fipremote

fipremote

This is the background server running on the client's site used to access data
from a Fip Remote Server.

It reads a parameter file called "REMOTE.FIP".

This contains enough information to connect to - or be connected from - the
remote host.

------------------------------------------------
Syntax of the parameter file is :
    ; comment

--------- For the Connection to the Remote Server....

    delivery-method:broadcast (one-way), server (logon/password protected)
        default is server
        If using broadcast, you MUST specify an end-of-message string
    connection-started-by:client or server
        Who makes the initial call - client connecting to the server or vice versa
            default is server

If the delivery method is 'server', we need a port on this machine (and
optionally a
alternate hostname for multi-ip addressed boxes where the boot address is NOT
the one we
want to use - this is relevant for clusters and other HACMP type boxes where
IPaddresses
switch)

    port: port on this box to use           default: 9123
        You MUST make sure this port is NOT used by any other program.
        On UNIX, /etc/services holds the list of reserved ports
    host: hostname or IPaddress to use      default: boot hostname

If the delivery method is 'client'm we need a hostname AND a port on the remote
server.
An alternate or failver host and/or port can also be specified.

    host: hostname of the remote server     no default
    port: port of the remote server         no default
    host2: hostname of an optional alternate remote server. no default
    port2: port of the alternate remote server  no default

    http-proxy-host: Hostname of Proxy HTTP server. default: direct connection
    http-proxy-port: Port Number of Proxy server.   default: direct connection
    proxy-is-squid: (yes/no) Use squid style HTTP syntax for traversing a
squid-like proxy server default: no
    http-proxy-logon: This is the logon and password to get thru the firewall
        if required. The format is (logon) (colon) (password) and is
        converted to base 64.
        http-proxy-logon:Y2hyaXMuaHVnaGpvbmVzOnBhbnRoZXIK=

        To generate (use 'type' on Winnt and just 'echo' for other Unix) :
            echo -n "logon:password" | sffb64 -i
        eg  echo -n "chris:sleekpanther" | sffb64 -i
        gives   Y2hyaXM6c2xlZWtwYW50aGVy
            http-proxy-logon:Y2hyaXM6c2xlZWtwYW50aGVy=
    http-header: Extra header information in FipSeq
        eg  http-header:Accept: *|*\r\nUser-Agent: FipServer\r\n

--------- Other parameters
    log-level: (0-99)
        Add information to the log file /fip/log/ALL
        default is to log only failures and errors.
        level 0     .. and Stop and Start
        level 3     .. and Connections, Disconnections
        level 6     .. and log each incoming file
        level 12    .. and log each Reply and Heartbeat

    log-every: (secs)
        Number of seconds between messages if the remote (or local relay) is down.
        default is 60 secs.

    timing-stats:yes
        Log timing stats            default: no

--------- For the Data on the local system....

    local-delivery-method:(file, relay, passive-port, serial-line)
        file - leave the files in a folder on this system
            Other parameters for this option include :
                data-path:  (optional)
                filename:   (optional)
        relay - open a TCP raw socket to another host/port and stuff the data down.
            Other parameters for this option include :
                relay-host: (mandatory)
                relay-port: (optional)
        passive-port - wait for a connection on a TCP port for
            another host to connect to and then stuff the data down.
            Other parameters for this option include :
                passive-port:   (mandatory)
                passive-host:   (optional)
            You can test this option using a telnet on your
            PC/Mac/Sparc/Linux to this passive-host/port.
        serial-line: send all to a com port or tty port
            Other parameters for this option include :
                For Winnt   serial-line:\\.\com3
                For Unix    serial-line:/dev/ttyh0
            This also needs a parameter file in /fip/tables/stty
            to setup the Com port.
            For WinNT/2k this is    MODE_(logon)_(COMMPORT)
                eg      MODE_AGENCY1_COM3.fip
                Note that NT/2000 com ports need pin DSR raised high by the cable.
            For Unix this is    STTY_(logon)_(TTYPORT)
                eg      STTY_AGENCY1_TTYA0
            In the case of NO logon the file is MODE_NONAME_COM3.fip
    keep-local-connection:Normally if there is nothing to send, the connection to
the
        local output device is dropped (to allow another program to connect perhaps).
        This flag states that this copy of the program has full-use of the
        device - so keep the connection alive.
        keep-local-connection:  will leave the connection open
        keep-local-connection:no    will disconnect
        keep-local-connection:yes   will leave the connection open

