if ipmi is unfirewalled, any user who can jack into an open port can just
use ipmi. that's not good. you should segregate ipmi to a dedicated vlan
at the switch if possible. iptables rules are probably not the best way to
go about securing this situation.
On Thu, Jan 20, 2011 at 8:56 AM, Tom Eastep <teas...@shorewall.net> wrote:
> On 1/20/11 8:41 AM, Carl Cook wrote:
> > I have an admin machine, and a backup server which does backups. The
> > backup server has IPMI so I can do lights-out admin, and I want to
> > allow this from the admin machine only. IPMI is completely
> > unfirewalled, and so it must have a different class C than working
> > networks.... this is just how it is.
> >
> > I've set the IPMI IP on the backup server to 192.168.10.4, and
> > created a virtual interface (eth0:1) on the admin machine with IP
> > 192.168.10.1. But after following the Multiple Zones Through One
> > Interface instructions (http://www.shorewall.net/Multiple_Zones.html)
> > Shorewall simply blocks all traffic.
> >
> > What could be wrong/ is there another way that actually works?
>
> Very hard to guess without knowing exactly what you did. Please provide
> the output of 'shorewall dump' collected as described at
> http://www.shorewall.net/support.htm#Guidelines.
>
> Thanks,
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
> ------------------------------------------------------------------------------
> Protect Your Site and Customers from Malware Attacks
> Learn about various malware tactics and how to avoid them. Understand
> malware threats, the impact they can have on your business, and how you
> can protect your company and customers by using code signing.
> http://p.sf.net/sfu/oracle-sfdevnl
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
