[sf-lug] MySQL client firewall - iptables
John Reilly
jr at inconspicuous.org
Sat Aug 30 14:37:37 PDT 2008
Tom Haddon wrote:
> For some reason, I'm not able to make an outgoing MySQL client
> connection to the remote server. If I disable it with "service iptables
> stop" then I can make the connection fine, but with this iptables setup,
> things fail :(
>
> I've tried adding:
>
> iptables -A OUTPUT -p tcp -s <destination_ip_address> --sport 1024:65535
> -d 0/0 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
> iptables -A INPUT -p tcp -s 0/0 --sport 3306 -d <destination_ip_address> --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
>
I'd try
iptables -A INPUT -p tcp -s <remote_mysqld_ip_address> --sport 3306 -j ACCEPT
More information about the sf-lug
mailing list