HPE Community
Operating System - OpenVMS
1752392 Members
5938 Online
108788 Solutions
New Discussion юеВ

Re: Blocking specific IP's

 
SOLVED
Go to solution
robert70
Valued Contributor

тАО11-12-2008 03:08 AM

тАО11-12-2008 03:08 AM

Blocking specific IP's

Hi, We are trying to setup a block to a specific workstation in our office. blocking everything eg FTP, TELNET, SQLPLUS
what is the TCPIP commands to enable this?
many thanks
0 Kudos
Reply
9 REPLIES 9
Volker Halle
Honored Contributor

тАО11-12-2008 03:45 AM

тАО11-12-2008 03:45 AM

Re: Blocking specific IP's

Robert,

which TCPIP stack are you using ?

For HP TCP/IP, you can reject connections from specific host at the TCPIP service level, e.g.

TCPIP> set service ftp/reject=(specific-host-ip)

Volker.
0 Kudos
Reply
marsh_1
Honored Contributor

тАО11-12-2008 03:46 AM

тАО11-12-2008 03:46 AM

Re: Blocking specific IP's

robert,

try this :-
$ tcpip
tcpip> disable serv ftp
tcpip> set serv ftp/reject=hosts=(nnn.nnn.nnn.nnn)
tcpip> enable serv ftp

do for each service required

good luck

0 Kudos
Reply
Volker Halle
Honored Contributor

тАО11-12-2008 03:48 AM

тАО11-12-2008 03:48 AM

Re: Blocking specific IP's

Robert,

sorry, Mark's example is correct, mine isn't. You need to specify /REJECT=HOST=xxx

Volker.
0 Kudos
Reply
Thomas Ritter
Respected Contributor

тАО11-12-2008 04:06 AM

тАО11-12-2008 04:06 AM

Re: Blocking specific IP's

Does the workstation have a fixed IP ? Most use DHCP.
0 Kudos
Reply
robert70
Valued Contributor

тАО11-12-2008 04:24 AM

тАО11-12-2008 04:24 AM

Re: Blocking specific IP's

the station will have a fixed Ip i think
also any thing else required for specific Oracle9 connections using sqlplus strings at the dollar promt on the pc?
0 Kudos
Reply
Wim Van den Wyngaert
Honored Contributor

тАО11-12-2008 04:57 AM

тАО11-12-2008 04:57 AM

Re: Blocking specific IP's

I assume that all communications must be disabled.

Then use set [conf] comm/reject=host=
(with conf after set when perm db must be modified).

Wim
Wim
0 Kudos
Reply
Hoff
Honored Contributor

тАО11-12-2008 04:59 AM

тАО11-12-2008 04:59 AM

Re: Blocking specific IP's

OpenVMS doesn't include a firewall, though the roadmap indicates that is planned.

You can hack around that with various commands and such (and for specific IP hosts), but for lower-level IP traffic a decent consumer or "pro-sumer" grade firewall (or M0n0wall or Smoothwall) will likely work just fine for this task.

As for what ports Oracle uses, check the Oracle documentation. That stuff can vary, though most any vendor that needs IP ports will document that. (Google with the site keyword (eg: site:oracle.com) can be very handy for finding this detail.)

The other approach here is to use a VLAN construct. Most mid-grade managed network switches can provide this capability, and this is ideal for isolating network traffic. (Which reminds me: various managed network switches can also provide firewall capabilities.)

Here's a more general write-up on using a firewall with OpenVMS, and why I recommend it to my customers:

http://64.223.189.234/node/621


Stephen Hoffman
HoffmanLabs LLC
0 Kudos
Reply
Wim Van den Wyngaert
Honored Contributor

тАО11-13-2008 03:02 AM

тАО11-13-2008 03:02 AM

Solution

Re: Blocking specific IP's

The solution I posted blocks all traffic, also Oracle.

Wim
Wim
Reply
robert70
Valued Contributor

тАО11-13-2008 07:36 AM

тАО11-13-2008 07:36 AM

Re: Blocking specific IP's

thanks all
all working well now
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.