LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
Reload this Page iptables rules with a VIP
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices


Reply
  Search this Thread
Old 07-20-2015, 05:32 AM   #1
suran
LQ Newbie
 
Registered: Jan 2009
Posts: 14

Rep: Reputation: 0
iptables rules with a VIP

I am looking at how I can implement an iptables rule to tackle the following

App ServerX --> VIP --> database

the VIP is a loadbalancer that round robins to 3 servers that have the database.

I want only AppServerX to be able to access the database.

I've added firewall rules iptables to all 3 servers running the database, to only allow traffic from server.

this works when the VIP is turned off. As soon as the VIP is enabled, any host is able to access the database.

How can I restrict this so that only App ServerX has access to the database. removing the VIP is not an option
 
Old 07-20-2015, 12:37 PM   #2
lazydog
Senior Member
Contributing Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
What do your rules look like now?
 
Old 07-20-2015, 08:44 PM   #3
suran
LQ Newbie
 
Registered: Jan 2009
Posts: 14

Original Poster
Rep: Reputation: 0
well its currently empty. But here's one version we tried

target prot opt source destination
DROP tcp -- !abc.xx.xx.net anywhere tcp dpt:irtrans
DROP tcp -- !abc.xx.xx.net anywhere tcp dpt:21050


so we only want server abc to be able to access port 21050 and 21000 (irtrans)

however the 3 servers are round-robin to a vip. Soon as this is turned on . the rules are ignored and anyone can connect.
 
Old 07-21-2015, 12:09 PM   #4
lazydog
Senior Member
Contributing Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
What version of RH/Centos is this?
Using firewalld not iptables?
 
  


Reply

Tags
firewall, iptables, linux, redhat, security



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How can I tell if these iptables rules already exist? iptables -P INPUT ACCEPT iptabl abefroman Linux - Security 1 10-21-2013 03:00 PM
[SOLVED] during system startup, iptables rules not loaded from /etc/sysconfig/iptables danyim Linux - Security 3 04-13-2013 02:09 AM
shorewwall forwad public vip to private vip on same box shorif2000 Linux - Networking 0 06-08-2011 07:51 AM
Keepalived redirect public vip to private vip shorif2000 Linux - Networking 1 06-07-2011 10:33 AM
iptables 1.27a still loading rules after installing iptables 1.3.0 yawe_frek Linux - Software 1 06-07-2007 09:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat

All times are GMT -5. The time now is 07:32 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration