Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: VLANs and their domains
Special Forums IP Networking VLANs and their domains Post 302910156 by gjws on Tuesday 22nd of July 2014 08:10:24 PM
Old 07-22-2014
Like Jim says, the main purpose would be security enforcement. It is very typical for an application to make use of a web server, an application server, and a database server. The Web server is obviously open on ports 80 and 443, and accessible from the internet. Web server may talk to the application server via, say DCOM, which by default used UDP ports 1024-5000. Lastly, the application server may talk to the Database server using SQL on TCP port 1433.

Ideally these servers would all talk to each other through a firewall, which can perform L3 - L7 application filtering and enforcement. So your firewall would have a leg in all 3 VLANS, and all traffic between the servers would be forced through the firewall. With things like virtual firewalls becoming more common things are becoming more and more complex in the DC. For example, the web, application and db server may all reside on the same physical host in a virtualised environment, so then you need to start thinking about things like 802.1q trunking etc, but that's another discussion Smilie
Last edited by gjws; 07-22-2014 at 09:10 PM.. Reason: spelling
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

multiple domains

Hello, I have 3 domains virtually hosted "name based" the first one "domain1.com" has its ServerName entered as domain1.com. this domain will load in a browser by www.domain1.com or simply domain1.com. the next two domains "domain2.com" and "domain3.com" ServerNames are listed as domain2.com and... (2 Replies)
Discussion started by: ericg
2 Replies

2. UNIX for Dummies Questions & Answers

blocking domains

Dear All , Kindly note I have sun solaries 7 . I want to block a domain who keep sending emails to my domain and users . thanks (1 Reply)
Discussion started by: tamemi
1 Replies

3. UNIX for Dummies Questions & Answers

creating domains

ok i am setting up dns or going to do it with solaris 9 once u setup the domain what file can u look @ to see if it setup or not (4 Replies)
Discussion started by: rmuhammad
4 Replies

4. UNIX for Advanced & Expert Users

Different Nameservers for Different Domains?

I have a system that is connected to a private network with its own DNS (call it "privnet."), and is also connected to the Internet on a separate interface. Is it possible to convince this server to query the private nameserver for the private network's domain (e.g. "host foo.privnet."), and the... (2 Replies)
Discussion started by: vertigo23
2 Replies

5. IP Networking

vlans

Hi All, I'm trying to configure a vlan interface, to do this I'm using the following command "vconfig add eth0 20". I have my interface up and running, but when I test it using "ping -I eth0.20 192.168.1.1" and in other console use "tcpdump -i eth0.20" I can not see any tagged frame. ... (0 Replies)
Discussion started by: lagigliaivan
0 Replies

6. AIX

AIX / Etherchannel / VLANs

I have 1 AIX server, 4 dual ported fiber attached ethernet cards and 4 VLANS coming in. Is it possible to present those 8 ports as 1 IP address using etherchannel? Thanks. (5 Replies)
Discussion started by: jwholey
5 Replies

7. UNIX for Dummies Questions & Answers

Sub domains from report

Hi, I have a report containing severals organization's email address. The address contain several sub domains, and i need to pull those out. mail domain ( example.com) .................. The report column contain mail address in this format : john1@sub1.example.com... (2 Replies)
Discussion started by: john_prince
2 Replies

8. UNIX for Dummies Questions & Answers

Help with VLANs

Hi Gurus, Can anyone explain me what is a Vlan and a Native vlan. How to check the native Vlan on my server having a solaris10 OS. Thanks in advance.:) (2 Replies)
Discussion started by: rama krishna
2 Replies

9. Solaris

Oracle VMs and VLANs

I've been given an IP address to assign to an ldom that is in a different subnet than the host, and I am looking for assistance in getting it online. I believe I need "VLAN tagging" as found in this link, but I do not understand all of the terminology. My host machine is on subnet 10.25.112.x,... (1 Reply)
Discussion started by: bstring
1 Replies

10. Proxy Server

Linux Networking - VLANs & Multiple IP's

In a "typical" data centre environment (telco, financial services etc), would a Linux OS typically have one IP address connected to one VLAN or would it have many IPs and/or VLANs. I say "Linux OS" as I'm referring to an instance of the OS not necessarily a Host or server. Think Linux OS = VM in a... (9 Replies)
Discussion started by: PCB
9 Replies

LEARN ABOUT SUSE

libxrx

LIBXRX(1)						      General Commands Manual							 LIBXRX(1)

NAME

       libxrx - RX Web Browser Plug-in

DESCRIPTION

       The RX Plug-in may be used with web browsers in the Mozilla family, including Netscape Navigator (3.0 or later), Firefox, and SeaMonkey, to
       interpret documents in the RX MIME type format and start remote applications.

       The RX Plug-in reads an RX document, from which it gets the list of services the application wants to use. Based on this  information,  the
       RX  Plug-in sets the various requested services, including creating authorization keys if your X server supports the SECURITY extension. It
       then passes the relevant data, such as the X display name, to the application through an HTTP GET request of the associated CGI script. The
       Web  server  then  executes  the CGI script to start the application. The client runs on the web server host connected to your X server. In
       addition when the RX document is used within the EMBED tag (a Netscape extension to HTML), the RX Plug-in uses the  XC-APPGROUP	extension,
       if it is supported by your X server, to cause the remote application to be embedded within the browser page from which it was launched.

