Leveraging Linux
Getting the best out of the Linux operating system and its software
Table of Contents
Port forwarding TPC traffic to another server with firewalld
During the Covid lock-downs I needed to work from home. I had a requirement to access a web application running from an AWS data centre to which I didn’t have direct access as it was in a private VPC.
The diagram below shows the web application running on a server marked by a green square. So let’s call this the target server.
I had access to our AWS servers via a bastion host, which had network access to the target server via a direct connect link.
This is how I used firewalld to port forward traffic to the target server. In addition, it illustrates how I used an SSH tunnel to get traffic from my development machine to the server with firewalld installed.This SSH tunnel is depicted in the diagram by the red arrows.
Then we’ll look at the firewalld configuration, which forwards the traffic to the target server—depicted on the diagram with the blue lines. The result being I was able to access the web service from my development machine using a local address of 127.0.0.1.
Let’s assume the IP address of the bastion server is 3.8.8.8, and the IP address of the server running firewalld is 10.10.10.001. The command below creates an SSH tunnel mapping the local port 8443 on my development machine to the 8443 port on the firewalld server.
1ssh -L 8443:10.10.10.001:8443 3.8.8.8 -l ec2-user -N
Installing firewalld
Depending on your Linux distribution, the installation of firewalld should be relativity easy using either apt-get or yum.
You’ll need to elevate your privileges to root to install the service.
Once installed, you’ll need to start the firewalld service and permanently add port 22 for SSH access and the port you want to reflect onto another server. In this case, port 8443.
1systemctl start firewalld
2firewall-cmd --zone=public --add-port=22/tcp --permanent
3firewall-cmd --zone=public --add-port=8443/tcp --permanent
To allow the IP forwarding to work, you need to switch on IP masquerading by issuing the following command.
1firewall-cmd --zone=public --add-masquerade
Forwarding the port traffic
Finally, we can add the rule to port forward traffic from the firewalld server to the target server’s final destination. In this example, the target servers IP address is 10.11.10.163.
In this example, we’re mapping port 8443 directly to port 8443, but you could direct/forward the traffic to a different target port if you needed to.
1firewall-cmd
2 --zone=public
3 --add-forward-port=port=8443:proto=tcp:toport=8443:toaddr=10.11.10.163
Stopping firewalld
To stop the firewall from forwarding the traffic, use the system control command to stop it.
1systemctl stop firewalld
Building a legacy application with the dotnet sdk on Ubuntu
I recently had a requirement to re-compile/rebuild a legacy C# .NET web application so that it was compliant against the latest long term support edition of .net core. The latest LTS is .NET 8.0.1 which was released on January 9, 2024 and will provide support through to November 10, 2026.
The application in question was developed in Visual Studio 2019, which can only compile projects against the .NET 5 runtime, which went of support in May 10, 2022. Some of the NUGET packages that were used within the project were out of date and one had a known security venerability.
By following the steps below, I was able to update the packages and build the project to target the .NET 8.0 runtime.
Installing the dotnet sdk on Ubuntu 22.04
Before starting the installation of the dotnet SDK we first need to add the Microsoft package repository to our system:
1wget https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
2sudo dpkg -i packages-microsoft-prod.deb
3rm packages-microsoft-prod.deb
and then install the dependencies:
1sudo apt install zlib1g
Once the dependencies have been installed, then we can install the dotnet sdk:
1sudo apt-get update && \
2sudo apt-get install -y dotnet-sdk-8.0
and the dotnet runtime:
1sudo apt-get install -y dotnet-runtime-8.0
Modifying the .csproj file
Open the projects .csproj file and change the TargetFramework line from:
1<PropertyGroup>
2 <TargetFramework>net5.0</TargetFramework>
3</PropertyGroup>
to
1<PropertyGroup>
2 <TargetFramework>net8.0</TargetFramework>
3</PropertyGroup>
Check for outdated packages
We can check for outdated packages with the following command:
1dotnet list package --outdated
2
3Project `******` has the following updates to its packages
4 [net8.0]:
5 Top-level Package Requested Resolved Latest
6 > Microsoft.AspNetCore.Authentication.Negotiate 3.1.26 3.1.26 8.0.1
7 > Microsoft.VisualStudio.Web.CodeGeneration.Design 3.1.5 3.1.5 8.0.0
8 > System.CodeDom 6.0.0 6.0.0 8.0.0
9 > System.Data.SqlClient 4.8.3 4.8.3 4.8.6
Check for vulnerable packages
We can check for vulnerable packages with the following command:
1dotnet list package --vulnerable
2
3Project `******` has the following vulnerable packages
4 [net8.0]:
5 Top-level Package Requested Resolved Severity Advisory URL
6 > System.Data.SqlClient 4.8.3 4.8.3 Moderate https://github.com/advisories/GHSA-8g2p-5pqh-5jmc
Update the vulnerable package & check the build completes
Running the add package sub-command also updates it to the latest version. This command updates the references within the projects .csproj file.
1$ dotnet add package System.Data.SqlClient
2$ dotnet build
3
4`******` -> ../******/bin/Debug/net8.0/******.dll
5Build succeeded
Update the other packages
We can follow the same process to update all the NUGET packages used within the project:
1dotnet add package Microsoft.AspNetCore.Authentication.Negotiate
2dotnet add package Microsoft.VisualStudio.Web.CodeGeneration.Design
3dotnet add package System.CodeDom
4dotnet list package --outdated
5
6The given project `******` has no updates given the current sources.
Managing monitors using the XRANDR command on Linux
My main development laptop uses Ubuntu, server edition, with a very light weight tiling window manager called i3. This window manager is primarily targeted at advanced users and developers. It’s a very efficient windowing manager but doesn’t come with very many bells and whistles.
Occasionally I need to attach my laptop to a large monitor, via HDMI, to present to a technical team.
This article covers how to use the xrandr command on Linux to change the default monitor and set resolutions.
Installing xrandr
You can install xrandr on Ubuntu like:
1sudo apt-get install xrandr
You can then list the attached monitors by running the following command:
1xrandr --listmonitors
2
3Monitors: 2
4 0: +*LVDS-1 1360/344x768/194+0+0 LVDS-1
5 1: HDMI-1 1280/339x1002/265+0+0 HDMI-1
Sending output to a new monitor
Once you know the device name for the monitor you’re interested in controlling,
then you can send the video signal to that monitor by using the output switch.
You can also define the screen resolution to use by passing in the resolution dimensions using the mode switch.
The screen resolution dimensions are passed using the width x height notation.
1xrandr --output HDMI-1 --mode 1024x768
Turning off your laptops display
Once you have the video signal going to your newly plugged in monitor, you might choose to switch off the display on your laptop.
You can do this by passing the device name to the output command line option.
In this example, LVDS-1 is the device name of my laptops monitor.
1xrandr --output LVDS-1 --off
Changing the brightness levels
Rather than switching off your laptops display, you can also decrease the brightness level.
The brightness command line option takes a value from off (0) to full brightness (1).
So for example, to reduce the brightness of your monitor to one quarter; you’d use a value of 0.25.
To reduce the brightness by half you’d use 0.5.
1xrandr --output LVDS-1 --brightness 0.25
Versions
- 30.08.2025 – initial document created, pulling several blog post together.