[sf-lug] MySQL client firewall - iptables

Tom Haddon tom at greenleaftech.net
Sat Aug 30 18:28:05 PDT 2008


On Sat, 2008-08-30 at 14:37 -0700, John Reilly wrote:
> Tom Haddon wrote:
> > For some reason, I'm not able to make an outgoing MySQL client
> > connection to the remote server. If I disable it with "service iptables
> > stop" then I can make the connection fine, but with this iptables setup,
> > things fail :(
> >
> > I've tried adding:
> >
> > iptables -A OUTPUT -p tcp -s <destination_ip_address> --sport 1024:65535
> > -d 0/0 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
> > iptables -A INPUT -p tcp -s 0/0 --sport 3306 -d <destination_ip_address> --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
> >   
> I'd try
> 
> iptables -A INPUT -p tcp -s <remote_mysqld_ip_address> --sport 3306 -j ACCEPT

Works a treat.

Thanks! Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20080830/155b8aae/attachment.pgp>


More information about the sf-lug mailing list