From: Eric Leblond <eric@regit.org>
To: Robert Gil <rgil@bodybuildingdiscount.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: mysql remote connections
Date: Mon, 01 Mar 2004 21:09:18 +0100 [thread overview]
Message-ID: <1078171758.1848.1.camel@localhost> (raw)
In-Reply-To: <009001c3ffc8$5eacc970$3901a8c0@AFBWholesale.com>
On some distro mysql doest not listen on tcp
check this with :
netstat -ltp
you may have to enable it in mysql.conf
BR,
Le lun 01/03/2004 à 21:04, Robert Gil a écrit :
> mysql port is 3306.... its currently running on the same box as the firewall
> just for testing purposes... but i cant figure out why i cant connect
> remotely.. im sure its just a careless mistake somewhere or a mixup.. if
> somone can just take a quick peek i would appreciate it alot.
>
> # Start With Everything Closed
> iptables -P INPUT DROP
> iptables -P FORWARD DROP
> iptables -P OUTPUT ACCEPT
>
> # Connection Tracking
> #TCP
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
>
> #ICMP
> iptables -A OUTPUT -p icmp -m state --state NEW,ESTABLISHED,RELATED -j
> ACCEPT
> iptables -A INPUT -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> # Open Ports
>
> iptables -A INPUT -j ACCEPT -p tcp --dport 80
> iptables -A INPUT -j ACCEPT -p tcp --dport 21
> iptables -A INPUT -j ACCEPT -p tcp --dport 110
> iptables -A INPUT -j ACCEPT -p tcp --dport 25
> iptables -A INPUT -j ACCEPT -p tcp --dport 22
> iptables -A INPUT -j ACCEPT -p tcp --dport 3389
> iptables -A INPUT -j ACCEPT -p tcp --dport 3306
> iptables -A INPUT -j ACCEPT -p tcp --dport 2121
> iptables -A INPUT -j ACCEPT -p tcp --dport 53
>
> # Masquerading and NAT
> iptables -t nat -A POSTROUTING -s 192.168.1.2 -j MASQUERADE
> iptables -A FORWARD -j ACCEPT -i eth1 -s 192.168.1.2
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> # Terminal Services Forwarding
> iptables -A FORWARD -j ACCEPT -p tcp --dport 3389
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3389 -j DNAT --to
> 192.168.1.2:3389
>
> # MS BOX FTP Fowarding
> iptables -A FORWARD -j ACCEPT -p tcp --dport 2121
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2121 -j DNAT --to
> 192.168.1.2:2121
>
> # Flood Protection
> # SYN
> iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
>
> # Port Scan
> iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit
> 1/s -j ACCEPT
>
> # Ping Of Death
> iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j
> ACCEPT
>
> # Enable Forwarding
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
>
next prev parent reply other threads:[~2004-03-01 20:09 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-03-01 20:04 mysql remote connections Robert Gil
2004-03-01 20:09 ` Eric Leblond [this message]
2004-03-01 20:42 ` Robert Gil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1078171758.1848.1.camel@localhost \
--to=eric@regit.org \
--cc=netfilter@lists.netfilter.org \
--cc=rgil@bodybuildingdiscount.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.