Changes between Version 2 and Version 3 of sysadminiptables
- Timestamp:
- Jun 20, 2009, 12:07:41 PM (14 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
sysadminiptables
v2 v3 4 4 ---- 5 5 Overview[[BR]] 6 How to setiptables in Debian[[BR]]6 Working with iptables in Debian[[BR]] 7 7 Necessary Ports - Database Server[[BR]] 8 8 Necessary Ports - Open-ils Server[[BR]] … … 12 12 == Overview == 13 13 14 Network security is an important aspect of any distributed database, particularly one in which patron data is kept. Like any computer these days, Linux servers come with a configurable firewall referred to generically as iptables. The following is a description of the ports that need to be opened via iptables for Evergreen to work. Iptables is a very complicated topic that can take you into the depths of packet routing and The assumption is a two server (database and oils) serverconfiguration.14 Network security is an important aspect of any distributed database, particularly one in which patron data is kept. Like any computer these days, Linux servers come with a configurable firewall referred to generically as iptables. The following is a description of the ports that need to be opened via iptables for Evergreen to work. Iptables is a very complicated topic that can take you into the depths of packet routing and network configuration. What follows is a simple primer that will allow you to get work done on Evergreen. For more information see References section. The assumption here is a two server (database and oils) configuration. 15 15 16 16 '''NOTE:''' Our ISP keeps our production servers behind a substantial firewall and coordination with them is essential. Any ports you open via iptables, '''also''' need to be opened in their firewall. This is done by contacting support after you've configured iptalbes. 17 17 18 18 ---- 19 == How to set iptables in Debian == 19 == Working with iptables in Debian == 20 === Viewing the current configuration === 21 {{{ 22 sudo iptables -L 23 }}} 24 or 25 {{{ 26 sudo iptables -L -n 27 }}} 20 28 21 In Debian Lenny there are two ways to change iptables. You can issue commands at the shell prompt using the iptables command. 22 = 29 The latter command will generate exactly the same list as the former except the -n (numbers) switch renders the list of addresses in dot decimal form. Without -n the entries in the list are shown as hostnames. So with with iptables -L you see something like this: 30 {{{ 31 target prot opt source destination 32 ACCEPT tcp -- larry.isp.ca currly.isp.ca dpt:ssh 33 ACCEPT tcp -- moe.isp.ca currly.isp.ca tcp dpt:ssh 34 ACCEPT tcp -- larry.isp.ca currly.isp.ca tcp dpt:2301 35 ACCEPT tcp -- moe.isp.ca currly.isp.ca tcp dpt:2301 36 }}} 37 38 The same output with the -n option: 39 {{{ 40 target prot source destination 41 ACCEPT tcp -- 10.104.94.4 10.104.100.168 tcp dpt:22 42 ACCEPT tcp -- 10.104.94.8 10.104.100.168 tcp dpt:22 43 ACCEPT tcp -- 10.104.94.4 10.104.100.168 tcp dpt:2301 44 ACCEPT tcp -- 10.104.94.8 10.104.100.168 tcp dpt:2301 45 }}} 46 47 '''NOTE:''' that the command requires the use of sudo to use. 48 49 50 51 52 53 In Debian Lenny there are two ways to change iptables. You can issue commands at the shell prompt using the iptables command. When you do this, it's important to nt