Mikhail wrote:
Hello,
I have a small network of Windows boxes behind Linux firewall/router. I run
Debian Sarge 3.1 without X there. I have a server on the LAN that serves
clients from the Internet over RMI connection on the certain port. RMI is
basically connection-oriented TCP/IP protocol. I do DNAT for such requests
to that local server. All is working fine so far.
Problem: those clients from the Internet need direct access to the MS SQL
server over TCP/IP on the different port. I want to open and DNAT MS SQL
port dynamically - if client already has ESTABLISHED connection over RMI
port I want allow access to MS SQL port, otherwise I'd like to drop the
request. If the client got disconnected over RMI then it is OK to reject
direct requests from him to MS SQL thereafter. How can this be accomplished
with iptables?
I think that there is no iptables solution...
I would create an IPSec/VPN tunnel... If the user connects then you can
enable all required connections (MSQQL, etc.)
In the other hand if you even find any solution I think you can not
protect your data...
IF the user has ESTABLISHED connection WITH RMI then he also CAN access
the SQL server even with OTHER programs than the RMI !!!
P.S.: As I know RMI is like RPC under Java ....
