• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 221
  • Last Modified:

set linux box that only computer in the club can get the data

I have mysql database and some file in folde /home/image that I want only computer of my staff can go to up date data, I have one computer that is a server install linux fedola 3 and 10 computer of mystaff  that i want 10 computer to update my sql data base and file in folder /home/image please suggest me the methodthat  only 10 computer of my staff can update data form the server the 10 computer will update automaticly every day with difference time
0
teera
Asked:
teera
3 Solutions
 
ppfoongCommented:

For MySQL, you need to enable tcpip socket, as well as grant user access to the IP addresses of the 10 computers.

The MySQL command is:

GRANT ALL PRIVILEGES ON *.* TO 'root'@'ip.address.of.remote.host' IDENTIFIED BY 'thepassword';
 

For the server, it would be straightforward if you have shorewall and iptables installed.

Just edit the /etc/shorewall/rules file, add in:

ACCEPT  net:ip.address.of.remote.host1       fw             all
ACCEPT  net:ip.address.of.remote.host2       fw             all
ACCEPT  net:ip.address.of.remote.host3       fw             all

and restart the shorewall service.

All other IP addresses will be denied.
0
 
teeraAuthor Commented:
Hi ppfoong
the problem is I use adsl for client
0
 
Kerem ERSOYPresidentCommented:
In fact you have supplied very less information.

Is your MySQL server open to internet via an ADSL line ?
What OS your 10 clients use ?
Do they have fixed IP addresses ?

In fact I will suggest you to use SSH on theclients. and do a port redirection on Shorewall Firewall to allow SSH connections
and You must do a port forwarding on SSH client side. This way you can both:
- be sure that only previously authorized users (by SSH) be able to access MySQL athus this will be preventing you from attacks to your MySQL port (3306)
- SSH suppors decre file transfers so you can automate transfers on a certain time.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
John KawakamiCommented:
If possible, tunnel your traffic through OpenVPN.  That will give you a stable IP address on a fake subnetwork.  You can then open a port from a single machine in your office that tunnels all mysql traffic to the server.
0
 
ppfoongCommented:

jk2001 is right. OpenVPN will be a solution if your users are from remote network with dynamic IP address. With OpenVPN, you establish secured VPN tunnel to your HQ, and have the option to assigned specific local VPN IP address to the client.

There is a simple GUI OpenVPN configuration interface for Windows too.

http://www.itsatechworld.com/2006/01/29/how-to-configure-openvpn/


0
 
Kerem ERSOYPresidentCommented:
It is OK to use OpenVPN but here the user will only need to uredirect a single port and it is obvious that setting-up OpenVPN much more harder than installing PuTTY on clients. Besides SSH server is already installed in all inux Distributions. With SSH they will have a fixed address to connect too.

So I still think that using SSH port redirection is simpler to implement yet as secure as the OpenVPN solution.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now