Solved

mysql firewall

Posted on 2011-09-07
4
251 Views
Last Modified: 2012-05-12
I want to open up a hole in the firewall for mysql access. from my search, I got these two commands

iptables -A INPUT -p tcp -s <clientip> --sport 1024:65535 -d <serverid> --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 7<serverip> --sport 3306 -d <clientip> --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

I ran them both on the server (is that correct?), and iptables -L confirm they took effect. but can not make connection from the client.

any one see anything wrong?
0
Comment
Question by:bhomass
  • 2
  • 2
4 Comments
 
LVL 59

Accepted Solution

by:
Kevin Cross earned 250 total points
ID: 36499736
Have you tried to restart iptables:
service iptables restart

Open in new window


Additionally, when I tried to setup a similar Firewall entry with a host provider I had to do two things. The first may be because of my lesser technical ability with Linux, but when add the Firewall rules above I ran into trouble and had to edit file directly because the order of the rules were not correct at first. Therefore, another rule was blocking this one from actually working even though it was applied to the file. There may be some command to ensure positioning from command shell, but I don't know it. Second, host providers will have their Firewall in place, so you have to setup Port Forwarding from your assigned public IP to your server on 3306. If this is all internal to your network, then you should be fine.
0
 

Author Comment

by:bhomass
ID: 36500615
as far as I understand, if you restart without saving (/etc/init.d iptables save) first, you actually loose the changes. not true?
0
 
LVL 59

Assisted Solution

by:Kevin Cross
Kevin Cross earned 250 total points
ID: 36500650
Then save the iptables first and then restart. When I have done this, I have not had to run a separate save, but again I manually edited the file and so had to save on close. Using the command line you probably have to save then restart. The important part I believe is that the rules are read on start-up of iptables, so you won't be able to use the new rule until restart.
0
 

Author Comment

by:bhomass
ID: 36500675
very help, thanks.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword In the years since this article was written, numerous hacking attacks have targeted password-protected web sites.  The storage of client passwords has become a subject of much discussion, some of it useful and some of it misguided.  Of cou…
Introduction Since I wrote the original article about Handling Date and Time in PHP and MySQL (http://www.experts-exchange.com/articles/201/Handling-Date-and-Time-in-PHP-and-MySQL.html) several years ago, it seemed like now was a good time to updat…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question