| Subject | Re: [firebird-support] Encrypting network traffic to multiple servers |
|---|---|
| Author | Steve Wiser |
| Post date | 2006-04-21T12:23:01Z |
Yes that works, however we have to connect to 10 different database
servers so I need to create 10 different ports for forwarding. Not a
big hassle, however I was wondering if anyone knew of a different way to
do it.
I think for now we are going to try the OpenVPN solution to encrypt all
traffic to particular ip addresses.
-steve
Nigel Weeks wrote:
servers so I need to create 10 different ports for forwarding. Not a
big hassle, however I was wondering if anyone knew of a different way to
do it.
I think for now we are going to try the OpenVPN solution to encrypt all
traffic to particular ip addresses.
-steve
Nigel Weeks wrote:
>> The problem is that we want the data to be encrypted across all
>> networks, so a gateway with even a single cross-over cable
>> connecting it
>> to the database server network is not acceptable. We are
>> looking into
>> using OpenVPN on each of the databases servers now.
>>
>
>
> Is using SSH too much of a hassle? I know someone suggested it, but I didn't
> see any pros/cons with your setup?
>
> The way I'd do it is as follows:
> On each DB server (assuming it's a unix/linux box):
> Lock down port 3050 (in firewalling) so it isn't listening on the
> ethernet interface - only localhost.
> Make sure SSHD is listening on the ethernet interface, ready for
> connections
>
> On each webserver (Can be Windows/Linux/BSD/OSX):
> Launch an SSH connection to the DB server, forwarding port 3050 to the
> remote machine:
> `ssh user@dbserver -L3050:localhost:3050 -C -cblowfish`
> (Blowfish is the fastest cipher you can get for SSH.
> Also, no '-g' is supplied - we dont want others using the tunnel)
>
> Configure your web server application to connect to it's end of the
> tunnel:
> (Assuming you don't already have firebird listening on this port)
> $conn =
> ibase_connect("localhost:/path/to/database.fdb","sysdba","masterkey");
>
> Done. Easy. Secure, compressed links across any network, and it didn't cost
> you a thing.
>
> N.
>
>
>
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Visit http://firebird.sourceforge.net and click the Resources item
> on the main (top) menu. Try Knowledgebase and FAQ links !
>
> Also search the knowledgebases at http://www.ibphoenix.com
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Yahoo! Groups Links
>
>
>
>
>
>
>
>
>
>