Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Unable to open firewall port for external traffic.
Top Forums Shell Programming and Scripting Unable to open firewall port for external traffic. Post 303027441 by Neo on Saturday 15th of December 2018 10:33:40 PM
Old 12-15-2018
Thanks for the update.

I do not advise binding your DB to 0.0.0.0 or your server's IP address because this can open up your DB to outside attackers.

Normally, web admins bind the DB to the localhost so only processes which originate on the localhost can assess the DB, for security reasons.

In other words, for security reasons, you should design your system so you do not need to telnet or otherwise remotely connect to your DB.
 

10 More Discussions You Might Find Interesting

1. Solaris

How to open SSH port on firewall?

Hi, So that potential responders will have an idea of what they're dealing with let me say that while I am a UNIX newbie I have been in IT for over 10 years. We have several SUN boxes running ver 5 of the OS that have been sitting dormant for some time as they were part of a now defunct... (3 Replies)
Discussion started by: pjewett
3 Replies

2. Linux

using firewall to block port

Hi, I will like to allow access to the mysql port (3306) to certain IP address. All other IP's should be automatically blocked. What is the best way to do this? (8 Replies)
Discussion started by: shantanuo
8 Replies

3. Solaris

Unable to open 3966 port in solaris

Unable to open 3966 port for buildforge in Solaris 10, anyone pls help me how to open the 3966 port in solaris. Thanks in Advance (1 Reply)
Discussion started by: durgaprasadr13
1 Replies

4. IP Networking

blocking traffic to destination network by port

I am trying to block ALL traffic except when from ports 9100,22,23 to destination network 192.0.0.0 (my WAN): 2 networks 192.0.3.0 with static route to 192.0.0.0 Shouldn't this work?: iptables -A INPUT -p tcp -d 192.0.0.0/24 --dport 22 -j ACCEPT iptables -A INPUT -p tcp -d 192.0.0.0/24... (3 Replies)
Discussion started by: herot
3 Replies

5. IP Networking

Tcp ip port open but no such process (merged: Release A Port)

i want to kill a tcp connection by killing its pid with netstat -an i got the tcp ip connection on port 5914 but when i type ps -a or ps-e there is not such process running on port 5914 is it possible that because i do not log on with proper user account i can not see that process running? (30 Replies)
Discussion started by: alinamadchian
30 Replies

6. UNIX for Advanced & Expert Users

Linux bridged firewall - monitor traffic & block IP

Hi All, I successfully configured a DEBIAN Lenny bridged firewall using ebtables. The bridged interface is br0. The ethernet interface are eth0 & eth1 respectively. All the traffic are transparently passing my firewall but i need to find & block temporarily the bandwidth abusers. Can... (1 Reply)
Discussion started by: coolatt
1 Replies

7. UNIX for Dummies Questions & Answers

Rsync port and firewall

hi guys I doing some collocation for a customer, customer requested to use other port for ssh not the default one. OK no problem and customer will be using rsync to sync backups among other things I know we have to open port let's say port 5999 for ssh since we are using that one now but I... (1 Reply)
Discussion started by: karlochacon
1 Replies

8. Red Hat

Unable to Open port 8080

Hi Experts, I am receiving below error while trying to connect port 8080. Could not open connection to the host, on port 8080 : connection refused. iptables configuration /etc/sysconfig/iptables # Firewall configuration written by system-config-firewall # Manual customization of... (1 Reply)
Discussion started by: sai_2507
1 Replies

9. Infrastructure Monitoring

How do I know what traffic is in network port?

If I would like to know what connection , data , traffic in a network port ( eth0 ) , what can I do ? ps. because I always found the network is very slow , so I would like what the network port is doing . Thanks Login ID ust3 is currently in read-only mode for multiple infractions. Creating... (0 Replies)
Discussion started by: ust03
0 Replies

10. AIX

How to re-route traffic from one port to another?

