How to get to a MS-DOS prompt or Windows command line.

Windows Vista and 7 users

1. Click Start.
2. Type cmd and press enter.

If you're attempting to get into a MS-DOS prompt to troubleshoot the computer boot the computer into Safe Mode.

Windows NT, 2000, and XP users

1. Click Start.
2. Click Run.
3. Type cmd or command and press enter.

• Difference between the command.com and cmd.exe.

If you're attempting to get into a MS-DOS prompt to troubleshoot the computer, boot the computer into Safe Mode.

Windows 2000 and XP users who are unable to boot the computer into Normal Windows mode or Safe mode, can also enter the recovery console to manage their computer from a prompt. Additional information about how to do this can be found on document CH000627.

Finally, if you are experiencing issues getting into Windows NT, 2000, or XP, it may be necessary to run troubleshooting steps from a MS-DOS prompt. It is recommended that the Network Administrator get into the MS-DOS prompt by using either a standard MS-DOS boot diskette (note: will not be able to access data using a standard MS-DOS bootable diskette) or the ERD diskettes created after the installation of Windows NT, or boot from the Windows XP CD.

Windows 95, 98, and ME users

If you are able to get into Windows 95, 98 or ME, you can get to a MS-DOS prompt by following the steps below.

1. Click Start
2. Click Run
3. Type "command" and press enter.

This will open a MS-DOS shell. However, if you are attempting to troubleshoot an issue with the computer and are using Microsoft Windows 95 or Windows 98, we suggest you restart the computer into MS-DOS. To do this follow the below steps.

1. Click Start
2. Click Shutdown
3. Choose the option to restart the computer into a MS-DOS prompt.

If you are unable to get into Windows 95 or Windows 98 to get into a MS-DOS prompt, follow the below instructions (Windows ME does not have this option).

1. Reboot the computer
2. As the computer is booting, press the F8 key when you hear a beep or when you see "Starting Windows 95" or "Starting Windows 98." Windows 98 users sometimes may find it easier to press and hold the left CTRL key as the computer is booting.
3. If done properly the user should get to a screen similar to the below screen.

Microsoft Windows 95 Startup Menu ============================= 1. Normal 2. Logged (\BOOTLOG.TXT) 3. Safe mode 4. Step-by-step confirmation 5. Command prompt only 6. Safe mode command prompt only Enter a choice: 1 F5=Safe Mode Shift+F5=Command prompt Shift+F8= Step-by-step confirmation [N]

   4.   Select the option for Safe mode command prompt only.

MS-DOS users

If you are running MS-DOS with no other operating systems, the computer should be booting into a MS-DOS prompt automatically unless you have a shell or other program loading automatically.

If the computer is not getting you to a MS-DOS prompt, reboot the computer and as the computer is booting, press the F5 key when you see the message "Starting MS-DOS" or the MS-DOS version. This will load the default standard MS-DOS.

If you successfully get to a MS-DOS prompt and would like to prevent the computer from loading the program that is preventing you from getting to a MS-DOS prompt, or if you would like to fix possible error messages you may be receiving when booting the computer, edit the autoexec.bat or the config.sys files.

Windows 3.x users

If you are running Windows 3.x it is likely that the computer is booting into Windows automatically and bypassing the MS-DOS prompt. If Windows loads successfully into Windows, to exit to a MS-DOS prompt, from Program Manager, click the File menu and then Exit.

If the computer is trying to load into Windows but is encountering errors while it is booting, reboot the computer and press F5 key when you see the message "Starting MS-DOS" or the MS-DOS version. This will load the default standard MS-DOS.

If you do not want Windows 3.x to load automatically into Windows 3.x, you will need to edit the autoexec.batfile and remove the "win" line.

Other operating system users

If you are using another operating system such as OS/2, Linux variants, or Unix variants and you need to get to a MS-DOS prompt, it is recommended that you use a MS-DOS boot diskette unless you are dual booting the computer. Keep in mind that booting from a MS-DOS diskette is not going to allow you to have access to the files used with other operating systems. However, if you're erasing everything and starting over this would allow you to delete all pre-existing information and start over.

Read more »

My computer is running slow what steps can I do to fix it?

This issue can be caused by any of the below possibilities.

1. Not enough hard disk space.
2. Left over programs and bad files.
3. Data Corruption.
4. Missing Windows updates / Outdated drivers.
5. Computer is overheating.
6. Corrupt OS.
7. Bad Hardware.

Solution

Below are steps for Microsoft Windows users that should help speed up the computer or determine why the computer is running slow.

Reboot

If your computer has not been reboot recently make sure to reboot it before following any of the below steps.

Not enough hard disk drive space

Verify that there is at least 200-500MB of free hard disk drive space. This available space allows the computer to have room for the swap file to increase in size as well as room for temporary files.

• Determining available hard drive space.
• Regaining computer hard disk drive space.

Hard drive corrupted or fragmented

• Run ScanDisk or something equivalent to verify there is nothing physically wrong with the computer hard disk drive.
• Run Defrag to help ensure that data is arranged in the best possible order.

Background programs

Remove or disable any TSRs and startup programs that automatically start each time the computer boots.

 To see what programs are running in the background and how much memory and CPU they are using openTask Manager.  If you are running Windows 7 run Resmon to get a better understanding of how your computer is being used.

If you've got an anti-virus scanner on the computer, spyware protection program, or other security utility make sure it's not scanning your computer in the background. Often when these programs begin to scan the computer it can decrease the overall performance of your computer.

Scan for malware

Today, spyware and other malware is a big cause of many computer problems including a slow computer. Even if an anti-virus scanner is installed on the computer we recommend running a malware scan on the computer. Use the free version of Malwarebytes to scan your computer for malware.

Hardware conflicts

• Verify that the Device Manager has no conflicts. If any exist resolve these issues as they could be the cause of your problem.

Update Windows

• Make sure you have all the latest Windows updates installed in the computer.
• If you are on the Internet when your computer is slow also make sure all browser plugins are up-to-date.

Update your drivers

Make sure you've got the latest drivers for your computer. Especially the latest video drivers. Having out-of-date drivers can cause an assortment of issues.

Computer or processor is overheating

Make sure your computer and processor is not overheating, excessive heat can cause a significant decrease in computer performance some processors will even lower the speed of the processor automatically to help compensate for the heat related issues.

• What temperature should my processor be running at?

Dust, dirt, and hair can also constrict a proper air flow on your computer, which can also cause a computer to overheat. Make sure your computer case is clean and fans are not obstructed.

• Steps on cleaning your computer.

Memory upgrade

If you've had your computer for more than one year it's likely you're computer is not meeting the memory requirements for today. Today, we suggest at a minimum the computer have 1GB of memory.

• Determining how much RAM is installed and available.

Run registry cleaner

We normally do not recommend registry cleaners. However, if you have followed all of the above steps and your computer is still slow try running a registry cleaner on the computer.

Erase computer and start over

If none of the above solutions resolve your issues, it is recommended that you either reinstall Windows or erase everything and then start over.

Old computer

If your computer is older than five years come to terms that it is likely the age of the computer that is causing it to be slow. Computers progress at an alarming rate as new programs and updates for programs come out their minimum requirements increase and will cause older computers to slow down. If your computer is older than five years we suggest purchasing a new computer or just realize it is going to run slow because it is old.

• How often should I buy a new computer?

Hardware issues

Finally, if your computer continues to be slow after going over each of the above recommendations it's possible that your computer is experiencing a more serious hardware related issue such as a failing component in the computer. This could be a failing or bad hard drive, CPU, RAM, motherboard, or other component.

Read more »

How do I password protect my files and folders in Windows?

 Before password protecting any document you may wish to create a backup of the non-password protected folder and files in case you forget the password in the future.
The majority of Microsoft Windows operating systems do not come with a method of password protecting your sensitive files and folders. If you're using Microsoft Windows 3.x, Windows 95, Windows 98, you will need to download or purchase a third-party program to password protect your files and folders in Windows; skip down to theother security solutions section if you're using one of these operating systems.

Microsoft Windows XP professional users

The below steps for encrypting the files on Windows XP professional applies to users who are using a computer that has different accounts. If you're using a single account for all users who use the computer you will need to see the below other security solutions section.

1. Select the folder you wish to encrypt.
2. Right-click the folder and click Properties.
3. Click the Advanced button.
4. Check "Encrypt contents to secure data" option.
5. Click Apply and then Ok.

Encrypt contents to secure data is grayed out

This will be grayed out if you're using the home edition of Microsoft Windows XP. See the below steps for securing the contents of your folders in Windows XP home.

Show "Encrypt" on the context menu

The newest version of TweakUI also enables you to show the Encrypt option in the context menu. To do this, follow the below steps.

1. Open TweakUI.
2. In the TweakUI window, select Explorer
3. In the right side of the window under Settings, locate Show 'Encrypt' on context menu and check the box. This option should be below Prefix 'shortcut to' on new shortcuts and above Show 'View workgroup computers' in NetPlaces.

• I'm missing Show "Encrypt" on the context menu in TweakUI.

Microsoft Windows XP home users

1. Select the folder you wish to encrypt.
2. Right-click the folder and click Properties.
3. Click the Sharing tab.
4. Check the box Make this folder private
5. Click Apply and then Ok.

Make this folder private is grayed out

In order for this option to work in Microsoft Windows XP home you must meet the below requirements.

1. The hard disk drive must be formatted in NTFS and not FAT32 File System.
2. The folder you're attempting to encrypt must be in your own personal folder. For example, if your name is bob, you must be encrypting a folder that is or that is contained within the below folder:
   
   C:\Documents and Settings\Bob\
   
   You cannot encrypt any folders outside of this folder. If you wish to encrypt outside this folder see the below other security solutions.

Other security solutions for protecting your files and folders in Windows

File and folders not frequently used

If you need to password protect files or folders that you do not frequently use, one of the simplest ways is to compress the folder and files with a compression utility and password protect the compressed file. However, each time you wish to work or modify the files you will need to uncompress the files using the password.

Windows ME and Windows XP users - Microsoft Windows ME and Windows XP come with their own compression utility. This utility can also be used to compress and password protect files.

 When a file is compressed, users can still view a listing of the files in the compressed file. If you wish for both your file names and the contents to be hidden, move all the files into a single folder and password protect that folder.  

File and folders frequently used or accessed

If you need to password protect or encrypt data you frequently use, you will need to install a third-party program that will enable you to protect your files and folders. Below are some free and commercial solutions.

• AxCrypt - An excellent free encryption utility that enables users to encrypt all files within a folder and not allow those files to be viewed unless a passphrase (password) is known.
• WinCry - A freeware utility that enables your files to be encrypted, secure deletion, as well as other helpful methods of protecting your files.
• Folder Guard - A commercial version of a password protection software that enables you to password protect files, folders, and other Windows resources.

Things to remember when encrypting or password protecting files and folders

1. There is no such thing as a 100% protected file. There are numerous tools, utilities, and instructions for how to break a lot of the encryption and passwords on files. However, the protection methods listed above will protect your files from the majority of users who may encounter them. If you're working with really sensitive data we suggest a commercial product for protecting your files and data.
2. Even though a file or folder may be password protected it still can be deleted (unless the program supports the ability to protect files from being deleted). Always remember to backup all your files, even those protected by passwords.
3. If you forget the password, unless you're willing to spend the time attempting to break it or pay someone else to break the password, all your file data will be lost. Unless you've made a backup of the non-password protected data.

Read more »

NTLDR is Missing.

Issue

NTLDR is Missing.

Related errors

Below are the full error messages that may be seen when the computer is booting.

