As rsync will not accept to be given a custom port on the destination address, a way around it is to initiate an ssh connection that will handle it for you:
rsync -e 'ssh -p 2222' $SOURCE_DIR $DEST_DIR;
When you try to connect via ssh on a domain for which you are using CloudFlare as a HTTP proxy, you will get the following error:
$ ssh [email protected] ssh_exchange_identification: Connection closed by remote host
You have a few options to resolve for this issue:
IP of the machine.CNAME record with no HTTP proxy for the SSH (so that you do not need to remember the IP).IP of the server.DNS page for your site: e.g. https://www.cloudflare.com/a/dns/example.com,CNAME named ssh, use as target your domain (e.g. example.com) and disable HTTP proxy by clicking on the orange cloud and making it gray 
before pressing the Add Record button.
ssh [email protected].SSH on one of the ports of CloudFlare that are open.CloudFlare:HTTP:
80 8080 8880 2052 2082 2086 2095
For requests made via HTTPS:
443 2053 2083 2087 2096 8443
At the time, we were using an Ubuntu GNU/Linux server, to instruct Ubuntu SSHD to listen to multiple ports we edited the file /etc/ssh/sshd_config and right after the lines:
# What ports, IPs and protocols we listen for Port 22
we added another line with the new port we wanted to use:
# What ports, IPs and protocols we listen for Port 22 Port 2053
After restarting the service
service ssh restart;
we were able to connect to our page as follows:
ssh -p 2053 [email protected];
Recently, we got access to an Ubuntu 16.04 LTS server that had MySQL server installed on it but was not accessible to our external servers.
The service was accessible when testing from localhost but it was not when testing from any other machine.
Executing nmap from another machine would return the value 3306/tcp closed mysql conn-refused as below.
[bytefreaks@fedora ~]$ nmap -vv -p 3306 192.168.10.11 Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-06 17:21 EET Initiating Ping Scan at 17:21 Scanning 192.168.10.11 [2 ports] Completed Ping Scan at 17:21, 0.06s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 17:21 Completed Parallel DNS resolution of 1 host. at 17:21, 0.00s elapsed Initiating Connect Scan at 17:21 Scanning 192.168.10.11 [1 port] Completed Connect Scan at 17:21, 0.06s elapsed (1 total ports) Nmap scan report for 46.101.137.70 Host is up, received syn-ack (0.061s latency). Scanned at 2017-03-06 17:21:31 EET for 1s PORT STATE SERVICE REASON 3306/tcp closed mysql conn-refused Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds
The problem was with the default configuration of mysqld that is found in the file /etc/mysql/mysql.conf.d/mysqld.cnf.
At line 41 we got the following snippet:
# Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. bind-address = 127.0.0.1
What the line bind-address = 127.0.0.1 says is that, the service will only listen on localhost.
At this stage there are two solutions that you can apply using your favorite text editor (e.g. sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf):
Completely remove the line bind-address = 127.0.0.1 or comment it out by adding a # in front of it as follows #bind-address = 127.0.0.1.
Replace 127.0.0.1 with the IP that you want mysql service to be available to. In our case the line became bind-address = 192.168.10.11.
After you are done with the change, you need to restart the service for the change to take place:
bytefreaks@OSUbuntu:~$ sudo /etc/init.d/mysql restart [ ok ] Restarting mysql (via systemctl): mysql.service.
From an external machine you can verify that the configuration was applied correctly using nmap as below:
[bytefreaks@fedora ~]$ nmap -vv -p 3306 192.168.10.11 Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-06 17:24 EET Initiating Ping Scan at 17:24 Scanning 192.168.10.11 [2 ports] Completed Ping Scan at 17:24, 0.06s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 17:24 Completed Parallel DNS resolution of 1 host. at 17:24, 0.00s elapsed Initiating Connect Scan at 17:24 Scanning 192.168.10.11 [1 port] Discovered open port 3306/tcp on 46.101.137.70 Completed Connect Scan at 17:24, 0.06s elapsed (1 total ports) Nmap scan report for 46.101.137.70 Host is up, received syn-ack (0.061s latency). Scanned at 2017-03-06 17:24:30 EET for 0s PORT STATE SERVICE REASON 3306/tcp open mysql syn-ack Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds
You should get the value 3306/tcp open mysql syn-ack.
netstat prints network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
Using the parameter -l (or --listening) it will show only listening sockets/ports (which are omitted by default.).
--numeric-ports shows numerical port numbers but does not affect the resolution of host or user names (e.g. instead of showing the name ssh, it will show the value 22).
