Table of Contents
Advertisement
Once the ZoneRanger address and the port on the ZoneRanger have been identified, the Ranger Gateway
looks up the applicable port configuration in the portMap table, based on the source address and
ZoneRanger address, then looks for the first matching rule in the portConfig table, based on the
transport (TCP) and the ZoneRanger port. For example, assuming the listTcpPorts command output
is as follows:
ZR-1 http=20005 https=20006 sql=20007 ssh=20008 telnet=20009
and if the ZoneRanger named " ZR-1 " has an IP address of 10.10.4.5, if a request comes in on port
20008, the ZoneRanger address and port will be:
address=10.10.4.5, port=22
The Ranger Gateway will look first for a matching rule in the portMap table, using 10.10.4.5 as the
destination address, then will look for a matching rule in the portConfig table using 22 as the rg-port.
Assuming the default portMap and portConfig configuration, the following rules will be selected and the
request will be allowed to proceed:
•
portMap:
*.*.*.* @ZoneRanger ZoneRangerDefault
•
portConfig:
ZoneRangerDefault TCP 22 SSH
Although at first glance this approach for handling the special Ranger Gateway ports may seem a little
complicated, it has a significant advantage in that it allows access to a specific ZoneRanger/service to be
governed by a single rule, regardless of whether the service is being accessed using special Ranger
Gateway ports, or more directly via the GVI. In essence, access to a ZoneRanger service via a special
Ranger Gateway port is made to look like the equivalent GVI request, then is processed accordingly.
ZoneRanger 5.5 User's Guide
45
Hide quick links:
Advertisement
Table of Contents