NTLDR is Missing
Press any key to restart

Boot: Couldn't find NTLDR
Please insert another disk

NTLDR is missing
Press Ctrl Alt Del to Restart

Causes

1. Computer is booting from a non-bootable source.
2. Computer hard disk drive is not properly setup in BIOS.
3. Corrupt NTLDR and NTDETECT.COM file.
4. Misconfiguration with the boot.ini file.
5. Attempting to upgrade from a Windows 95, 98, or ME computer that is using FAT32.
6. New hard disk drive being added.
7. Corrupt boot sector / master boot record.
8. Seriously corrupted version of Windows 2000 or Windows XP.
9. Loose or Faulty IDE/EIDE hard disk drive cable.
10. Failing to enable USB keyboard support in the BIOS.

Solutions

Computer is booting from a non-bootable source

Many times this error is caused when the computer is attempting to boot from a non-bootable floppy disk or CD-ROM. First verify that no floppy diskette or CD is in the computer, unless you are attempting to boot from a diskette.

Note: This error has also been known to occur when a memory stick is in a card reader and the computer is attempting to boot from it. If you have any card reader or flash reader make sure that no memory stick is inside the computer. Additionally disconnect all USB drives, cameras, ipods, iphones, etc. from the computer.

If you are attempting to boot from a floppy diskette and are receiving this error message it is likely that the diskette does not have all the necessary files or is corrupt.

If you are attempting to install Windows XP or Windows 2000 and are receiving this error message as the computer is booting verify that your computer BIOS has the proper boot settings. For example, if you are attempting to run the install from the CD-ROM make sure the CD-ROM is the first boot device, and not the hard disk drive.

Second, when the computer is booting you should receive the below prompt.

Press any key to boot from the CD

Important: When you see this message press any key such as the Enter key immediately, otherwise it will try booting from the hard drive and likely get the NTLDR error again.

Note: If you are not receiving the above message and your BIOS boot options are set properly it's also possible that your CD-ROM drive may not be booting from the CD-ROM properly. Verify the jumpers are set properly on the CD-ROM drive.

• Verifying the CD-ROM cables are correctly connected.

Computer hard disk drive is not properly setup in BIOS

Verify that your computer hard disk drive is properly setup in the CMOS setup. Improper settings can cause this error.

Corrupt NTLDR or NTDETECT.COM file

Windows 2000 users
Windows XP users

Windows 2000 users

If your computer is using Microsoft Windows 2000 and you are encountering the NTLDR error. Create the belowboot.ini file on the floppy diskette drive.

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Professional" /fastdetect

Copy the NTLDR and NTDETECT.COM files from another computer using the same operating system. Both of these files are located in the root directory of the primary hard disk drive. For example, C:\NTLDR and C:\NTDETECT.COM should be the locations of these files on many computers.

• How do I view hidden files in Windows?

Once these files have been copied to a floppy diskette reboot the computer and copy the NTLDR and NTDETECT.COM files to the root directory of the primary hard disk drive. Below is an example of what commonly should be performed from the A:\> drive.

copy ntldr c:
copy ntdetect.com c:

After the above two files have been copied, remove the floppy diskette and reboot the computer.

Windows XP users

1. Insert the Windows XP bootable CD into the computer.
2. When prompted to press any key to boot from the CD, press any key.
3. Once in the Windows XP setup menu press the "R" key to repair Windows.
4. Log into your Windows installation by pressing the "1" key and pressing enter.
5. You will then be prompted for your administrator password, enter that password.
6. Copy the below two files to the root directory of the primary hard disk. In the below example we are copying these files from the CD-ROM drive letter, which in this case is "e." This letter may be different on your computer.
   
   copy e:\i386\ntldr c:\
   copy e:\i386\ntdetect.com c:\
7. Once both of these files have been successfully copied, remove the CD from the computer and reboot.

Misconfiguration with the boot.ini file

Edit the boot.ini on the root directory of the hard disk drive and verify that it is pointing to the correct location of your Windows operating system and that the partitions are properly defined.