We used netstat using the following syntax to check which sockets/ports are open on the current machine:
netstat --listening --numeric-ports;
The results appeared as follows:
[george@bytefreaks ~]$ netstat --listening --numeric-ports Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 localhost:25 0.0.0.0:* LISTEN tcp6 0 0 [::]:44300 [::]:* LISTEN tcp6 0 0 [::]:8080 [::]:* LISTEN tcp6 0 0 [::]:22 [::]:* LISTEN tcp6 0 0 localhost:25 [::]:* LISTEN udp 0 0 0.0.0.0:39925 0.0.0.0:* udp 0 0 0.0.0.0:24186 0.0.0.0:* udp 0 0 0.0.0.0:68 0.0.0.0:* udp 0 0 localhost:323 0.0.0.0:* udp 0 0 0.0.0.0:5353 0.0.0.0:* udp6 0 0 localhost:323 [::]:* udp6 0 0 [::]:33848 [::]:* udp6 0 0 [::]:61453 [::]:* raw6 0 0 [::]:58 [::]:* 7 Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 22489 public/showq unix 2 [ ACC ] STREAM LISTENING 22445 public/pickup unix 2 [ ACC ] STREAM LISTENING 22449 public/cleanup unix 2 [ ACC ] STREAM LISTENING 22477 private/proxymap unix 2 [ ACC ] STREAM LISTENING 22480 private/proxywrite unix 2 [ ACC ] STREAM LISTENING 15452 /run/systemd/private unix 2 [ ACC ] STREAM LISTENING 22483 private/smtp unix 2 [ ACC ] STREAM LISTENING 22486 private/relay unix 2 [ ACC ] STREAM LISTENING 22492 private/error unix 2 [ ACC ] STREAM LISTENING 22495 private/retry unix 2 [ ACC ] STREAM LISTENING 22498 private/discard unix 2 [ ACC ] STREAM LISTENING 22501 private/local unix 2 [ ACC ] STREAM LISTENING 22504 private/virtual unix 2 [ ACC ] STREAM LISTENING 22507 private/lmtp unix 2 [ ACC ] STREAM LISTENING 22510 private/anvil unix 2 [ ACC ] STREAM LISTENING 22513 private/scache unix 2 [ ACC ] STREAM LISTENING 14445 /var/run/NetworkManager/private-dhcp unix 2 [ ACC ] SEQPACKET LISTENING 15476 /run/udev/control unix 2 [ ACC ] STREAM LISTENING 1404 /run/systemd/journal/stdout unix 2 [ ACC ] STREAM LISTENING 22452 public/qmgr unix 2 [ ACC ] STREAM LISTENING 15498 /run/lvm/lvmpolld.socket unix 2 [ ACC ] STREAM LISTENING 22474 public/flush unix 2 [ ACC ] STREAM LISTENING 22471 private/verify unix 2 [ ACC ] STREAM LISTENING 16034 /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 16037 /var/run/avahi-daemon/socket unix 2 [ ACC ] STREAM LISTENING 15537 /run/lvm/lvmetad.socket unix 2 [ ACC ] STREAM LISTENING 22456 private/tlsmgr unix 2 [ ACC ] STREAM LISTENING 22459 private/rewrite unix 2 [ ACC ] STREAM LISTENING 22462 private/bounce unix 2 [ ACC ] STREAM LISTENING 22465 private/defer unix 2 [ ACC ] STREAM LISTENING 22468 private/trace
In case you want to check a specific port if it is open from a remote machine, you can use nmap.
Using nmap to scan specific ports allows you to check if a remote machine appears to have open ports available to you.
nmap is a network exploration tool and security / port scanner.
The following example checks ports 80 and 8080 on 192.168.1.199 if they are open.
[george@bytefreaks ~]$ nmap -vv -p 80,8080 192.168.1.199 Starting Nmap 6.40 ( http://nmap.org ) at 2017-02-22 14:10 EET Initiating Ping Scan at 14:10 Scanning 192.168.1.199 [2 ports] Completed Ping Scan at 14:10, 0.00s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 14:10 Completed Parallel DNS resolution of 1 host. at 14:10, 0.00s elapsed Initiating Connect Scan at 14:10 Scanning 192.168.1.199 [2 ports] Discovered open port 8080/tcp on 192.168.1.199 Completed Connect Scan at 14:10, 0.00s elapsed (2 total ports) Nmap scan report for 192.168.1.199 Host is up (0.000060s latency). Scanned at 2017-02-22 14:10:29 EET for 0s PORT STATE SERVICE 80/tcp closed http 8080/tcp open http-proxy Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 0.03 seconds
The -vv parameter for nmap increases the verbosity of the results.
The -p parameter defines the ports to be checked.
