Solved

mysql firewall

Posted on 2011-09-07
4
254 Views
Last Modified: 2012-05-12
I want to open up a hole in the firewall for mysql access. from my search, I got these two commands

iptables -A INPUT -p tcp -s <clientip> --sport 1024:65535 -d <serverid> --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 7<serverip> --sport 3306 -d <clientip> --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

I ran them both on the server (is that correct?), and iptables -L confirm they took effect. but can not make connection from the client.

any one see anything wrong?
0
Comment
Question by:bhomass
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 59

Accepted Solution

by:
Kevin Cross earned 250 total points
ID: 36499736
Have you tried to restart iptables:
service iptables restart

Open in new window


Additionally, when I tried to setup a similar Firewall entry with a host provider I had to do two things. The first may be because of my lesser technical ability with Linux, but when add the Firewall rules above I ran into trouble and had to edit file directly because the order of the rules were not correct at first. Therefore, another rule was blocking this one from actually working even though it was applied to the file. There may be some command to ensure positioning from command shell, but I don't know it. Second, host providers will have their Firewall in place, so you have to setup Port Forwarding from your assigned public IP to your server on 3306. If this is all internal to your network, then you should be fine.
0
 

Author Comment

by:bhomass
ID: 36500615
as far as I understand, if you restart without saving (/etc/init.d iptables save) first, you actually loose the changes. not true?
0
 
LVL 59

Assisted Solution

by:Kevin Cross
Kevin Cross earned 250 total points
ID: 36500650
Then save the iptables first and then restart. When I have done this, I have not had to run a separate save, but again I manually edited the file and so had to save on close. Using the command line you probably have to save then restart. The important part I believe is that the rules are read on start-up of iptables, so you won't be able to use the new rule until restart.
0
 

Author Comment

by:bhomass
ID: 36500675
very help, thanks.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword This is an old article.  Instead of using the MySQL extension that was used in the original code examples, please choose one of the currently supported database extensions instead.  More information is available here: MySQLi / PDO (http://…
I have been using r1soft Continuous Data Protection (http://www.r1soft.com/linux-cdp/) for many years now with the mySQL Addon and wanted to share a trick I have used several times. For those of us that don't have the luxury of using all transact…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question