Solved

mysql firewall

Posted on 2011-09-07
4
253 Views
Last Modified: 2012-05-12
I want to open up a hole in the firewall for mysql access. from my search, I got these two commands

iptables -A INPUT -p tcp -s <clientip> --sport 1024:65535 -d <serverid> --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 7<serverip> --sport 3306 -d <clientip> --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

I ran them both on the server (is that correct?), and iptables -L confirm they took effect. but can not make connection from the client.

any one see anything wrong?
0
Comment
Question by:bhomass
  • 2
  • 2
4 Comments
 
LVL 59

Accepted Solution

by:
Kevin Cross earned 250 total points
ID: 36499736
Have you tried to restart iptables:
service iptables restart

Open in new window


Additionally, when I tried to setup a similar Firewall entry with a host provider I had to do two things. The first may be because of my lesser technical ability with Linux, but when add the Firewall rules above I ran into trouble and had to edit file directly because the order of the rules were not correct at first. Therefore, another rule was blocking this one from actually working even though it was applied to the file. There may be some command to ensure positioning from command shell, but I don't know it. Second, host providers will have their Firewall in place, so you have to setup Port Forwarding from your assigned public IP to your server on 3306. If this is all internal to your network, then you should be fine.
0
 

Author Comment

by:bhomass
ID: 36500615
as far as I understand, if you restart without saving (/etc/init.d iptables save) first, you actually loose the changes. not true?
0
 
LVL 59

Assisted Solution

by:Kevin Cross
Kevin Cross earned 250 total points
ID: 36500650
Then save the iptables first and then restart. When I have done this, I have not had to run a separate save, but again I manually edited the file and so had to save on close. Using the command line you probably have to save then restart. The important part I believe is that the rules are read on start-up of iptables, so you won't be able to use the new rule until restart.
0
 

Author Comment

by:bhomass
ID: 36500675
very help, thanks.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been using r1soft Continuous Data Protection (http://www.r1soft.com/linux-cdp/) for many years now with the mySQL Addon and wanted to share a trick I have used several times. For those of us that don't have the luxury of using all transact…
Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question