Changes between Version 2 and Version 3 of sysadminiptables


Ignore:
Timestamp:
Jun 20, 2009, 12:07:41 PM (13 years ago)
Author:
risard
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • sysadminiptables

    v2 v3  
    44----
    55Overview[[BR]]
    6 How to set iptables in Debian[[BR]]
     6Working with iptables in Debian[[BR]]
    77Necessary Ports - Database Server[[BR]]
    88Necessary Ports - Open-ils Server[[BR]]
     
    1212== Overview ==
    1313
    14 Network security is an important aspect of any distributed database, particularly one in which patron data is kept.  Like any computer these days, Linux servers come with a configurable firewall referred to generically as iptables.  The following is a description of the ports that need to be opened via iptables for Evergreen to work.  Iptables is a very complicated topic that can take you into the depths of packet routing and    The assumption is a two server (database and oils) server configuration. 
     14Network security is an important aspect of any distributed database, particularly one in which patron data is kept.  Like any computer these days, Linux servers come with a configurable firewall referred to generically as iptables.  The following is a description of the ports that need to be opened via iptables for Evergreen to work.  Iptables is a very complicated topic that can take you into the depths of packet routing and network configuration.  What follows is a simple primer that will allow you to get work done on Evergreen.  For more information see References section.  The assumption here is a two server (database and oils) configuration. 
    1515
    1616'''NOTE:''' Our ISP keeps our production servers behind a substantial firewall and coordination with them is essential.  Any ports you open via iptables, '''also''' need to be opened in their firewall.  This is done by contacting support after you've configured iptalbes. 
    1717
    1818----
    19 == How to set iptables in Debian ==
     19== Working with iptables in Debian ==
     20=== Viewing the current configuration ===
     21{{{
     22    sudo iptables -L
     23}}}
     24or
     25{{{
     26    sudo iptables -L -n
     27}}}
    2028
    21 In Debian Lenny there are two ways to change iptables.  You can issue commands at the shell prompt using the iptables command.
    22 =
     29The latter command will generate exactly the same list as the former except the -n (numbers) switch renders the list of addresses in dot decimal form.  Without -n the entries in the list are shown as hostnames.  So with with iptables -L you see something like this:
     30{{{
     31    target     prot opt source                 destination
     32    ACCEPT     tcp  --  larry.isp.ca  currly.isp.ca dpt:ssh
     33    ACCEPT     tcp  --  moe.isp.ca  currly.isp.ca tcp dpt:ssh
     34    ACCEPT     tcp  --  larry.isp.ca currly.isp.ca tcp dpt:2301
     35    ACCEPT     tcp  --  moe.isp.ca  currly.isp.ca tcp dpt:2301
     36}}}
     37
     38The same output with the -n option:
     39{{{
     40    target     prot     source               destination
     41    ACCEPT     tcp  --  10.104.94.4         10.104.100.168     tcp dpt:22
     42    ACCEPT     tcp  --  10.104.94.8         10.104.100.168     tcp dpt:22
     43    ACCEPT     tcp  --  10.104.94.4         10.104.100.168     tcp dpt:2301
     44    ACCEPT     tcp  --  10.104.94.8         10.104.100.168     tcp dpt:2301
     45}}}
     46
     47'''NOTE:''' that the command requires the use of sudo to use.
     48
     49
     50
     51
     52
     53In Debian Lenny there are two ways to change iptables.  You can issue commands at the shell prompt using the iptables command.  When you do this, it's important to nt