[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Restrict access to a particular server.



Ah, didn't read the first part of the email.  My bad.

Marti, Rob wrote:
Not sure Oracle allows tcpwrappers...

Rob Marti

I'd do -A INPUT -s !machine_A -p tcp --dport 1521 -j DROP
If you're only ever going to give one box access to the database.

-----Original Message-----
From: redhat-list-bounces redhat com [mailto:redhat-list-bounces redhat com] On Behalf Of Ryan Golhar
Sent: Monday, October 20, 2008 8:58 AM
To: General Red Hat Linux discussion list
Subject: Re: Restrict access to a particular server.

Why not use hosts.allow/hosts.deny from xinetd?   I allow port 22 access
via iptables, but use xinetd to restrict access by host.  The reason for this is there seems to be a lot of spoofing attempts

Rohit khaladkar wrote:
Great! This helps!! Thanks a lot!!
Rohit

On Mon, Oct 20, 2008 at 3:45 PM, Stephen Gilbert <linuxelf gmail com> wrote:

You can either set your default policy to drop

iptables -P INPUT DROP

This would drop all packets from all servers by default.  Then the

iptables -A INPUT -s machine_A -p tcp --dport 1521 -j ACCEPT

would accept only packets from machine_A into Oracle.

You may want to add a few more ports, such as 22 for ssh access.

Alternately, you could add

iptables -A INPUT -s machine_A -p tcp --dport 1521 -j ACCEPT iptables
-A INPUT -p tcp --dport 1521 -j DROP

Baseically, this says machine A can hit 1521, but anyone else that
tries, just drop the packet.

Rohit khaladkar wrote:
Thanks Geoff!! This would definitely help. So can there cannot be a
master
rule on the  which would prevent all ip adresses except one.(machine A)?
Thanks!
Rohit

On Mon, Oct 20, 2008 at 2:07 PM, Geofrey Rainey
<Geofrey Rainey tvnz co nz>wrote:


You want something like this:

Iptables -A INPUT -s machine_A -p tcp --dport 1521 -j ACCEPT

This rule means allow access to port 1521 from IP machine_A.
Of course this rule alone will not prevent all-and-sundry from
Connecting to the server on any port, so you'll need to add Many
more rules to secure your server.

Regards,
Geoff.

-----Original Message-----
From: redhat-list-bounces redhat com
[mailto:redhat-list-bounces redhat com] On Behalf Of Rohit
khaladkar
Sent: Monday, 20 October 2008 8:10 p.m.
To: General Red Hat Linux discussion list
Subject: Restrict access to a particular server.

Hi All,I have two machines with Red Hat linux 5.2 installed of
which one is a database server running Oracle 10.0.4 on it. I need
a iptable rule which would make sure that only the other machine
would have access to it.

For eg : If I have two macihnes, machine A and machine B, of which
machine B is a database server, can I setup a iptable rule on
machine B , which would allow access to the database only by machine A.

Please help.

Thanks!
Rohit Khaladkar
--
redhat-list mailing list
unsubscribe
mailto:redhat-list-request redhat com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
==========================================================
For more information on the Television New Zealand Group, visit us
online at tvnz.co.nz
==========================================================
CAUTION:  This e-mail and any attachment(s) contain information
that is intended to be read only by the named recipient(s).  This
information is not to be used or stored by any other person and/or organisation.


--
redhat-list mailing list
unsubscribe
mailto:redhat-list-request redhat com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]