Ping a Specific Port

Question

gijs007

Asked: 2016-01-02 10:09:22 +0800 CST2016-01-02 10:09:22 +0800 CST 2016-01-02 10:09:22 +0800 CST

Secure galera cluster MariaDB

772

I'm using a Galera cluster between a few web servers over the WAN. I have the traffic encrypted with ipsec between the servers, but it just struck me that anyone can connect to my Galera cluster and start downloading the database.

What would be the best way to protect my self against this? Is it possible to set some sort of authentication (e.g. a password) or only allow certain IP's to join the cluster in Maria DB?

(I'm aware Galera has support for SSL, but since I already use ipsec for secure server to server communication I don't want to have the extra overhead of encrypting things twice.)

The current option I came up with is using iptables to block the port for Galera and only allow certain IP's.

1 Answers

Voted

gxx · Answer 1 · 2016-01-02T10:37:28+08:00

gxx

2016-01-02T10:37:28+08:002016-01-02T10:37:28+08:00

You could set up a private network between your machines and bind Galera to the respective IPs, to make sure it's not reachable from the public internet.

Edit: Not sure which version you're using, but according to this, starting with 5.2.10, MariaDB includes a PAM Authentication Plugin.

0

Secure galera cluster MariaDB

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?