1

I have solr (an http web server used for searching) runs on port 8334, rabbitmq messaging server runs on port 6633.

In the same machine, I have the web server which is accessed from outside world.

Now How can I secure the solr and rabbit-mq server so that no one from outside network can access the tcp server port? This means that solr and rabbit-mq server should be called only within the local machine.

I run the web server, db server, solr and rabbitmq in the same system. I use ubuntu 9.10 server.

can someone help me on this?

Krish
  • 331
  • 1
  • 3
  • 9

4 Answers4

2

Another good (and simple) practice to permit only local access to service(s) is to bind your service(s) to 127.0.0.1...

sebthebert
  • 1,234
  • 8
  • 21
1

A basic IPtables firewall should be able to stop anyone from accessing any port you do not wish people to access.

Simply allow tcp 80 & 443 (or other ports you use for your webserver) and deny all else.

http://easyfwgen.morizot.net/gen/

Should be a good starting point.

Antitribu
  • 1,719
  • 3
  • 23
  • 37
1

Modifying iptables, you can limit specific ports to a range of IPs: (Change IP range for your LAN)

http web server used for searching:

-A INPUT -p tcp --destination-port 8334 -m iprange --src-range 192.168.1.100-192.168.1.200 -j ACCEPT

rabbitmq messaging server:

-A INPUT -p tcp --destination-port 6633 -m iprange --src-range 192.168.1.100-192.168.1.200 -j ACCEPT
wayoutmind
  • 214
  • 1
  • 4
1

Don't you have some kind of firewall or at least a NAT router between the internet and your server? On this, you should configure a port forwarding for the ports your public webserver is listening on.

And you should consider putting the server into a DMZ. This would eliminate the need to let the whole internet into you local network.

PEra
  • 2,875
  • 18
  • 14