    poll-remote-server:Normally the connection to the remote server
        is kept open. Use this parameter for those connections which
        share a server and to state the number of seconds between
        attempts. If specified, the minimum is 30 secs.
        poll-remote-server:60   will reconnect every 60 secs
        poll-remote-server:0    will leave the connection open

    data-path: Path name for Folder/Directory where all the data files should be
stored
        default is the path 'fipremote' was started from;
        unless it was '/' in which case the path is /fip/spool/xremote.
    filename: (new name)                default: \SN
        Use FipSeq to change the filename of the incoming files
        \SN represents the existing filename which is the Service Designator and
itemNumber
        eg  filename:\SN.bag
            will add a '.bag' extention to the filename

    passive-host: Hostname for this machine if not the boot address. Use this
        for servers with more than one network card or IP address and
        you need to sit on a particular address only.
    passive-port: Port number on this server

    relay-host: Hostname of another server that we will forward the data to
    relay-port: Port number on the other (forwarded-to or relayed-to) server.

    add-fiphdr: (yes/no) Add a FipHdr on the incoming file      default: no
    extra-fiphdr: Extra FipHdr information which can be added
        to the incoming file or used for the filename       default: none
    archive: (yes/no) Add the ZI: Fiphdr to the incoming file   default: yes
        This option only takes effect if 'add-fiphdr:yes' is also selected

--------- General Parameters to be set the same as the remote server.

    no-logon-required: Trusted connection   default: logon/pwd required
        allow a connection WITHOUT a logon/password
    logon: logon to use to connect          no default
    password: password to use to connect        no default
    encrypt-size: (number)
    encrypt-string: (FipSeq string of encrypt-size)
        These state a length and string to map to the data.
        They MUST be exactly the same as the Remote system.
    check-md5-signature:
        Check the MD5 signature of the incoming file.
        The file is logged if in error
    decrypt-script:
        External script to decrypt or uncompress the data.
        This option is only valid for 'local-delivery-method:file'
        There is one and only one parameter to this script which is
        the name of the file to decrypt and in which the new contents
        will be stuffed.
        decrtpy-script:/fip/local/remote_unpgp

    end-of-message: For Broadcast deliveries, this specifies the string
        which defines the end of each file.
        Eg for ANPA-1312 or IPTC-7901   end-of-message:\004
        for a tagged format like NewsML end-of-message:</NewsML>
        default:\004
        Ths string is case-insensitive.

--------- Running redundant fipremote on two Fip systems
    check-primary-server: pseudo-host name that is specified in
tables/sys/DEST_REDUN
        that is used whether the current host should be getting the files or not.
        ie  check-primary-server:remotewire
        and in the DEST_REDUN is
            ; psuedohost    primary secondary
            remotewire  fip1    fip2
        Then if fip1 is up, the fipremote on fip1 will always get while on fip2 it
will just check/loop.
            if fip1 is down, the 'fipremote' on fip2 will start getting.

