Manualshelf

Virtual TapeServer 8.0 Supplemental Installation Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
31323334353637383940
Enabling and Configuring AutoCopy and Instant DR | 25
RSA key fingerprint is
5f:10:3c:47:78:8f:e3:28:9d:ab:6b:34:ed:d1:e4:08.
Are you sure you want to continue connecting (yes/no)?
Enter yes.
d. Repeat these steps on each VTS server.
Note SSH can be setup for one direction or multiple directions. If multiple directions
are configured, these steps should be executed from the other direction.
Configuring TCP/IP security
The need for security while using replication becomes necessary if the communication link
between VTS servers is not completely within your network. If you do not secure the link,
others can gain access to the VTS operating system over TCP/IP from outside the corporate
network. To tighten security, you can configure IP tables to block all TCP/IP traffic going to
eth1 except SSH, RSH, and ICMP (ping and traceroute).
To configure TCP/IP security
1. On the VTS server, create the /etc/sysconfig/iptables file and open it for editing.
2. Insert the following lines:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth1 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 514 -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --dport 514 -j ACCEPT
-A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i eth1 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m state --state INVALID -j REJECT
--reject-with icmp-port-unreachable
COMMIT
Here is an explanation of these lines:
*filter
Set the “filter” table as the table to be modified.
:INPUT ACCEPT [0:0]
Sets the INPUT chain to a default value of ACCEPT. The [0:0] parameter is the count
of packets and bytes to be set when establishing this chain.
:FORWARD ACCEPT [0:0]
Sets the FORWARD chain to a default value of ACCEPT and its packet and byte
counters to 0.
:OUTPUT ACCEPT [0:0]
Sets the OUTPUT chain to a default value of ACCEPT and its packet and byte
counters to 0.