DB2 and IPchains 
Author Message
 DB2 and IPchains
suppose the following scenario:

a DB2 server - intranet
a DB2 client - DMZ

web------firewall-------DMZ
            |
            |
            |
         intranet

how should I configure IPchains on firewall ?

thanks

Sent via Deja.com http://www.***.com/
Before you buy.



Sat, 07 Sep 2002 03:00:00 GMT
 DB2 and IPchains

Unfortunately, I can't give you a working example, but I give you the
background information you need to set it up yourself.

With DB2, all communication is initiated by the client (even when the
server flows information to the client, it's on a link that the client
established).  So, this means that you need to allow communication from
the DMZ to the intranet for the IP address of the server.  This, of
course, leaves a fairly big hole and you can tighten it:

1) The server uses two well-defined ports.  Look at the SVCENAME entry
in the database manager configuration.  This name can be looked up in
/etc/services to determine the base port that DB2 uses.  The other port
is one greater and is used for interrupt processing.  You only need to
allow TCP packets on these ports for DB2 to work.

An example: My server has its SVCENAME set to "xdoole".  In
/etc/services, xdoole is defined as 19140/tcp.  This means that a
firewall would only need to allow TCP packets on ports 19140 and 19141
through to my DB2 server.

2) If your client is at a fixed IP address in the DMZ, only allow
connections from that address to go through the firewall.

Hope this helps.
--
___________________________________________________________________________
    Doug Doole
    DB2 Universal Database Development
    IBM Toronto Labs



Sun, 08 Sep 2002 03:00:00 GMT
 
 [ 2 post ] 

 Relevant Pages 

1. Distributed DB2 - Oracle/Oracle - Oracle/DB2 - DB2/DB2

2. Differences between SQL on DB2-MVS and DB2-OS/2 or DB2-NT

3. DTS & DB2 ODBC Driver Using DB2 Connect

4. desire to move data from OS 390 DB2 to AS/400 DB2 using DTS

5. Sacramento, Calif - Database Specialist with SQL, DRDA, DB2 +DB2/2

6. Lead DB2 Systems Programmer/ IMS/DB2 Team/Full Time Position /USA

7. IBM's DB2 JDBC driver and DB2/MVS

8. Developing IBMVA JDBC with NT DB2 driver to run on OS390 DB2 driver

9. US-VA-SENIOR DB2 DBA, DB2 TO ORACLE9I CONV EXP

10. Cleveland: DB2 DBA/Systems Programmer with DB2 Connect

11. US-IL-Bloomington DBA, DB2 Datajoiner, DB2 EE, Oracle, Unix, NT (1123-OG1901)

12. IA-Cedar Rapids Area-271400--DBA Skills-ORACLE-DB2-DBA and Oracle or DBA and DB2


 
Powered by phpBB® Forum Software