Attempting to upgrade from a Windows 95, 98, or ME computer that is using FAT32

If you are getting this error message while you are attempting to upgrade to Windows 2000 or Windows XP fromWindows 95, Windows 98, or Windows ME running FAT32 try the below recommendations.

1. Boot the computer with a Windows 95, Windows 98 or Windows ME bootable diskette.
2. At the A:\> prompt type:
   
   sys c: <press enter>
3. After pressing enter you should receive the "System Transferred" message. Once this has been completed remove the floppy diskette and reboot the computer.

New hard disk drive being added

If you are attempting to add a new hard disk drive to the computer make sure that drive is a blank drive. Adding a new hard disk drive to a computer that already has Windows installed on it may cause the NTLDR error to occur.

If you are unsure if the new drive is blank or not try booting from a bootable diskette and format the new hard disk drive.

Corrupt boot sector / master boot record

It's possible your computer's hard disk drive may have a corrupt boot sector or master boot record. These can be repaired through the Microsoft Windows Recovery console by running the fixboot and fixmbr commands.

Seriously corrupted version of Windows 2000 or Windows XP

If you have tried each of the above recommendations that apply to your situation and you continue to experience this issue it is possible you may have a seriously corrupted version of Microsoft Windows. Therefore we would recommend you reinstall Microsoft Windows 2000 and Windows XP.

If you are encountering this issue during your setup you may wish to completely erase your computer hard disk drive and all of its existing data and then install Microsoft Windows.

Loose or Faulty IDE/EIDE hard disk drive cable

This issue has been known to be caused by a loose or fault IDE/EIDE cable. If the above recommendation does not resolve your issue and your computer hard disk drive is using an IDE or EIDE interface. Verify the computer hard disk drive cable is firmly connected by disconnected and reconnecting the cable.

If the issue continues it is also a possibility that the computer has a faulty cable, try replacing the hard disk drive cable with another cable or a new cable.

Read more »

Getting into Windows Safe Mode.

If you cannot boot into normal Windows mode or cannot troubleshoot because of errors in normal mode boot into Safe Mode. Windows Safe Mode bypasses startup programs and drivers that are not required for Windows to load and will allow you to fix Windows problems

Windows 2000 / XP users

 If you are running Safe Mode because you cannot get into Windows, you may want to first try loading the last known good configuration.

To get into the Windows 2000 / XP Safe mode, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press your Enter key.

Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.

Trouble Getting into Windows 2000 or Windows XP Safe mode - If after several attempts you are unable to get into Windows 2000 or Windows XP Safe Mode as the computer is booting into Windows, turn off your computer. When the computer is turned on the next time Windows should notice that the computer did not successfully boot and give you the Safe Mode screen.

Windows Advanced Options Menu Please select an option: Safe Mode Safe Mode with Networking Safe Mode with Command Prompt Enable Boot Logging Enable VGA mode Last Known Good Configuration (your most recent settings that worked) Directory Services Restore Mode (Windows domain controllers only) Debugging Mode Start Windows Normally Reboot Return to OS Choices Menu Use the up and down arrow keys to move the highlight to your choice.

Once you're done in Safe mode if you want to get back into Normal Windows restart the computer like you normally would and let it boot normally. 

Microsoft Windows Vista and Windows 7 users

 If you are running Safe Mode because you cannot get into Windows, you may want to first try loading the last known good configuration.

To get into the Windows Vista and Windows 7 Safe Mode, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.

Trouble Getting into Safe mode - If after several attempts you are unable to get into Safe Mode as the computer is booting into Windows, turn off your computer. When the computer is turned on the next time Windows should notice that the computer did not successfully boot and give you the Safe Mode screen.

Choose Advanced Options for: Microsoft Windows Vista Please select an option: Safe Mode Safe Mode with Networking Safe Mode with Command Prompt Enable Boot Logging Enable low-resolution video (640x480) Last Known Good Configuration (advanced) Directory Services Restore Mode Debugging Mode Disable automatic restart on system failure Disable Driver Signature Enforcement Start Windows Normally Description: Start Windows with only the core drivers and services. Use when you cannot boot after installing a new device or driver.

