Problems forwarding port 3306 on iptables with CentOS
Posted
by
BoDiE2003
on Server Fault
See other posts from Server Fault
or by BoDiE2003
Published on 2011-03-08T14:23:07Z
Indexed on
2011/03/08
16:12 UTC
Read the original article
Hit count: 238
Im trying to add a forward to the mysql server at 200.58.126.52 to allow the access from 200.58.125.39, and Im using the following rules (its my whole iptables of the VPS of my hosting). I can connect locally at the server that holds the mysql service as localhost, but not from outside.
Can someone check if the following rules are fine? Thank you
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 200.58.125.39 --dport 3306 -j ACCEPT
-A INPUT -p tcp -s 200.58.125.39 --sport 1024:65535 -d localhost --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -s localhost --sport 3306 -d 200.58.125.39 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
COMMIT
And this is the output of the connection trial.
[root@qwhosti /home/qwhosti/public_html/admin/config] # mysql -u user_db -p -h 200.58.126.52 Enter password: ERROR 2003 (HY000): Can't connect to MySQL server on '200.58.126.52' (113)
© Server Fault or respective owner