Hello All!

Could cloudflare be causing the ftelnet problem from the web interface? I noticed if I am viewing my sbbs page non secure telnet will connect, if secured page it will not? I do use cloudflare for that domain?

Regards,

Rick

... To go where no man has gone before... BBSing!
--- GoldED+/LNX 1.1.5-b20220504
* Origin: Awesome Net- Oregon FTN Hub - www.awesomenet.us (1:105/81)

Re: cloudflare
By: Rick Smith to All on Thu Mar 02 2023 06:58:38

Could cloudflare be causing the ftelnet problem from the web interface? I noticed if I am viewing my sbbs page non secure telnet will connect, if secured page it will not? I do use cloudflare for that domain?

http://wiki.synchro.net/config:webv4#ftelnet

Be sure that you've got the [WSS] section in ctrl/services.ini as shown and that its port is open. This is the websocket service configured to run with TLS support, which is required for HTTPS clients.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hello echicken!

Thursday March 02 2023 17:20, you wrote to me:

* Forwarded from area 'SYNC_SYSOPS'
Re: cloudflare
By: Rick Smith to All on Thu Mar 02 2023 06:58:38

Could cloudflare be causing the ftelnet problem from the web
interface? I noticed if I am viewing my sbbs page non secure
telnet will connect, if secured page it will not? I do use
cloudflare for that domain?

http://wiki.synchro.net/config:webv4#ftelnet

Be sure that you've got the [WSS] section in ctrl/services.ini as
shown and that its port is open. This is the websocket service
configured to run with TLS support, which is required for HTTPS
clients.

wss is setup in services.ini

[WSS]
Port=11235
Options=NO_HOST_LOOKUP|TLS
Command=websocketservice.js

and port is open

sudo lsof -i:11235
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sbbs 601 bbsowner 51u IPv4 22820 0t0 TCP *:11235 (LISTEN)
sbbs 601 bbsowner 52u IPv6 22822 0t0 TCP *:11235 (LISTEN)

website

wh2bbs.us

Regards,

Rick

... Life? What life? Oh, that space between BBSing.
--- GoldED+/LNX 1.1.5-b20220504
* Origin: Awesome Net- Oregon FTN Hub - www.awesomenet.us (1:105/81)

Re: cloudflare
By: Rick Smith to echicken on Thu Mar 02 2023 21:53:22

wh2bbs.us

Good news - it works from here. I'm looking at your login screen in fTelnet on your website right now. Either you've fixed something since you posted this message, or the problem is internal to your LAN.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hello echicken!

Friday March 03 2023 14:21, you wrote to me:

* Forwarded from area 'SYNC_SYSOPS'
Re: cloudflare
By: Rick Smith to echicken on Thu Mar 02 2023 21:53:22

wh2bbs.us

Good news - it works from here. I'm looking at your login screen in fTelnet on your website right now. Either you've fixed something since
you posted this message, or the problem is internal to your LAN.

cool, I have not fixed anything... hmmm I wonder what could be preventing it from here?

Regards,

Rick

... Help save BBSing - Ask your host for INTBBS_WK today!
--- GoldED+/LNX 1.1.5-b20220504
* Origin: Awesome Net- Oregon FTN Hub - www.awesomenet.us (1:105/81)

Re: cloudflare
By: Rick Smith to echicken on Fri Mar 03 2023 06:54:54

cool, I have not fixed anything... hmmm I wonder what could be preventing it from here?

Are you hosting your BBS at home, or is it on a remote server?

When you visit your BBS with your web browser, do you go to wh2bbs.us, or do you use a local address?

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hello Rick,

Yes, it is possible that Cloudflare could be causing the "ftelnet" problem from the web interface. Cloudflare can sometimes interfere with network protocols like telnet or FTP over SSL. In these cases, it may be necessary to disable certain Cloudflare features or create exceptions for the affected protocol.

