[ mojeKorIme @ 24.10.2005. 13:09 ] @
|
| na forumu http://www.elitesecurity.org/tema/141397/0#926065 sam zapeo kod povezivanja baze podataka.
Ovako, zanima me sta je potrebno uciniti, tj. koji su preduslovi da se client spoji na serversku bazu podataka ako koristim iznajmljenu liniju i imam staticki IP. Dakle kada postavim da je baza na statickoj IP adresi na koju lokalnu adresu trebam postaviti server baze podataka da mi to sve radi..
p.s. Router je CISCO 805 serial
hvala na pomoci
[Ovu poruku je menjao mojeKorIme dana 24.10.2005. u 14:15 GMT+1]
[mod trooper: promenjen naslov teme]
[Ovu poruku je menjao trooper dana 24.10.2005. u 14:30 GMT+1] |
[ Milos Stojanovic @ 24.10.2005. 13:29 ] @
Ne razumem? DB Server je na javnoj IP adresi? Pa zar onda nije dovoljno da se klijent povežena tu adresu? Kakva je tačno organizacija mreže?
[ mojeKorIme @ 24.10.2005. 13:37 ] @
Ovako, potrebno je da se serverska baza nalazi na mrezi na kojoj imam nekoliko racunara koji preko routera idu na net.. sad trebam konfigurisati router da mogu pristupiti tom DB serveru s neke udaljene lokacije ..takodje preko interneta
[Ovu poruku je menjao mojeKorIme dana 24.10.2005. u 14:40 GMT+1]
[ Milan Andjelkovic @ 24.10.2005. 14:27 ] @
Ne znam da li sam dobro razumeo, ali ako jesam onda samo treba da na ruteru namestiš odgovarajući port forwarding na ruteru.
Znači, klijent pokušava da uspostavi konekciju na određenom portu sa serverom koji se, što se njega tiče, nalazi na toj javnoj statičkoj IP adresi. Dalje, pošto ruter zna da se db server u stvari nalazi na nekom računaru u lokalnoj mreži, on prosledjuje zahtev na odgovarajuću adresu (i isti port) u privatnoj mreži.
[ mojeKorIme @ 24.10.2005. 14:34 ] @
a kako to uraditi?
ovako se povezej ma bazu na lokalnoj mrezi
Code:
192.168.20.100:C:\program files\borland\interbase\examples\Database\EMPLOYEE.GDB
sad trebam namjestiti da se povezujem preko staticke ip adrese 195.222.33.* na gore navedenu bazu koja je zajedno na lokalnoj mrezi kao i router..
molim Vas da mi posaljete i primjer za router CISCO 805
[ Milos Stojanovic @ 24.10.2005. 14:42 ] @
Pa, ako razumem ovo tvoje, staviš
Code:
10.20.30.40:C:\program files\borland\interbase\examples\Database\EMPLOYEE.GDB
gde je 10.20.30.40 javna ip adresa routera, a na routeru namestiš port forwarding (iliti DNAT, zavisi kako ko to zove) za port na kome je DB server.
[ mojeKorIme @ 25.10.2005. 06:05 ] @
nisam bas neki expert sa konfigurisanjem routera.. prosli put kad sam pokusao postaviti ip nat static.... nije mi islo tj. komp. mi je odbijao vezu.. a i kada udjem na router pa se s njega pokusam nakaciti na komp sa telnetom odbijao mi je vezu..mogao sam se nakaciti samo na mrezni stampac.
poz
[ Marcony @ 25.10.2005. 06:37 ] @
Za pocetak:
http://www.cisco.com/warp/public/556/12.html
pa onda...
PAT na Cisco-u:
Router(config)# ip nat inside source static tcp ip_adresa_servera port_servera javna_ip_adresa port_servera
npr.
Router(config)# ip nat inside source static tcp 192.168.20.100 80 195.222.33.* 80
[Ovu poruku je menjao Marcony dana 25.10.2005. u 07:39 GMT+1][ mojeKorIme @ 25.10.2005. 06:43 ] @
Ne bih da te obeshrabrim... to je vjerovatno OK.. ali iz nekog razloga racunar(server) mi odbija konekciju (firewall mozda ili access-list?!) pomozite mi kako da obezbjedim siguran "prolaz" do baze plizzzz
[ Marcony @ 25.10.2005. 06:48 ] @
Daj running-config spisak.
