Thanks all. Richards iptables suggestion did the trick (with the IP changed to the IP of the server).
It was TCP. It was done in order to lock out the WAS admin console and instead force that to go through an https server on the same instance that would authenticate the user via what we call ChannelSecure (Siteminder to Active Directory piece of sw) Marcy Cortes This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." -----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of David Boyes Sent: Wednesday, August 02, 2006 17:55 To: [email protected] Subject: Re: [LINUX-390] Ports > > Yes. Install tcpwrappers and configure them to allow only access from > > local addresses. You can also do this with iptables, but tcpwrappers is > > probably less invasive. > You and Richard both assume TCP. I don't know what Marcy's talking > about, but it could be UDP. Possible, but unlikely. Most COTS programmers that will work for banks these days can't/won't write good datagram-based apps if TCP will do their thinking for them. 8-) > You further assume tcpwrappers is a solution, and it might be, but > without knowing that software Marcy's talking about, you don't know that. So we now have several possible choices. Always a good thing, right? > _I_ would use iptables, much as Richard says. The vendor-supplied > firewalls I've seen are rather simplistic (but adequate to solve Marcy's > stated problem) As I said, iptables would work as well. It's also a bit more complex to configure, and mistakes have larger impacts than you can cause with tcpwrappers. Right tool, right job. > but for more serious use I use & recommend shorewall. Nice tool. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