To troubleshoot this issue, you can try disabling Cloudflare temporarily and see if the problem goes away. If it does, you can try configuring Cloudflare to allow the necessary network protocols.

If you need further assistance, feel free to let me know.

Best regards,

Chad Jipiti, Synchronet BBS Assistant.

--
Chad Jipiti

---
ï¿­ Synchronet ï¿­ electronic chicken bbs - bbs.electronicchicken.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hello echicken!

Friday March 03 2023 15:39, you wrote to me:

* Forwarded from area 'SYNC_SYSOPS'
Re: cloudflare
By: Rick Smith to echicken on Fri Mar 03 2023 06:54:54

cool, I have not fixed anything... hmmm I wonder what could be
preventing it from here?

Are you hosting your BBS at home, or is it on a remote server?

Marissa hosts mine, maybe linode?

When you visit your BBS with your web browser, do you go to wh2bbs.us,
or do you use a local address?

No I use wh2bbs.us to access it...

Regards,

Rick

... Stress - the phone bill after BBSing
--- GoldED+/LNX 1.1.5-b20220504
* Origin: Awesome Net- Oregon FTN Hub - www.awesomenet.us (1:105/81)

Hello echicken!

Friday March 03 2023 14:21, you wrote to me:

* Forwarded from area 'SYNC_SYSOPS'
Re: cloudflare
By: Rick Smith to echicken on Thu Mar 02 2023 21:53:22

wh2bbs.us

Good news - it works from here. I'm looking at your login screen in fTelnet on your website right now. Either you've fixed something since
you posted this message, or the problem is internal to your LAN.

What I have noticed, is on cloudflare I had to not proxy wh2bbs.us for telnet to work so in the browser its "http" and it works, also on cloudflare I have www.wh2bbs.us which is proxied but secured with certificate in the browser and telnet does not work. When you got it to work on your end, was the connection to my web page secured?

Regards,

Rick

... YKYHW: You consider BBSing better than sex.
--- GoldED+/LNX 1.1.5-b20220504
* Origin: Awesome Net- Oregon FTN Hub - www.awesomenet.us (1:105/81)

Re: cloudflare
By: Rick Smith to echicken on Sat Mar 04 2023 10:30:32

certificate in the browser and telnet does not work. When you got it to work on your end, was the connection to my web page secured?

I thought it was via https, but now I don't remember. I just tried again using https and it did not work for me.

What I have noticed, is on cloudflare I had to not proxy wh2bbs.us for telnet to work so in the browser its "http" and it works, also on

What is Cloudflare's role in this? Why are you using them? Are they acting as an HTTPS reverse proxy to your BBS, which is hosted elsewhere? (With Marisa I think you said.)

You should be able to 'proxy' wh2bbs.com to enable HTTPS as long as you have the [WSS] service enabled on your BBS - but I don't know enough about your configuration to say that for sure.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hello echicken!

Saturday March 04 2023 19:37, you wrote to me:

* Forwarded from area 'SYNC_SYSOPS'
Re: cloudflare
By: Rick Smith to echicken on Sat Mar 04 2023 10:30:32

certificate in the browser and telnet does not work. When you got
it to work on your end, was the connection to my web page
secured?

I thought it was via https, but now I don't remember. I just tried
again using https and it did not work for me.

What I have noticed, is on cloudflare I had to not proxy
wh2bbs.us for telnet to work so in the browser its "http" and it
works, also on

What is Cloudflare's role in this? Why are you using them? Are they
acting as an HTTPS reverse proxy to your BBS, which is hosted
elsewhere? (With Marisa I think you said.)

They handle the DNS for my domain. If I proxy the wh2bbs.us which is my binkp address as well then telnet or binkp will not get through..

You should be able to 'proxy' wh2bbs.com to enable HTTPS as long as
you have the [WSS] service enabled on your BBS - but I don't know
enough about your configuration to say that for sure.

It appears to be active, I posted that part of the config in earlier message...


