środa, 17 kwietnia 2013

Oracle over Stunnel

http://www.ritzyblogs.com/OraTalk/PostID/104/How-to-configure-stunnel-for-Oracle-with-example


FEB
24
TUE
Posted By ritzy on Tuesday, February 24, 2009
2653 Views 1 Comments










Stunnel basically allows you to create an encrypted channel between two machines using openSSL encryption. If you need to setup encrypted connection between your Oracle client and Oracle server, here are the steps on how to configure stunnel for Oracle with sample configuration files. In this example, we'll use the following:
Oracle Server: testserver-001
Oracle Client: testclient-001
Server Listener Port: 1521
Server Stunnel Port: 11521
Client Stunnel Port: 1600
I've tested this on RHEL4U3 64-bit OS with Oracle 10.2.0.2 database.
1. Ensure stunnel and openssl rpms are installed on both Oracle client and server. Example:
$rpm -qa | grep -i stunnel
stunnel-4.05-3

$rpm -qa | grep -i openssl
openssl-devel-0.9.7a-43.8
openssl-0.9.7a-43.8
openssl-0.9.7a-43.8
openssl096b-0.9.6b-22.42
2. Edit /etc/stunnel/stunnel_server.conf as root on testserver-001 as shown below to prepare server side configuration:
service = stunnel-server
cert = /etc/stunnel/bcpstunnel.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 0
output = /tmp/stunnel_server.log
foreground = no
session = 86400
TIMEOUTidle = 3600
client = no
[MYSTUNNEL]
accept=testserver-001:11521
connect=testserver-001:1521
The stunnel server listens for stunnel client requests, decrypts data, and forwards it to the specified localhost port. The port that stunnel listens on is configured via the accept parameter and the port that data is forwarded to is configured via the connect parameter. Each pair of connect and accept parameters must be named.
2. Edit /etc/stunnel/stunnel_server.client as root on testclient-001 as shown below to prepare client side configuration
service = stunnel-client
cert = /etc/stunnel/bcpstunnel.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 0
output = /tmp/stunnel_client.log
foreground = no
session = 86400
TIMEOUTidle = 3600
client = yes
[MYSTUNNEL]
accept = 1600
connect =testserver-001:11521
The stunnel client listens for data on a localhost port, encrypts that data, and forwards the data to an stunnel server process (typically on another machine). A separate localhost port needs to be configured for each secure tunnel you want to create.
3. Generate stunnel certificate on both Oracle client and server. Note the name bcpstunnel.pem used in the stunnel configurations
One each host, you should run the following command as root. Just press enter for the question prompts (i.e. leave blank)
$openssl req -new -x509 -days 3650 -nodes -out bcpstunnel.pem -keyout bcpstunnel.pem
This creates a private key, and self-signed certificate. The arguments are:
-new Generate a new key
-x509 Generate an X509 certificate (self sign)
-days 3650 make this key valid for 10 years, after which it's not to be used any more
-nodes Don't put a password on this key
-out bcpstunnel.pem where to put the SSL certificate
-keyout bcpstunnel.pem put the key in this file
4. Start stunnel server and stunnel client on resp hosts as root
$stunnel /etc/stunnel/stunnel_server.conf
$stunnel /etc/stunnel/stunnel_client.conf
$ps -ef|grep stunnel
5. Verify through tnsping. See below sample TNS configuration
testserver = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1600)) (CONNECT_DATA = (SERVER = DEDICATED)(SERVICE_NAME = testserver)))

środa, 10 kwietnia 2013

DNS in LAN

http://gustaff.bsdaemon.pl/?p=323



Home > freeBSDLANnamed > DNS w sieci lan

DNS w sieci lan

Sierpień 25th, 2009
Krótkie how-to jak utworzyć domowy serwer nazw.
Opis bedzie wykonany na systemie freeBSD, ale bez problemu można go zastosować na każdym innym OS-ie.
W przykładzie będę posługiwał sie hostem venturi i domeną venturi.web
Poniżej przedstawiam obrazowo ( choc nie mam talentu do rysowania ) jak to wyglada w praktyce u mnie.
siec
Jeżeli wcześniej kożystaliśmy z routera z dhcp, należy wyłączyć w nim tą opcje.
Co nam jest potrzebne. Serwer DHCP, serwer bind i troche cierpliowści.
Instalujemy serwer DHCP
1.cd /usr/ports/net/dhcpcd/ && make install clean
Tworzymy plik dhcpd.conf
1.touch /usr/local/etc/dhcpd.conf
przykładowy konfig :
01.ddns-update-style none;
02.option domain-name "venturi.web";
03.default-lease-time 600;
04.max-lease-time 7200;
05.log-facility local7;
06.option domain-name-servers 192.168.1.1, 194.204.159.1;
07.subnet 192.168.1.0 netmask 255.255.255.0 {
08.range 192.168.1.100 192.168.1.254;
09.option routers 192.168.1.1;
10.}
Wpis do rc.conf
( Jeżeli mamy taki wpis : ifconfig_fxp0=”DHCP” należyg go zhaszować )
1.ifconfig_fxp0="inet 192.168.1.1 netmask 255.255.255.0"
2.defaultrouter="192.168.1.100
3.dhcpd_enable="YES"
4.dhcpd_ifaces="fxp0"
Na początek edytujemy hosty
1.# nano /etc/hosts
i dopisujemy
1.192.168.1.1             venturi venturi.web
Kolejnym krokiem jest edycja resolv.conf
1.#nano /etc/resolv.conf
I robimy jak w przykłądzie :
1.domain venturi.web
2.nameserver 192.168.1.1
I restartujemy serwer.
Po restarcie instalujemy bind:
1.cd /usr/ports/dns/bind9/ && make install clean
Po instalacji trzeba dodac nameda do rc.conf
1.nano /etc/rc.conf
i dopisujemy
1.named_enable="YES"
1.# cd /etc/namedb/
i edytujemy plik konfiguracyjny.
1.nano named.conf
na koncu dopisujemy :
1.zone "venturi.web"  {
2.type master;
3.file "master/venturi.web";
4.};
Przechodzimy do katalogu master
1.cd master/
i tworzymy plik venturi.web
1.nano venturi.web
01.$TTL 86400
02.$ORIGIN venturi.web.
03.@       IN      SOA     venturi.web. root.venturi.web. (
04.2009092400 ;; serial
05.1200       ;; refresh
06.1200       ;; retry
07.2419200    ;; expire
08.86400      ;; TTL
09.)
10.@               IN      NS      ns1.venturi.web.
11.@               IN      NS      ns2.venturi.web.
12.@               IN      MX      10    mail.venturi.web.
13.*               IN      A       192.168.1.1
14.ns1             IN      A       192.168.1.1
15.ns2             IN      A       192.168.1.1
16.mail            IN      A       192.168.1.1
17.www             IN      A       192.168.1.1
18.ftp             IN      CNAME   www
uruchamiamy demona nameda
1.# /etc/rc.d/named start
Teraz sprawdzamy
1.venturi# host venturi.web
2.venturi.web mail is handled by 10 mail.venturi.web.
Teraz na pozostałych komputerach przypisujemy ręcznie adresy ip i dns
Tu przykład jak to wygląda u mnie.
ipdns

Ginekolog dr n. med. Piotr Siwek

Gabinet ginekologiczny specjalista ginekolog - położnik dr n. med. Piotr Siwek