[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

mysql firewall

Posted on 2011-09-07
4
Medium Priority
?
270 Views
Last Modified: 2012-05-12
I want to open up a hole in the firewall for mysql access. from my search, I got these two commands

iptables -A INPUT -p tcp -s <clientip> --sport 1024:65535 -d <serverid> --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 7<serverip> --sport 3306 -d <clientip> --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

I ran them both on the server (is that correct?), and iptables -L confirm they took effect. but can not make connection from the client.

any one see anything wrong?
0
Comment
Question by:bhomass
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 60

Accepted Solution

by:
Kevin Cross earned 1000 total points
ID: 36499736
Have you tried to restart iptables:
service iptables restart

Open in new window


Additionally, when I tried to setup a similar Firewall entry with a host provider I had to do two things. The first may be because of my lesser technical ability with Linux, but when add the Firewall rules above I ran into trouble and had to edit file directly because the order of the rules were not correct at first. Therefore, another rule was blocking this one from actually working even though it was applied to the file. There may be some command to ensure positioning from command shell, but I don't know it. Second, host providers will have their Firewall in place, so you have to setup Port Forwarding from your assigned public IP to your server on 3306. If this is all internal to your network, then you should be fine.
0
 

Author Comment

by:bhomass
ID: 36500615
as far as I understand, if you restart without saving (/etc/init.d iptables save) first, you actually loose the changes. not true?
0
 
LVL 60

Assisted Solution

by:Kevin Cross
Kevin Cross earned 1000 total points
ID: 36500650
Then save the iptables first and then restart. When I have done this, I have not had to run a separate save, but again I manually edited the file and so had to save on close. Using the command line you probably have to save then restart. The important part I believe is that the rules are read on start-up of iptables, so you won't be able to use the new rule until restart.
0
 

Author Comment

by:bhomass
ID: 36500675
very help, thanks.
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question