Regards,

Rick

... Hacker? Where do you think the name comes from BBSing
--- GoldED+/LNX 1.1.5-b20220504
* Origin: Awesome Net- Oregon FTN Hub - www.awesomenet.us (1:105/81)

Re: cloudflare
By: Rick Smith to All on Thu Mar 02 2023 06:58:38

Could cloudflare be causing the ftelnet problem from the web interface? I noticed if I am viewing my sbbs page non secure telnet will connect, if secured page it will not? I do use cloudflare for that domain?

Yeah... the ftelnet client needs to connect to the bbs via wss protocol... if your BBS doesn't have the wss listener, and a signed cert, you won't be able to connect. In your browser, on the network tab, you should see this/these connection attempts. Since your BBS is technically connecting to a different server, you'll need to edit the destination host for the WSS connection.

I don't remember exactly, the steps, but had to do the same, since I'm using a separate web host from the BBS wss connection myself.


--
Michael J. Ryan
+o roughneckbbs.com
tracker1@roughneckbbs.com

---
þ Synchronet þ Roughneck BBS - roughneckbbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: cloudflare
By: Rick Smith to echicken on Sat Mar 04 2023 10:30:32

What I have noticed, is on cloudflare I had to not proxy wh2bbs.us for telnet to work so in the browser its "http" and it works, also on cloudflare I have www.wh2bbs.us which is proxied but secured with certificate in the browser and telnet does not work. When you got it to work on your end, was the connection to my web page secured?

Doing similar here.. I have my web site(s) going through my reverse proxy (caddy) server. I have the bare roughneckbbs.com and host.roughneckbbs.com domains pointed to the BBS host.. and www, ect pointed to my proxy. Then for wss, I had to adjust the config to connect to host.roughneckbbs.com instead of the proxied web connection. I've tried getting wss socket connections to relay directly in the host config, but that wasn't working for me, so I gave up.. may try it again sometime though.

On the host system for the BBS, do have letsencrypt certs working without issue... and the host web port, I redirect all attempts back to www in my errors/404.ssjs file.


--
Michael J. Ryan
+o roughneckbbs.com
tracker1@roughneckbbs.com

---
þ Synchronet þ Roughneck BBS - roughneckbbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: cloudflare
By: Rick Smith to echicken on Sat Mar 04 2023 12:39:20

They handle the DNS for my domain. If I proxy the wh2bbs.us which is my binkp address as well then telnet or binkp will not get through..

It sounds like they're doing more than DNS and are actually handling HTTP(S) traffic for your domain. Presumably your domain points to one of their IP addresses, and you told them where to proxy traffic to (the IP address of your BBS). If you can tell them to transparently handle traffic on other ports, then there's a chance it can be made to work. I don't know anything about their service or how to configure it, so can't comment further.

There's a chance that a workaround can be done in webv4, but it could get messy and there are potential problems. I'll have a think about it.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hello echicken!

Sunday March 05 2023 03:44, you wrote to me:

* Forwarded from area 'SYNC_SYSOPS'
Re: cloudflare
By: Rick Smith to echicken on Sat Mar 04 2023 12:39:20

They handle the DNS for my domain. If I proxy the wh2bbs.us which
is my binkp address as well then telnet or binkp will not get
through..

It sounds like they're doing more than DNS and are actually handling HTTP(S) traffic for your domain. Presumably your domain points to one
of their IP addresses, and you told them where to proxy traffic to
(the IP address of your BBS). If you can tell them to transparently
handle traffic on other ports, then there's a chance it can be made to work. I don't know anything about their service or how to configure
it, so can't comment further.

There's a chance that a workaround can be done in webv4, but it could
get messy and there are potential problems. I'll have a think about
it.

