Assining the service your remote hosts are trying to access are on the firewall box and its a service that uses the TCP transport protocol, you could try something like the following:

iptables -A INPUT -s remoteip -p tcp -d yourfirewallip --dport 3306 -j ACCEPT

If the service is on another pc on the internal network:

iptables -A PREROUTING -t nat -s remoteip -p tcp -d yourfirewallip --dport 3306 -j DNAT --to internalhostip

and in the case your internal service is running on a different port, e.g 4000:

iptables -A PREROUTING -t nat -s remoteip -p tcp -d yourfirewallip --dport 3306 -j DNAT --to internalhostip:4000

Hope this helps. I'll soon be covering IPTables on my website so you can check in a few weeks times, hopefully I'll have it posted by then:

www.Firewall.cx

Cheers,

__________________________
Chris Partsenidis.
Systems Network Administrator
Email: Chris@firewall.cx
http://www.firewall.cx
__________________________

----- Original Message -----

From: security@grossepointe.com

To: netfilter@lists.netfilter.org

Sent: Sunday, February 09, 2003 1:12 AM

Subject: Allowing select IPs access to a single port

Hello,

What would be the best way to only open port 3306 to 1 or 2 IPs for remote connection? I was hoping someone could provide an iptable command that would achieve this.

I have tried a few things but I am a newbie and have yet to figure this one out. Any resources or assistance would be appreciated.

Thanks in advance.

Doug