Allow only certain ip addresses

Allow only certain ip addresses

[Jonathan Villa]

I have a machine running mysql only.

I want to allow connections on ports 3306, 22, and 80 for a group of ip
address.

Some will be from the block, others are dispersed.

Will I know how to allow block of ips, and how to allow a single ip, how
would I combine the 2?

My assumption is this

1. create an array of the single ip addresses.
2. loop throught the array printing an iptables command which will allow
access on those ports to the loop index.
3. hardcode the ip block xx.xxx.xx.0/24

Am I correct so far?

Re: Allow only certain ip addresses

[Antony Stone]

On Thursday 10 June 2004 6:39 pm, Jonathan Villa wrote:

> I want to allow connections on ports 3306, 22, and 80 for a group of ip
> address.
>
> Some will be from the block, others are dispersed.
>
> My assumption is this
>
> 1. create an array of the single ip addresses.
> 2. loop throught the array printing an iptables command which will allow
> access on those ports to the loop index.
> 3. hardcode the ip block xx.xxx.xx.0/24

Looks like a good solution to me.

Antony.

-- 
90% of networking problems are routing problems.
9 of the remaining 10% are routing problems in the other direction.
The remaining 1% might be something else, but check the routing anyway.

                                                     Please reply to the list;
                                                           please don't CC me.

Re: Allow only certain ip addresses

[John A. Sullivan III]

On Thu, 2004-06-10 at 13:39, Jonathan Villa wrote:
> I have a machine running mysql only.
> 
> I want to allow connections on ports 3306, 22, and 80 for a group of ip
> address.
> 
> Some will be from the block, others are dispersed.
> 
> Will I know how to allow block of ips, and how to allow a single ip, how
> would I combine the 2?
> 
> My assumption is this
> 
> 1. create an array of the single ip addresses.
> 2. loop throught the array printing an iptables command which will allow
> access on those ports to the loop index.
> 3. hardcode the ip block xx.xxx.xx.0/24
> 
> Am I correct so far?
You may find the iprange patch from patch-o-matic helpful if you have
contiguous addresses that do not break evenly into a subnet.  If you do
not want to patch, SubnetCreator (http://subnetcreator.sourceforge.net)
will turn the contiguous range into a group of subnets.
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net 

Re: Allow only certain ip addresses

[ads nat]

Since you have mysql on the machine.
Create a mysql table containing fields 1) Name of
user, 2) Ip address, 3) Port no. on which he is
allowed and 4)yes/ne key.
Write a php (Or any) script which will generate
required iptables rule and will insert same in
iptables. 
Write another php(or any) Form with which you can
motitor group or single as required.

Hope I have understood your problem properly.
Thanks


--- Jonathan Villa <jvilla@e37.net> wrote:
> I have a machine running mysql only.
> 
> I want to allow connections on ports 3306, 22, and
> 80 for a group of ip
> address.
> 
> Some will be from the block, others are dispersed.
> 
> Will I know how to allow block of ips, and how to
> allow a single ip, how
> would I combine the 2?
> 
> My assumption is this
> 
> 1. create an array of the single ip addresses.
> 2. loop throught the array printing an iptables
> command which will allow
> access on those ports to the loop index.
> 3. hardcode the ip block xx.xxx.xx.0/24
> 
> Am I correct so far?
> 
> 



	
		
__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/