set linux box that only computer in the club can get the data

I have mysql database and some file in folde /home/image that I want only computer of my staff can go to up date data, I have one computer that is a server install linux fedola 3 and 10 computer of mystaff  that i want 10 computer to update my sql data base and file in folder /home/image please suggest me the methodthat  only 10 computer of my staff can update data form the server the 10 computer will update automaticly every day with difference time
teeraAsked:
Who is Participating?
 
ppfoongConnect With a Mentor Commented:

For MySQL, you need to enable tcpip socket, as well as grant user access to the IP addresses of the 10 computers.

The MySQL command is:

GRANT ALL PRIVILEGES ON *.* TO 'root'@'ip.address.of.remote.host' IDENTIFIED BY 'thepassword';
 

For the server, it would be straightforward if you have shorewall and iptables installed.

Just edit the /etc/shorewall/rules file, add in:

ACCEPT  net:ip.address.of.remote.host1       fw             all
ACCEPT  net:ip.address.of.remote.host2       fw             all
ACCEPT  net:ip.address.of.remote.host3       fw             all

and restart the shorewall service.

All other IP addresses will be denied.
0
 
teeraAuthor Commented:
Hi ppfoong
the problem is I use adsl for client
0
 
Kerem ERSOYConnect With a Mentor PresidentCommented:
In fact you have supplied very less information.

Is your MySQL server open to internet via an ADSL line ?
What OS your 10 clients use ?
Do they have fixed IP addresses ?

In fact I will suggest you to use SSH on theclients. and do a port redirection on Shorewall Firewall to allow SSH connections
and You must do a port forwarding on SSH client side. This way you can both:
- be sure that only previously authorized users (by SSH) be able to access MySQL athus this will be preventing you from attacks to your MySQL port (3306)
- SSH suppors decre file transfers so you can automate transfers on a certain time.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
John KawakamiCommented:
If possible, tunnel your traffic through OpenVPN.  That will give you a stable IP address on a fake subnetwork.  You can then open a port from a single machine in your office that tunnels all mysql traffic to the server.
0
 
ppfoongConnect With a Mentor Commented:

jk2001 is right. OpenVPN will be a solution if your users are from remote network with dynamic IP address. With OpenVPN, you establish secured VPN tunnel to your HQ, and have the option to assigned specific local VPN IP address to the client.

There is a simple GUI OpenVPN configuration interface for Windows too.

http://www.itsatechworld.com/2006/01/29/how-to-configure-openvpn/


0
 
Kerem ERSOYPresidentCommented:
It is OK to use OpenVPN but here the user will only need to uredirect a single port and it is obvious that setting-up OpenVPN much more harder than installing PuTTY on clients. Besides SSH server is already installed in all inux Distributions. With SSH they will have a fixed address to connect too.

So I still think that using SSH port redirection is simpler to implement yet as secure as the OpenVPN solution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.