Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IP filtering firewall ?

Status
Not open for further replies.
DavidRock

DavidRock

Programmer
Jul 24, 2002
61
US
We are setting up a server in-house to host a MySQL db that will be accessed from our website which is hosted by an ISP. We have been told that it's a good idea to protect our MySQL server with a firewall that will only allow requests to or from the IP address of our website. Do all firewalls have this capability or is there something specific we need to be looking for?

Thanks,
David Rock
 
Sort by date Sort by votes
To my knowledge, yes firewalls do have this capability. Using a standard Linux firewall, you can restrict access to certain hostnames and IP addresses. For Windows systems, there are many firewalls out there that can also do this. The important thing is configuring the firewall and defining a rule set that will only allow inbound packets from certain IPs and ports. This is the very basic function of firewalls. Hope that answers your question.
 
Upvote 0 Downvote

That is exactly what firewalls do (restrict ports and computers).
You need a firewall between the internet and your business. It would be set up to listen on a certain port and if it is from your webserver forward it to your database. Or if you have several internet IP addresses the firewall system looks for requests to that IP and if the port and requesting system is right forward it through.

You really want a profesional to create a firewall. Databases need to be well protected. This system should NOT be directly connected to the internet. If it is put a good firewall on it.
 
Upvote 0 Downvote
First two posts nailed it. Here's my take on how things should be set up:

The only machine that should ever touch the internet is the firewall. That firewall filters access to your webserver, and only allows access to it on port 80. That way your webserver is secure from attacks. Another firewall needs to be set up in between your webserver and your database server. This should only allows access to and from the two servers on a certain port.
All secure right? Well, not really. Internet access is still allowed to the webserver over port 80. There are plenty of exploits out there that can attack webservers directly over this, and the firewall (most firewalls) can't do a thing about it. Now if your webserver is compromised...theres a chance that the attacker could subsequently gain access to your database server.
So make sure your webserver is up to date on patches and everything, and make sure your firewall is configured properly.
________________________________________
Check out
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
716
Sameer258
Sameer258
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
546
XLNTech1
XLNTech1
gkreg
  • Locked
  • Question
asa 5500-x url filtering
Replies
0
Views
460
gkreg
gkreg
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
609
Johnkite
Johnkite
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
201
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top