was trying to access the tunnel from the Internet, it won't work. I tried several solutions that were not successful until I put the server's IP on the reverse tunnel setup:

ssh -g -R $server_ip:$particular_port:localhost:22 user@intermediate.server -N -f -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" 

The "-g" alone or using "0.0.0.0" as the server's IP field did not help. The reverse tunnel was created but only listened on the loopback device, not the LAN interface. 

Comments

Post a Comment

Popular posts from this blog

VFD control with Arduino using RS485 link

-
Image
Variable Frequency Drives ( VFD ) allow the control of spindles so speed can accurately be controlled and a detailed acceleration profile for the spindle and reverse rotation can all be handled. In essence a VFD is an three phase inverter for three-phase AC motor. I am using a popular (I mean cheap) Chinese VFD and though the reference manual is not great, I could see there is a built-in RS-485 port. I usually control the start, stop and speed selection using the keyboard on the unit but I thought it will be more useful if I could control everything from the same Arduino is doing our CNC table control. Some cheap RS-485 off eBay and some lines of code later, I can start, stop and change the speed from an Arduino. What a cool thing to have! Some configuration of your VFD are needed before you can use it like that.  You need to set PD163=1 (I am using address 1 in the code). PD=164=1 (for setting serial to 9600bps) and PD165=0 (for using ASCII and 8N1 character format)
Read more

How to get sinusoidal s-curve for a stepper motor

-
Image
After some experimentation, and delving a bit into the math of motion, I realized there can be a significant difference on the motion of a machine by just making small changes. A common and popular approach to smooth one axis of motion is to use a trapezoidal speed pattern, where acceleration and deceleration are uniformly accelerated movements (aka constant acceleration motion) separated by a portion happening at cruising speed. The problem comes with the fact that, while that approach is simple to understand and to code, it does contain sudden changes in the acceleration, that show as spikes on the acceleration derivative, called jerk. These sudden changes in the acceleration translate into undesired vibration in our machines. Most of that can be eliminated by selecting a motion pattern that does not contain sudden changes of acceleration. If we chose a mathematical function for our speed whose second derivative is continuous, then we reduce system vibration quite a lot. One ma
Read more

Stepper motor step signal timing calculation

-
Image
While we use stepper motors in many devices, the timing of the step signals is not always well understood. Most of us can see how a fixed speed is a bad idea unless the speed of motion is really slow, but it is fixed speed what is really to generate with simple code. You just can use the Arduino Blink example to send a fixed frequency of pulses to a stepper motor driver. If too slow, just reduce the delay value. But for most real-life applications variable speed controls will perform better. These systems will speed up the motor to a given maximum speed and it will slow it down to stop at the desired step count. But understanding the math behind this process is sometimes not obvious. Let us start with the simple case of the so-called trapezoidal speed motion profile. Here motion takes place in three phases: acceleration, constant speed (cruising) and deceleration. But the point is how can our code create such a behavior. Stepper motor drivers usually accept two signals to control
Read more