Translating IPTables rule to UFW

Posted by Dario Fumagalli on Server Fault See other posts from Server Fault or by Dario Fumagalli
Published on 2013-07-03T09:45:21Z Indexed on 2013/07/03 11:07 UTC
Read the original article Hit count: 322

Filed under:
|
|
|
|

we are using an Ubuntu 12.04 x64 LTS VPS. Firewall being used is UFW. I have setup a Varnish + LEMP setup. along with other things, including an Openswan IPSEC VPN from our office to the VPS data center. A second in house Ubuntu box is to act as MySQL slave and fetch data from the VPS through the VPN.

Master's ppp0 is seen as 10.1.2.1 from the slave, they ping etc.

I have done the various required tasks but I can't get the client (slave) MySQL (nor telnet 10.1.2.1 3306) to access the master through the VPN unless I issue this fairly obvious IPTables command:

iptables -A INPUT -s 10.1.2.0/24 -p tcp --dport 3306 -j ACCEPT

I willingly forced the accepted input to come from the last octet. With this rule everything works just fine!

However I want to translate this command to UFW syntax so to keep everything in one place.

Now I admit being inexperienced with UFW, I prepared rules like:

ufw allow proto tcp from 10.1.2.0/24 port mysql

and 2-3 variations involving specifying 3306 instead of mysql, specifying a target IP (MySQL's my.cnf at the moment is configured as 0.0.0.0) and similar but I just don't seem to be able to replicate the simple iptables rule in a functional way.

Anyone could kindly give me a suggestion that is not to dump UFW?

Thanks in advance.

© Server Fault or respective owner

Related posts about mysql

Related posts about iptables