INSTALLATION

       To  install  the  RX  Plug-in so that the web browser can use it, find the file named libxrx.so or libxrx.sl (or similar, depending on your
       platform) in __ProjectRoot__/lib and copy it to the browser plugin directory in the system installation or your	home  directory  (such	as
       /usr/lib/firefox/plugins or $HOME/.firefox/plugins).

       If  you have configured the web browser to use the RX helper program (xrx), you must reconfigure it. Generally you simply need to remove or
       comment out the line you may have previously added in your mailcap file to use the RX helper program.  Otherwise the plug-in  will  not	be
       enabled. (The usual comment character for mailcap is ``#''.)

       If  you	are  already running the web browser, you need to exit and restart it after copying the plug-in library so the new plug-in will be
       found.  Once this is done you can check that the browser has successfully loaded the plug-in by checking the ``About Plug-ins''	page  from
       the Help menu. This should show something like:

				   RX Plug-in

	   File name: /usr/local/lib/netscape/plugins/libxrx.sl.6.3

	   X Remote Activation Plug-in

	   Mime Type	     Description		  Suffixes  Enabled
	   application/x-rx  X Remote Activation Plug-in  xrx	    Yes

       Once  correctly configured, the web browser will activate the RX Plug-in whenever you retrieve any document of the MIME type application/x-
       rx.

RESOURCES

       The RX Plug-in looks for resources associated with the widget netscape.Navigator (class Netscape.TopLevelShell) and understands the follow-
       ing resource names and classes:

       xrxHasFirewallProxy (class XrxHasFirewallProxy)
	       Specifies  whether an X server firewall proxy (see xfwp) is running and should be used. Default is ``False.''  The X firewall proxy
	       uses the X Security Extension and this extension will only allow clients to connect to the X server if host-based authentication is
	       turned on.  See xfwp(1) for more information.

       xrxInternalWebServers (class XrxInternalWebServers)
	       The  web servers for which the X server firewall proxy should not be used (only relevant when xrxHasFirewallProxy is ``True''). Its
	       value is a comma separated list of mask/value pairs to be used to filter internal web servers, based on	their  address.  The  mask
	       part  specifies	which  segments of the address are to be considered and the value part specifies what the result should match. For
	       instance the following list:

		     255.255.255.0/198.112.45.0, 255.255.255.0/198.112.46.0

	       matches the address sets: 198.112.45.* and 198.112.46.*. More precisely, the test is (address & mask) == value.

       xrxFastWebServers (class XrxFastWebServers)
	       The web servers for which LBX should not be used. The resource  value  is  a  list  of  address	mask/value  pairs,  as	previously
	       described.

       xrxTrustedWebServers (class XrxTrustedWebServers)
	       The  web  servers  from	which  remote  applications should be run as trusted clients. The default is to run remote applications as
	       untrusted clients. The resource value is a list of address mask/value pairs, as previously described.

ENVIRONMENT

       If the RX document requests X-UI-LBX service and the default X server does not advertise the LBX extension, the RX Plug-in  will  look  for
       the environment variable ``XREALDISPLAY'' to get a second address for your X server and look for the LBX extension there. When running your
       browser through lbxproxy you will need to set XREALDISPLAY to the actual address of your server if you wish remote applications to be  able
       to use LBX across the Internet.

       If  the	RX  document  requests	XPRINT	service, RX Plug-in looks for the variable ``XPRINTER'' to get the printer name and X Print server
       address to use. If the server address is not specified as part of XPRINTER, RX Plug-in uses the first one specified  through  the  variable
       ``XPSERVERLIST''  when  it is set. When it is not RX Plug-in then tries to use the video server as the print server. If the printer name is
       not specified via XPRINTER, RX Plug-in looks for it in the variables ``PDPRINTER'', then ``LPDEST'', and finally ``PRINTER'',

       Finally, if you are using a firewall proxy, RX Plug-in will look for ``PROXY_MANAGER'' to get the address of your proxy manager (see  prox-
       ymngr). When not specified it will use ":6500" as the default.

KNOWN BUG

       When  an  authorization	key  is  created for a remote application to use the X Print service, the RX Plug-in has to create the key with an
       infinite timeout since nobody knows when the application will actually connect to the X Print server. It then  revokes  the  key  when  its
       instance  is  destroyed	(that is when you go to another page). However, if the Plug-in does not get destroyed properly, which happens when
       the browser dies unexpectedly, the print authorization key will never get revoked.

SEE ALSO

       xrx (1), xfwp (1), lbxproxy (1), proxymngr (1), The RX Document specification

AUTHORS

       Arnaud Le Hors and Kaleb Keithley, X Consortium

X Version 11							     xrx 1.0.3								 LIBXRX(1)
All times are GMT -4. The time now is 04:42 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy