HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

Filtering HOST names in VAX/VMS server

 
SOLVED
Go to solution
Sk Noorul Hassan
Regular Advisor

Filtering HOST names in VAX/VMS server

Hi,

There are 4 UNIX servers accessing data from my VAX servers running with vms 7.1 & UCX 4.2 . Is it possible to put a filtering mechanism in VMS server so that it will only serve the request which comes from the those defined UNIX servers. It should not entertain any other servers with different IP addresses.

Please suggest.
8 REPLIES
Volker Halle
Honored Contributor
Solution

Re: Filtering HOST names in VAX/VMS server

Hi,

you can define an Accept Host list for each TCPIP service:

$ UCX HELP SET SERVICE /ACCEPT

Volker.

Steven Schweda
Honored Contributor

Re: Filtering HOST names in VAX/VMS server

Accessing data how? DECnet? FTP? NFS? SMB? SSH?
Sk Noorul Hassan
Regular Advisor

Re: Filtering HOST names in VAX/VMS server

Thanks.
Some of the applications accessing my VAX server are taking data through a dedicated socket created by the application and some of the applications using FTP. As the number of host list to be allowed is long, is it possible to use /REJECT qualifier to deny request to host.
Dave Laurier
Frequent Advisor

Re: Filtering HOST names in VAX/VMS server

Sure you can use the /REJECT qualifier. But make sure that it fits your needs.

The HOST option in the /REJECT allows a maximum of 32 hosts and the NETWORKS option in the /REJECT allows a maximum of 16 networks.
Martin Vorlaender
Honored Contributor

Re: Filtering HOST names in VAX/VMS server

>>>
Some of the applications accessing my VAX server are taking data through a dedicated socket created by the application and some of the applications using FTP.
<<<

With UCX, you can only restrict access to known services ($ UCX SHOW SERVICE).

>>>
As the number of host list to be allowed is long, is it possible to use /REJECT qualifier to deny request to host.
<<<

Above you talked about 4 Unix machines. The /ACCEPT and /REJECT list take at most 16 entries (which can be hosts or networks).
If you use /ACCEPT, only those hosts/networks listed will be able to connect to the service.

cu,
Martin
Wim Van den Wyngaert
Honored Contributor

Re: Filtering HOST names in VAX/VMS server

You can also put security on all tcp traffic instead of on service level.

See ucx help set comm.

Wim
Wim
Sk Noorul Hassan
Regular Advisor

Re: Filtering HOST names in VAX/VMS server

Thanks for the information. How to see the list of host which I have defined in ucx using UCX set comm/reject or UCX set service/reject not to access my server.
Joseph Huber_1
Honored Contributor

Re: Filtering HOST names in VAX/VMS server


SHOW COMMUNICATION /SECURITY

http://www.mpp.mpg.de/~huber