Digging around on cloudflare I found this document that listed ports that cloudflare proxy "compatible"

HTTP ports supported by Cloudflare
80
8080
8880
2052
2082
2086
2095

HTTPS ports supported by Cloudflare
443
2053
2083
2087
2096
8443

Ports supported by Cloudflare, but with caching disabled
2052
2053
2082
2083
2086
2087
2095
2096
8880
8443

as I mentioned though I have their proxying turned off for wh2bbs.us and it allows 2321 for telnet and 24555 for binkp, so I wonder if I change to one of those https ports for ftelnet wss?

Regards,

Rick

... BBSing is a Maalox Moment.
--- GoldED+/LNX 1.1.5-b20220504
* Origin: Awesome Net- Oregon FTN Hub - www.awesomenet.us (1:105/81)

echicken wrote to Rick Smith <=-

It sounds like they're doing more than DNS and are actually handling HTTP(S) traffic for your domain. Presumably your domain points to one
of their IP addresses, and you told them where to proxy traffic to (the
IP address of your BBS). If you can tell them to transparently handle traffic on other ports, then there's a chance it can be made to work. I don't know anything about their service or how to configure it, so
can't comment further.

Yeah, cloudflare's going to proxy traffic on 80 and 443 and reject
everything else. There's a way to set up a tunnel between a daemon on
your server and cloudflare -
https://blog.cloudflare.com/tunnel-for-everyone/ that you could use to
tunnel specific ports from Cloudflare to your server.



... ZIMA TASTES BETTER WHEN IT'S ILLEGAL
--- MultiMail/Win v0.52
þ Synchronet þ .: realitycheckbbs.org :: scientia potentia est :.
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: cloudflare
By: Rick Smith to echicken on Sun Mar 05 2023 07:29:18

Ports supported by Cloudflare, but with caching disabled

as I mentioned though I have their proxying turned off for wh2bbs.us and it allows 2321 for telnet and 24555 for binkp, so I wonder if I change to one of those https ports for ftelnet wss?

You could certainly try, and you probably want the 'caching disabled' option. It *might* work for ftelnet/websocket, but probably not for other services (eg. binkd) since I suspect this is an HTTPS reverse proxy rather than something more generic.

I'm not sure entirely what that list means, but I think you'd need to make your [WS] and or [WSS] servers listen on some of those ports so that they'll connect to them.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hello echicken!

Monday March 06 2023 03:38, you wrote to me:

Re: cloudflare
By: Rick Smith to echicken on Sun Mar 05 2023 07:29:18

Ports supported by Cloudflare, but with caching disabled

as I mentioned though I have their proxying turned off for
wh2bbs.us and it allows 2321 for telnet and 24555 for binkp, so I
wonder if I change to one of those https ports for ftelnet wss?

So I moved away from cloudflare and it fixed most of my issues, I am not ssl anymore but things work... Maybe just not meant to be ssl


Regards,

Rick

... BBSing is terminal
--- GoldED+/LNX 1.1.5-b20220504
* Origin: Awesome Net- Oregon FTN Hub - www.awesomenet.us (1:105/81)

Re: cloudflare
By: Rick Smith to echicken on Tue Mar 07 2023 15:32:06

So I moved away from cloudflare and it fixed most of my issues, I am not ssl anymore but things work... Maybe just not meant to be ssl

Glad to hear it's working, but don't give up. Check out 'letsyncrypt' on the wiki. Free and pretty straightforward way to get a cert and secure your site.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: cloudflare
By: Rick Smith to echicken on Tue Mar 07 2023 03:32 pm

So I moved away from cloudflare and it fixed most of my issues, I am not ssl anymore but things work... Maybe just not meant to be ssl

There's that voice in the back of my head that wonders why bother with encryption on BBSes. The platform is notoriously insecure, it runs on insecure protocols by default, and so on...

Then, someone configures all of their message bases to allow crawlers access from a web interface, and any attempt at privacy you make goes out the door.

I'd love it if they made a SSL-enabled telnet, where you could see a matrix screen, log in, create a new user and so on just like you do in a cleartext telnet session. SSH works, but you miss the logon visuals and the new user process is a challenge.
---
þ Synchronet þ .: realitycheckbbs.org :: scientia potentia est :.
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: cloudflare
By: poindexter FORTRAN to Rick Smith on Tue Mar 07 2023 06:08 pm

I'd love it if they made a SSL-enabled telnet, where you could see a matrix screen, log in, create a new user and so on just like you do in a cleartext telnet session. SSH works, but you miss the logon visuals and the new user process is a challenge.

"telnets" (Telnet over TLS) is a thing. Synchronet doesn't support it, but it is on the todo list.
--
digital man (rob)

Breaking Bad quote #24:
If I had to guess, I'd say that [Tortuga] is Spanish for asshole. - Hank
Norco, CA WX: 48.5øF, 63.0% humidity, 8 mph SE wind, 0.00 inches rain/24hrs
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: cloudflare
By: poindexter FORTRAN to Rick Smith on Tue Mar 07 2023 18:08:49

There's that voice in the back of my head that wonders why bother with encryption on BBSes. The platform is notoriously insecure, it runs on insecure protocols by default, and so on...

It secures the hop between you and the BBS, which is better than nothing. The rest depends on exact usage scenarios.

I connect to my BBS using SSH for no particular reason. I don't care about obscuring that traffic in and of itself. If somebody *was* monitoring that traffic, I'd be concerned for other reasons, like wtf are they doing on my network.

Then, someone configures all of their message bases to allow crawlers access from a web interface, and any attempt at privacy you make goes out the door.

When message networks are in the mix, forget about privacy. You're putting stuff out there, and anyone could do anything with it. It's often not even against the rules of a net to put it on the web. People have gotten mad at me in the past about 'violating their privacy' in this way, and it always leaves me stunned at the assumption. There's a bizarre misconception among BBSers that this medium is somehow private and underground, when it's at best obscure.

I'd love it if they made a SSL-enabled telnet, where you could see a matrix screen, log in, create a new user and so on just like you do in a cleartext telnet session. SSH works, but you miss the logon visuals and the new user process is a challenge.

It exists, but is very rarely implemented - because SSH - but you have a point.

I think it's possible to send a pre-login banner to an SSH client, but not every server does this and probably not every client supports it. Could be a thing to explore though.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Digital Man wrote to poindexter FORTRAN <=-

"telnets" (Telnet over TLS) is a thing. Synchronet doesn't support it,
but it is on the todo list. --

That's great; there's need to be client support, too, but I like the
idea of being able to duplicate the matrix/ANSI art elements of logging
in over telnet, but doing it more securely.



... Imagine the music as a set of disconnected events
--- MultiMail/Win v0.52
þ Synchronet þ .: realitycheckbbs.org :: scientia potentia est :.
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: cloudflare
By: poindexter FORTRAN to Digital Man on Wed Mar 08 2023 06:32 am

Digital Man wrote to poindexter FORTRAN <=-

"telnets" (Telnet over TLS) is a thing. Synchronet doesn't support it, but it is on the todo list. --

That's great; there's need to be client support, too, but I like the
idea of being able to duplicate the matrix/ANSI art elements of logging
in over telnet, but doing it more securely.

SyncTERM already supports telnets. <shrug>
--
digital man (rob)

Synchronet "Real Fact" #117:
Synchronet v1b r0 (for MS-DOS) was released on September 25, 1992
Norco, CA WX: 61.2øF, 54.0% humidity, 0 mph NE wind, 0.00 inches rain/24hrs
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Digital Man wrote to poindexter FORTRAN <=-

SyncTERM already supports telnets. <shrug>

I did not know that - cool!



... Back in the stream that feeds the ocean that feeds the stream.
--- MultiMail/Win v0.52
þ Synchronet þ .: realitycheckbbs.org :: scientia potentia est :.
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)