I'm trying to make MySQL available by 2 ports: 3306 and 3339
I added rule to iptables:
iptables -t nat -A PREROUTING -i bond0 -p tcp --dport 3339 -j REDIRECT
--to-port 3306
and everythin is great for remote connections.
But if I'm trying to connect it locally, I'm getting an error:
mysql -u username -ppassword --port=3339 -h Host.Name
ERROR 2003 (HY000): Can't connect to MySQL server on 'Host.Name' (111)
Any ideas how can I edit iptables to get local access via 3339 port?
Since PREROUTING isn't used by the loopback interface we have to add one more rule:
iptables -t nat -I OUTPUT -p tcp -o lo --dport 3339 -j REDIRECT --to-ports 3306
Related
We have installed samba4 on ubuntu 18.04 server and we are getting DNS error
Issue in DNS
Please find the /etc/resolv.conf file
resolv.conf
Please find the /etc/samba/smb.conf
smb.conf file
Please help me to resolve the issue
Thanks
I think you should allow the trafic in firewall with these :
iptables -A INPUT -p tcp --dport 135 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 135 -j ACCEPT
iptables -A INPUT -p udp --dport 135 -j ACCEPT
iptables -A OUTPUT -p udp --dport 135 -j ACCEPT
tho if you dont add
browseable = yes
you may not see the shared files
Recently I've managed to block all unused ports on my dedicated server (Linux CentOS latest 64-bit) but whenever I do so, sites that connect to my database just simply cannot connect.
iptables -A INPUT -i lo -p tcp --dport 3306 -j ACCEPT
iptables -A OUTPUT -o lo -p tcp --sport 3306 -j ACCEPT
I believe it has something to do with the OUTPUT port, but I am not sure.
Thanks.
If you want to allow remote incoming mysql connections you will need to define an INPUT rule that is not isolated to your local interface:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
In Centos this will be defined in the /etc/sysconfig/iptables file. Then restart:
sudo service iptables restart
Alternatively, from the command line, you can use:
sudo system-config-firewall-tui
To configure your firewall, it is in the package of the same name:
sudo yum install system-config-firewall-tui -y
I have followed the following tutorial to set up my computer so that others can access MySql:
http://msdn.microsoft.com/en-us/library/ms345343(v=sql.105).aspx
The port that I had set up was 49172. When I now try to connect to this database from the same computer by using host name as my IP address, port as 49172, username as root and password as root I get an error saying I cannot connect to the server with some checks such as check if MySql is running, check rights and check firewalls (10061).
Could someone please tell me I am getting this error and how do I fix it?
Try resetting IPTables as it might cause blocked connections.
Use these:
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
I want to whitelist 2 external ip-adresses vor port 3306 (mysql), but block all other IP-adresses to the port 3306 on a debian server running a mysql-instance. Both external ip-adresses should be able to connect to the mysql-server.
What is the best way in iptables?
What i did:
/sbin/iptables -A INPUT -p tcp -d 127.0.0.1 --dport 3306 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -d 1.1.1.1.1 --dport 3306 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -d 85.x.x.x --dport 3306 -j ACCEPT
(1.1.1.1 is an internal ip and masked here for security purposes)
## Block all connections to 3306 ##
/sbin/iptables -A INPUT -p tcp --dport 3306 -j DROP
What happened:
every external ip is locked and can't connect
What should happen:
every external ip will be locked cand can't connect but not 1.1.1.1 and 85.x.x.x and 127.0.0.1
iptables -N mysql # create chain for mysql
iptables -A mysql --src 127.0.0.1 -j ACCEPT
iptables -A mysql --src 1.1.1.1.1 -j ACCEPT
iptables -A mysql --src 85.x.x.x -j ACCEPT
iptables -A mysql -j DROP # drop packets from other hosts
iptables -I INPUT -m tcp -p tcp --dport 3306 -j mysql # use chain for packets to MySQL port
I am trying to restrict MySQL 3306 port on a linux machine from making any connections to anything other than localhost to prevent outside attacks. i have the following code, i am not sure if it's correct:
iptables -A INPUT -p tcp -s localhost --dport 3306 -j ACCEPT
iptables -A OUTPUT -p tcp -s localhost --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP
iptables -A OUTPUT -p tcp --dport 3306 -j DROP
my other question is - is it correct to only give localhost access? this is a standard dedicated centos webserver with more than 30 domains on it.
Why not just turn off networking with MySQL?
Add to my.cnf:
skip-networking
It's supposed to also give a negligible performance improvement by forcing connection through pipes, which skips over lots of tests used for the networking section. Please note you will need to use localhost, not 127.0.0.1, after the change.
iptables -A INPUT -p tcp --dport 3306 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
The above rule is for converting two lines into single one.
Answer to your second question:
If you do not want to provide mysql access from other than localhost, then it is perfect to configure this way. Simple. :-)
iptables -A INPUT -p tcp --dport 3306 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP
If you want to remove the filtering, use this:
iptables -D INPUT -p tcp --dport 3306 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -D INPUT -p tcp --dport 3306 -j DROP
Note: Both might require root, so: sudo iptables (...)