Translating IPTables rule to UFW
- by Dario Fumagalli
we are using an Ubuntu 12.04 x64 LTS VPS. Firewall being used is UFW.
I have setup a Varnish + LEMP setup. along with other things, including an Openswan IPSEC VPN from our office to the VPS data center. A second in house Ubuntu box is to act as MySQL slave and fetch data from the VPS through the VPN.
Master's ppp0 is seen as 10.1.2.1 from the slave, they ping etc.
I have done the various required tasks but I can't get the client (slave) MySQL (nor telnet 10.1.2.1 3306) to access the master through the VPN unless I issue this fairly obvious IPTables command:
iptables -A INPUT -s 10.1.2.0/24 -p tcp --dport 3306 -j ACCEPT
I willingly forced the accepted input to come from the last octet.
With this rule everything works just fine!
However I want to translate this command to UFW syntax so to keep everything in one place.
Now I admit being inexperienced with UFW, I prepared rules like:
ufw allow proto tcp from 10.1.2.0/24 port mysql
and 2-3 variations involving specifying 3306 instead of mysql, specifying a target IP (MySQL's my.cnf at the moment is configured as 0.0.0.0) and similar but I just don't seem to be able to replicate the simple iptables rule in a functional way.
Anyone could kindly give me a suggestion that is not to dump UFW?
Thanks in advance.