Router# sh run
[Ovu poruku je menjao Marcony dana 25.10.2005. u 08:01 GMT+1]
[ mojeKorIme @ 25.10.2005. 09:17 ] @
Evo ga
Code:
Current configuration:
!
version 12.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname krupa2
!
enable secret ***
!
username krupa2 password ***
username krupa password ***
!
!
!
!
ip subnet-zero
no ip source-route
ip dhcp excluded-address 192.168.20.84
ip dhcp excluded-address 192.168.20.10
!
ip dhcp pool DHCPPoolLAN_0
network 192.168.1.0 255.255.255.0
dns-server 195.222.32.10 195.222.32.20
default-router 192.168.1.1
!
!
ip inspect name firewall cuseeme
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall ftp
ip inspect name firewall http
ip inspect name firewall h323
ip inspect name firewall realaudio
ip inspect name firewall smtp
ip inspect name firewall sqlnet
ip inspect name firewall streamworks
ip inspect name firewall tftp
ip inspect name firewall vdolive
ip inspect name firewall tcp
ip inspect name firewall udp
cns event-service server
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key VPNbihac address 195.222.35.*
crypto isakmp key VPNkrupa address 195.222.36.*
!
!
crypto ipsec transform-set vpn esp-des esp-sha-hmac
!
!
crypto map vpn 10 ipsec-isakmp
set peer 195.222.36.*
set transform-set vpn
match address 100
crypto map vpn 20 ipsec-isakmp
set peer 195.222.35.*
set transform-set vpn
match address 101
!
!
!
interface Ethernet0
ip address 192.168.20.254 255.255.255.0
ip access-group 101 in
ip access-group 102 out
no ip directed-broadcast
--More--
ip access-group 101 in
ip access-group 102 out
no ip directed-broadcast
no ip proxy-arp
ip mtu 1300
ip nat inside
ip inspect firewall in
!
interface Serial0
description ISP
ip address 195.222.35.* 255.255.255.252
ip access-group 111 in
no ip directed-broadcast
no ip proxy-arp
ip nat outside
ip inspect firewall out
crypto map vpn
!
ip default-gateway 195.222.35.*
ip nat pool ISPNATPool 192.168.20.1 192.168.20.200 netmask 255.255.255.0
ip nat inside source list 18 interface Serial0 overload
ip nat inside source static tcp 192.168.20.84 80 interface Serial0 80
ip nat inside source static tcp 192.168.20.84 1521 interface Serial0 1521
ip nat inside source route-map nonat interface Serial0 overload
ip nat inside source static tcp 192.168.20.10 21 195.222.35.* 21 extendable
ip nat inside source static tcp 192.168.20.84 25 195.222.35.* 25 extendable
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
!
access-list 18 permit 192.168.20.0 0.0.0.255
access-list 18 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 101 permit ip 192.168.20.0 0.0.0.255 any
access-list 101 deny ip any any
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit udp any any eq bootps
access-list 102 deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 102 deny ip 192.168.1.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit icmp any any administratively-prohibited
access-list 102 permit icmp any any echo
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any packet-too-big
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any traceroute
access-list 102 permit icmp any any unreachable
access-list 102 permit tcp any host 192.168.20.84 eq www
access-list 102 permit tcp any host 192.168.20.84 eq smtp
access-list 102 permit tcp any host 192.168.20.10 eq ftp
access-list 102 deny ip any any
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 deny ip any any
access-list 111 deny ip 192.168.1.0 0.0.0.255 any
access-list 111 permit ip any any
route-map nonat permit 10
!
!
line con 0
exec-timeout 0 0
password
login
transport input none
stopbits 1
line vty 0 4
exec-timeout 0 0
password
login local
!
end
[Ovu poruku je menjao mojeKorIme dana 25.10.2005. u 10:18 GMT+1]
[Ovu poruku je menjao Milan Andjelkovic dana 25.10.2005. u 10:39 GMT+1][ mojeKorIme @ 26.10.2005. 06:51 ] @
moze li mi ovaj link pomoci
www.cisco.com/univercd/cc/td/d...cgcr/ibm_c/bcprt2/bcdbconn.htm
[Ovu poruku je menjao mojeKorIme dana 26.10.2005. u 07:52 GMT+1]
[Ovu poruku je menjao mojeKorIme dana 26.10.2005. u 07:52 GMT+1][ mojeKorIme @ 26.10.2005. 09:35 ] @
Zna li neko bi li to radilo sa APPN i kako da podesim ?
Copyright (C) 2001-2025 by www.elitesecurity.org. All rights reserved.