2

I am using a datacenter in Hong Kong (clould provider). I have monitoring servers in tokyo and I am using uwf for ubuntu 64 12.04 to limit access. I have never used ip tables, only ufw.

My rules on the clould allow for access for the monitoring IP address. But, the servers will be sending data to the monitoring servers namely for graphite and M/monit.

Because I am booting up and shutting down servers what is the proper questions I should ask the sys admins at the DC in HK in terms of getting the required info to allow for access from all servers from the DC? Thier ip address block ranges? Subnet mask ranges? In essence, how can I use ufw to allow for access for servers coming from HK DC? How to I use ufw to input that info?

Thanks

Monty
  • 25

1 Answers1

1

You would need to get a list of IP ranges which your cloud instances could start with, and then configure UFW to allow access from those ranges, with something like this for each range:

ufw allow in on eth0 from 1.2.0.0/16 proto tcp to any port 1234

Your cloud provider may not be willing to provide you with that information however, in which case you'll have to guess it. Take some IPs which your cloud instances have used in the past and do a whois lookup on them to determine the range which it belongs to.

mgorven
  • 31,041