Once you're done in Safe mode if you want to get back into Normal Windows restart the computer like you normally would and let it boot normally.

Windows 98 / ME users

To get into Windows 98 / ME Safe Mode, as the computer is booting press and hold your "F8 key" on the top of your keyboard or press and hold the left or right Ctrl key as the computer is booting. If done properly you should get into the "Windows 98 / ME Startup Menu" similar to the below screen example. In this menu choose option 3 by pressing the 3 key and press enter. 

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.

Microsoft Windows 98 Startup Menu ============================= 1. Normal 2. Logged (\BOOTLOG.TXT) 3. Safe mode 4. Step-by-step confirmation 5. Command prompt only 6. Safe mode command prompt only Enter a choice: 1 F5=Safe Mode Shift+F5=Command prompt Shift+F8= Step-by-step confirmation [N]

Once you're done in Safe mode if you want to get back into Normal Windows restart the computer like you normally would and let it boot normally.

Windows 95 users

To get into Windows 95 Safe Mode, as the computer is booting, when you either hear a beep or when you see the message "Starting Windows 95", press your F8 key on the top of your keyboard. If done properly you should get into the Windows 95 Startup menu similar to the below screen. In this menu choose option 3 by pressing the 3 key and press enter.

How do I get out of Safe Mode?

From Windows Safe Mode click Start / Shutdown and restart the computer. This will start the computer automatically back into Normal Mode.

Note: Many users believe that they are still in Safe Mode because the colors or video may not look correct. Unless in the corners of the screen it says "Safe Mode", you are not in Safe Mode. For information on how to setup your video card resolution, see document CH000190.

If you are rebooting the computer and it is rebooting back into Safe Mode (it does say "Safe Mode" in each of the corners), it is likely another problem exists with Windows preventing it from loading into Normal Windows. We recommend you see the basic troubleshooting section for additional ideas that may help to resolve your issue.

Which Safe Mode option should I choose?

Users who are running later versions of Windows will get several different options for different versions of Safe Mode. For example, you may have options for "Safe Mode", "Safe Mode with Networking", and "Safe Mode with Command Prompt." Below is a brief description of each of these different modes.

Safe Mode

The basic Safe Mode option is usually what most users will want to choose when troubleshooting their computer. This is the most basic Safe Mode option and has no additional support.

Safe Mode with Networking

For users needing access to the Internet or the network they're connected to while in Safe Mode users may wish to choose this option. This mode is helpful for when you need to be in Safe Mode to troubleshoot but also need access to the Internet so you can get updates, drivers, or other files to help troubleshoot your issue.

Safe Mode with Command Prompt

This Safe Mode would also allow you to have access to the command line (MS-DOS prompt).

Read more »

How do I do port-forwarding with ssh?

If you can ssh out from a firewalled machine, you can ask ssh to set up a tunnel back to that machine, so that it can be reached from the outside world. Here's how.
For the purposes of this explanation, the "inside" machine is the machine inside the firewall -- the one you want to be able to reach. The "outside" machine is the one that will be forwarding connections to the inside one.
Also note that when I say "ssh", I mean ssh version 1. There is an ssh version 2, but it's commercial and nobody uses it (and it's incompatible with version 1) -- so to avoid confusing yourself, don't even look at it. Use ssh version 1.

1. Create a key
The first thing you need to do is create an ssh "identity" key that doesn't have a password set -- it just uses RSA keys to authenticate. (You need this because you're going to be running ssh in the background and you don't want it asking you for a password when you're not around.)
On the inside machine, go into your .ssh/ directory (the one inside your home directory -- if you don't have one, go ahead and create it) and type:

ssh-keygen -f tunnel -C "tunnel key"
It will do a little song and dance, and ask you for a password. Just hit enter here -- you don't want a password set on this key. When you're done, you'll have a file tunnel (this is your private key -- protect it!) and a file tunnel.pub (the public key).

2. Add the key to the outside machine
You need to let the outside machine know this new public key, so it'll let you login without a password (using this key). On the outside machine, go into your .ssh/ directory and edit the fileauthorized_keys. (If this file doesn't exist, it's okay to create it.)
This is somewhat annoying, but what you want to do is copy the contents of tunnel.pub (from the inside machine) into one line of your authorized_keys file. It's important that the line be identical, and that it be one line. (Sometimes cut-and-paste will insert linefeeds -- be careful and check it.)
It should work now. But to be safe, you ought to also limit the places this key can be used from. Since you're only going to use this key to set up an automatic tunnel from the inside machine, you can set this key so that it will only work for connections coming from there. To do that, add a from= section to the beginning of the line in authorized_keys. For example, if your inside box is 10.23.128.4, the line in authorized_keys should look like this:
from="10.23.128.4" 1024 37 1283091749021[...]923492
In other words, you want from="inside IP", followed by a space, to be at the front of the line. This is optional, but highly recommended.

3. Checkpoint
If you've done everything right up till now, you should be able to use this command on the inside machine:

ssh -i ~/.ssh/tunnel username@outside.machine.top
and ssh should connect you to the outside machine and login as you, without asking you for a password. If that isn't what happened, something got messed up along the way -- start over. If that is what happened, you're halfway there.

4. Backwards port redirect
This is the interesting part. Ssh has the ability to, after connecting to a machine, listen to a TCP port on that machine, and redirect traffic over the ssh connection back to the ssh client's machine. It's done with the -R option:

-R far-port:local-address:local-port
If the inside machine is named "squirtle", and the outside machine is named "house.example.com", you can type this command:

ssh -i ~/.ssh/tunnel -R 3939:squirtle:23 me@house.example.com
It will connect you to house.example.com, as before, but this time it also starts listening on port 3939 on house.example.com, and forwarding traffic to squirtle's port 23 (the telnet port). So, anyone who telnets to house.example.com port 3939, is effectively telnet'ing to squirtle's login prompt. Hopefully this makes you nervous. You should be really careful about this, because now anyone that finds this port can try to login to squirtle. And it's not exactly hard to find the port.
Leigh Klotz emailed me and pointed out that it would be even better if you used port 22 (the ssh port) instead of port 23 (the telnet port) since most systems have sshd running now. That's definitely more secure.

5. Automating it
One thing you can do, if you don't give a crap about the security of squirtle (the inside machine), is to just leave the connection up 24/7. I know at least one (unnamed) company where this is happening. To do that, just run a script like this one the inside machine:

#!/bin/sh
while `true`; do
    ssh -i ~/.ssh/tunnel -R 3939:squirtle:23 me@house.example.com sleep 32000
    sleep 1
done

Adding the sleep 32000 to the ssh command makes it execute that command (on the remote machine -- i.e. the outside machine) instead of giving you a login shell. This is what you want for scripts.
Another thing you could do is set up a "time window" that the tunnel will be open. Set it up as a cron job that goes off at, say, every 2-3 hours and leaves the connection up for 15 minutes (just change the sleep time on the ssh command line to 900).
If you're really perverse like me, you could run a bot on the inside machine, and run some Tcl scripts on a botnet so that anyone on the botnet could do a command that causes the bot on the inside machine to open up the tunnel. If that sounds cool to you, go write it yourself -- don't ask me for help. :)

Read more »

Introduction to Port Forwarding

INTRODUCTION

For those of you looking to at last find out how to make that darn router work and finally “forward” those darn “ports,” I’ill walk you through the process step by step using language and pictures that will make even the most basic of users able to understand the process.

Now there are a variety of different routers out there, each of course having a different user interface that one must access to make changes to the router. The two most common routers used by individuals are the Linksys and Netgear models. As such, these are the two models I intend to cover, but with a basic detail of how to access and port forward them all.

LINKSYS

The first step in port forwarding is accessing the router. The IP address varies from router to router, so check the manufacturers website or the handbook that was included when purchased. Next open your internet browser and type in the proper IP address according to the directions below.

For LINKSYS the IP address is 192.168.1.1 and the default logins are as follows:

username = admin
password = admin

Also, remember to change the passwords for your router after logging on if you haven’t done so already. Since the user defaults are widely known, and are exactly that–defaults, anyone can log on to your router and leech off your bandwith, or even worse, monitor your web traffic and perhaps even block you from logging on period. So it cannot be stressed enough to change your passwords after logging on.

Okay now for the fun part, forwarding those pesky ports.

After logging on, you will see the main setup page. Click on the Applications & Gaming tab at the top of the page.

This will bring you to the Port Range Forward page. Here is where we will actually forward the ports as the page name implies.

In the first box you will enter the name of the application this will apply to, be it BitTorrent, eMule ,eDonkey, or whatever. For arguments sake we will apply it here as BitTorrent, with the specific BitTorrent client to be Azureus. So for Application type “Azureus.“

For the Start and End Port, we’ll be select a port from the reccomended 49152 – 65535 range (For BitTorrent only, and be sure to apply this port number to the Azureus client as well.). Keep in mind that ports used are program specific so check which ones the program requires to be forwarded. Type the port number or range in both boxes.

In the IP Address box type the name of the computer’s Ip address to which this is to apply. If your not sure what the IP address is, follow these easy steps:

• Open the Run dialogue box

• Now type “cmd”

• Lastly, type “ipconfig”

At the risk of stating the obvious, if you’ll notice your IP address will be listed there at the top where it says “IP Address.” This is the address for the compueter whose ports you are forwarding.

To finish last thing you want to above in the Port Range Forward page is to check the “enable” box. You’d be surprised at how a lot of people forget to do this simple task. Now click Save Settings at the bottom of the page and were all done. Presto, your ports are now forwarded.

NETGEAR

For NETGEAR the IP adress is 192.168.0.1 and the default logins are as follows:

username = admin
password = password

Also, remember to change the passwords for your router after logging on if you haven’t done so already. Since the user defaults are widely known, and are exactly that–defaults, anyone can log on to your router and leech off your bandwith, or even worse, monitor your web traffic and perhaps even block you from logging on period. So it cannot be stressed enough to change your passwords after logging on.

After logging on, you will arive at the main setup page. Click on the Port Forwarding / Port Triggering tab on the bottom left hand-side of the screen.

This will bring you to the Port Forwarding page.

We’re going to “Add Custom Service,” so click this tab at the center of the page.

In the first box, Service Name, you will enter the name of the application this will apply to, be itBitTorrent, eMule , eDonkey, or whatever. For arguments sake we will apply it here as BitTorrent, with the specific BitTorrent client to be Azureus. So for Application type “Azureus.“

For the Start and End Port, we’ll be select a port from the reccomended 49152 – 65535 range (For BitTorrent only, and be sure to apply this port number to the Azureus client as well.). Keep in mind that ports used are program specific so check which ones the program requires to be forwarded. Type the port number or range in both boxes.

The Server IP Address is the IP address of the computer this is to apply to.

If your not sure what the IP address is, follow these easy steps:

• open the Run dialogue box

• Now type “cmd”

• Lastly, type “ipconfig”

At the risk of stating the obvious, if you’ll notice your IP address will be listed there at the top where it says “IP Address.” This is the address for the compueter whose ports you are forwarding.

To finish, click the Add tab, and then the Apply tab on the port forwarding main page. Presto, your ports are now forwarded.

Read more »

How Can I Learn How to Program My Router's Port Forwarding Commands?

 While the programming of port forwarding can be somewhat intimidating, there are tutorials on the Internet that can certainly help beginners. The most common reason for programming port forwarding is to improve the speed of bit torrent downloads, followed by improving the performance of computer games and streaming media. Towards these ends, there is a splendid resource by the folks at www.portforward.com. To speed up your specific downloading client, game, or software program: find the exact name of your router and your software, and then visit this page for a visual tutorial on how your router takes port forwarding commands.

Read more »