Input switches are (all optional) :
    -install : install the program      default: no
        (For WIN2K, this installs FipRemote as a Service)
    -I : WIN2K installation only - Disk Drive to use
            eg fipremote -install -Ie   default  default drive
    -D : display state for debugging    default: no logging
    -remove : remove the program        default: no
        (For WIN2K, this removes FipRemote as a Service)
    -S : Step through the files     default: no
        This prompts after each file has been received.
        Use this for debugging only!
    -T : write audits to log/remote_trace file  default: no
    -z : Name of Parameter file     default: REMOTE.FIP
    -W : do NOT run as a WIN2K Service  default: do for WIN2K
        Use this parameter if running from a Command Window
    -v : print version number and quit  default: no

------------------------------------------------------------
Installation
------------

0. First the disclaimer...
'fipremote' and any associated files are supplied at no charge with the previso
that they remain Copyright FingerPost and there is absolutely no
support/warranty/guarantee implied what so ever. The Source is not available
for general use but in every other case the Gnu GPL licence holds.

Having said that, all bugs/wishes may be emailed to FingerPost and will be
gratefully received.

1. Download the relevant files for your system from the Fip Web Site :
Note that some old versions of NetScape cannot download binary files.
Check this documentation at http://www.fingerpost.co.uk/progs/fipremote.html
for any site specific settings you might need.
    UNIX    i.  program
        ii. sample REMOTE.FIP parameter file
        iii. S99fipremote

    WIN2K   i.  program.exe
        ii. sample REMOTE.FIP parameter file
        iii. note that it is generally safe to map the '.fip'
            extension to be opened by 'NOTEPAD'
            (or 'WORDPAD' but watch out for file locking).

2. On your server, decide :
    UNIX -  which partition do you want the data files
        which logon do you want the files to have for permissions

    WIN2K - which drive to have the data files.

Note that 'fipremote' will make a top folder '/fip' on the drive you choose,
plus a couple of sub-folders. The total disk space used should be under 5 mb
even during running.

3. To install the program the first time.

If '/fip' or '/fip/bin/fipremote' does NOT exist
    UNIX    open a telnet/Xterm window
        cd (folder-you-have-downloaded-too)
        mv fipremote.(full-download-name) fipremote
        chmod 700 fipremote
        ./fipremote -install

    WIN2K   open a 'command' window
        cd (folder-you-have-downloaded-too)
        either      fipremote -install
        or      fipremote -install -Ix
                where x is a drive letter

The install process will automatically make folders :
    /fip
    /fip/bin        you need to copy the 'fipremote' program here.
    /fip/x          (temporary files folder)
    /fip/fix        (system files folder)
    /fip/log        A log file called ALL and REMOTE.STATUS.FIP
    /fip/tables/remote  please copy REMOTE.FIP in here.
    /fip/spool/xremote  default folder for data files.

In the current version you will need to manually copy -
    'fipremote' program to /fip/bin
    'REMOTE.FIP' parameter file to /fip/tables/remote

For WIN2K you can either
    run 'fipremote' as a service'
        - run 'fipremote -install' a second time to make sure you have everything
matched up.

or  run it manually on logon
        - in Explorer, make a ShortCut from /fip/bin/fipremote to 'Start Menu', if
required.

'fipremote' stops at the end of the install and does NOT go on-line.

***** do NOT start the WIN2K Service or start 'fipremote' manually ..
***** UNTIL you have checked the REMOTE.FIP file.

4. Modify the REMOTE.FIP parameter file.
    'fipremote' expects this file to be in /fip/tables/remote

    Please change those parameters as per the Suppliers email/fax.

    WIN2K - if using WORDPAD or someother Word Processor, please store the file as
        MSDOS text and NOT WORD or RTF or any other format.

    WIN2K - please make sure that the file does NOT have a '.txt' extention on.
        The filename MUST be 'REMOTE.FIP'

    UNIX - please make sure the file name is UPPERCASE.
        The filename MUST be 'REMOTE.FIP'

5. Do you have to do something to your FireWall ?

The System which starts the connection MUST be able to 'see' the other.

If the Supplier's system starts and your (the Client's) system is behind a
Firewall you MUST punch a hole through for TCP at the port number given to your
IPaddress.

If you (the Client) start, check you can get out of your own site first !

Or there is a hole already through for Browsers - like IExplorer and NetScape
(see below)

Often the bastard in charge of the Firewall has blocked all outgoing TCP ports
except for a couple of well-known types like HTTP.
    To check, use 'telnet' to manually connect to the remote systeM :
        telnet suppliers-ip-address supplier-portno
    eg  telnet www.fingerpost.co.uk 9012
    You should get the characters '#%#%#%#' back.

Stop the 'telnet' connection before you start 'fipremote' as ONLY one
connection is allowed at any one time.

If your only choice is using the Proxy Server for Browsers - like IExplorer and
NetScape.
    You can look in 'Preferences' or 'Options' on the browser menu.
    and plug in same values into the REMOTE.FIP file using the 'http-proxy-host
etc as described above.

6. Set the startup automatically
(Unix/Linux only)
    - The startup script is S99fipremote
    - copy this (as root) :     cp S99fipremote /etc/init.d/fipremote
    - then link it to the run level : ln -s /etc/init.d/fipremote
/etc/rc2.d/S99fipremote
        (note in some versions of Linux, the link should be in /etc/rc3.d not rc2.d)
(Win2K)
    - Go into ControlPanel->AdministrativeTasks->Services
    or  ControlPanel->Services       on older boxes
    - Open for 'FipRemote'
    - Set to run Automatically (and run if not already running)
    - Close and exit

7. Run it up !

The first time, for testing, you can run manually with the '-D' input switch to
display what state the connection is at any point.

8. Good Luck !

9. Status and Stats

Note that Current Status is held in /fip/log/REMOTE. The actual file contains a
number of lines, starting with a key.

The Keys are :
    DAY - Current day of the year
    TRYCON  - Logon attempts
    LOGON   - Logons
    FILE    - info about the number of files
    KALIVE  - keep alives
    ERROR   - last error message
The file is visable/readable by 'NOTEPAD' or 'more' (please do NOT use
'WORDPAD' or any other editor which may lock the file and prevent it being
updated).

The actual Fields are pipe delimited :
    (Key)
    time of last entry
    total
    total since last logon
    total since midnight
    others

Other Issues
------------

You may wish to trim/delete/process the Log file, /fip/log/ALL from
time-to-time!
This should be a nighlty/weekly/yearly maintenance task.
The file is an ordinary text file and can be copied, deleted, moved etc

The temporary system files area, /fip/x, should also be cleaned occasionally of
any old files.

Removing 'fipremote'
--------------------

If it is the only FIP program running, just kill the program and zap the /fip
folder. Take out any ShortCuts etc.

For WIN2K, you MUST restop and remove the Service first though :
    c>fipremote -remove

Release Notes for version 01c
-----------------------------

WIN2K - running 'fipremote' as a Service is now available.

It may be started by a specific logon by placing a ShortCut in the
'Winnt/Profiles/(Logon)/Start Menu'.

WIN2K -  able to specify drive. Pls run the Install from the drive you want it
to run AND use the '-I' switch (capital eye) to denote the actual drive letter.

-----------------------------

Version Control
;2e18   12dec07 mods for server version
    ;e2-4 redunBalanced ;7 for replysent bugette
    ;8-12 added add-fiphdr and extra-fiphdr and timings
    ;13-18 added remote_trace and -T ;16 add <LOG>
;001y2  22feb01 added no-logon-required
    ;a/b/c 20mar01 added http-proxy-logon
    ;d/e/f/g 22jun01 WIN2K Service and allow local ports
    ;h/j 17sep01 added TTY as a local port
    ;k/l 16nov01added logging
    ;m/n 25feb02 if WIN2K and TTY for local port, do NOT close.
    ;o 22may03 added primary/secondary
    ;p 26jul03 added logging with host and port
    ;q 20dec03 cleanup broadcast
    ;r-s 24feb04 added poll-remote-server
    ;t 01aug04 bugette in localSock
    ;u 15aug04 added decrypt-script and check-md5-signature
    ;v-y2 13jan05 better logging

(copyright) 2024 and previous years FingerPost Ltd.