mysql firewall

I want to open up a hole in the firewall for mysql access. from my search, I got these two commands

iptables -A INPUT -p tcp -s <clientip> --sport 1024:65535 -d <serverid> --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 7<serverip> --sport 3306 -d <clientip> --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

I ran them both on the server (is that correct?), and iptables -L confirm they took effect. but can not make connection from the client.

any one see anything wrong?
bhomassAsked:
Who is Participating?
 
Kevin CrossConnect With a Mentor Chief Technology OfficerCommented:
Have you tried to restart iptables:
service iptables restart

Open in new window


Additionally, when I tried to setup a similar Firewall entry with a host provider I had to do two things. The first may be because of my lesser technical ability with Linux, but when add the Firewall rules above I ran into trouble and had to edit file directly because the order of the rules were not correct at first. Therefore, another rule was blocking this one from actually working even though it was applied to the file. There may be some command to ensure positioning from command shell, but I don't know it. Second, host providers will have their Firewall in place, so you have to setup Port Forwarding from your assigned public IP to your server on 3306. If this is all internal to your network, then you should be fine.
0
 
bhomassAuthor Commented:
as far as I understand, if you restart without saving (/etc/init.d iptables save) first, you actually loose the changes. not true?
0
 
Kevin CrossConnect With a Mentor Chief Technology OfficerCommented:
Then save the iptables first and then restart. When I have done this, I have not had to run a separate save, but again I manually edited the file and so had to save on close. Using the command line you probably have to save then restart. The important part I believe is that the rules are read on start-up of iptables, so you won't be able to use the new rule until restart.
0
 
bhomassAuthor Commented:
very help, thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.