[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Restrict access to a particular server.



Why not use hosts.allow/hosts.deny from xinetd? I allow port 22 access via iptables, but use xinetd to restrict access by host. The reason for this is there seems to be a lot of spoofing attempts

Rohit khaladkar wrote:
Great! This helps!! Thanks a lot!!
Rohit

On Mon, Oct 20, 2008 at 3:45 PM, Stephen Gilbert <linuxelf gmail com> wrote:

You can either set your default policy to drop

iptables -P INPUT DROP

This would drop all packets from all servers by default.  Then the

iptables -A INPUT -s machine_A -p tcp --dport 1521 -j ACCEPT

would accept only packets from machine_A into Oracle.

You may want to add a few more ports, such as 22 for ssh access.

Alternately, you could add

iptables -A INPUT -s machine_A -p tcp --dport 1521 -j ACCEPT
iptables -A INPUT -p tcp --dport 1521 -j DROP

Baseically, this says machine A can hit 1521, but anyone else that
tries, just drop the packet.

Rohit khaladkar wrote:
Thanks Geoff!! This would definitely help. So can there cannot be a
master
rule on the  which would prevent all ip adresses except one.(machine A)?
Thanks!
Rohit

On Mon, Oct 20, 2008 at 2:07 PM, Geofrey Rainey
<Geofrey Rainey tvnz co nz>wrote:


You want something like this:

Iptables -A INPUT -s machine_A -p tcp --dport 1521 -j ACCEPT

This rule means allow access to port 1521 from IP machine_A.
Of course this rule alone will not prevent all-and-sundry from
Connecting to the server on any port, so you'll need to add
Many more rules to secure your server.

Regards,
Geoff.

-----Original Message-----
From: redhat-list-bounces redhat com
[mailto:redhat-list-bounces redhat com] On Behalf Of Rohit khaladkar
Sent: Monday, 20 October 2008 8:10 p.m.
To: General Red Hat Linux discussion list
Subject: Restrict access to a particular server.

Hi All,I have two machines with Red Hat linux 5.2 installed of which one
is a database server running Oracle 10.0.4 on it. I need a iptable rule
which would make sure that only the other machine would have access to
it.

For eg : If I have two macihnes, machine A and machine B, of which
machine B is a database server, can I setup a iptable rule on machine B
, which would allow access to the database only by machine A.

Please help.

Thanks!
Rohit Khaladkar
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
==========================================================
For more information on the Television New Zealand Group, visit us
online at tvnz.co.nz
==========================================================
CAUTION:  This e-mail and any attachment(s) contain information that
is intended to be read only by the named recipient(s).  This information
is not to be used or stored by any other person and/or organisation.


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]