Hi Friends, How to do port forwarding in AIX? We would like to re route traffic from port A to port B on AIX LPAR. for example: my application is using 8080 port on LPAR and would like to use the 8081 instead of 8080. By default application was configured with 8080. But instead of changing... (2 Replies)
Discussion started by: System Admin 77
2 Replies

LEARN ABOUT DEBIAN

shorewall6-tunnels

SHOREWALL6-TUNNELS(5)						  [FIXME: manual]					     SHOREWALL6-TUNNELS(5)

NAME

       tunnels - Shorewall6 VPN definition file

SYNOPSIS

       /etc/shorewall6/tunnels

DESCRIPTION

       The tunnels file is used to define rules for encapsulated (usually encrypted) traffic to pass between the Shorewall6 system and a remote
       gateway. Traffic flowing through the tunnel is handled using the normal zone/policy/rule mechanism. See
       http://www.shorewall.net/VPNBasics.html for details.

       The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in
       the alternate specification syntax).

       TYPE -
       {ipsec[:{noah|ah}]|ipsecnat|gre|l2tp|pptpclient|pptpserver|{openvpn|openvpnclient|openvpnserver}[:{tcp|udp}][:port]|generic:protocol[:port]}
	   Types are as follows:

		       ipsec	     - IPv6 IPSEC
		       ipsecnat      - IPv6 IPSEC with NAT Traversal (UDP port 4500 encapsulation)
		       gre	     - Generalized Routing Encapsulation (Protocol 47)
		       l2tp	     - Layer 2 Tunneling Protocol (UDP port 1701)
		       openvpn	     - OpenVPN in point-to-point mode
		       openvpnclient - OpenVPN client runs on the firewall
		       openvpnserver - OpenVPN server runs on the firewall
		       generic	     - Other tunnel type

	   If the type is ipsec, it may be followed by :ah to indicate that the Authentication Headers protocol (51) is used by the tunnel (the
	   default is :noah which means that protocol 51 is not used). NAT traversal is only supported with ESP (protocol 50) so ipsecnat tunnels
	   don't allow the ah option (ipsecnat:noah may be specified but is redundant).

	   If type is openvpn, openvpnclient or openvpnserver it may optionally be followed by ":" and tcp or udp to specify the protocol to be
	   used. If not specified, udp is assumed. Note: At this writing, OpenVPN does not support IPv6.

	   If type is openvpn, openvpnclient or openvpnserver it may optionally be followed by ":" and the port number used by the tunnel. if no
	   ":" and port number are included, then the default port of 1194 will be used. . Where both the protocol and port are specified, the
	   protocol must be given first (e.g., openvpn:tcp:4444).

	   If type is generic, it must be followed by ":" and a protocol name (from /etc/protocols) or a protocol number. If the protocol is tcp
	   or udp (6 or 17), then it may optionally be followed by ":" and a port number.

       ZONE - zone
	   The zone of the physical interface through which tunnel traffic passes. This is normally your internet zone.

       GATEWAY(S) (gateway or gateways) - address-or-range [ , ... ]
	   The IP address of the remote tunnel gateway. If the remote gateway has no fixed address (Road Warrior) then specify the gateway as
	   ::/0. May be specified as a network address and if your kernel and ip6tables include iprange match support then IP address ranges are
	   also allowed.

	   Beginning with Shorewall 4.5.3, a list of addresses or ranges may be given. Exclusion (shorewall6-exclusion[1] (5) ) is not supported.

       GATEWAY ZONE(S) (gateway_zone or gateway_zones) - [zone[,zone]...]
	   Optional. If the gateway system specified in the third column is a standalone host then this column should contain a comma-separated
	   list of the names of the zones that the host might be in. This column only applies to IPSEC tunnels where it enables ISAKMP traffic to
	   flow through the tunnel to the remote gateway(s).

EXAMPLE

       Example 1:
	   IPSec tunnel.

	   The remote gateway is 2001:cec792b4:1::44. The tunnel does not use the AH protocol

		       #TYPE	       ZONE    GATEWAY
		       ipsec:noah      net     2002:cec792b4:1::44

       Example 2:
	   Road Warrior (LapTop that may connect from anywhere) where the "gw" zone is used to represent the remote LapTop

		       #TYPE	       ZONE    GATEWAY		       GATEWAY ZONES
		       ipsec	       net     ::/0		       gw

       Example 3:
	   Host 2001:cec792b4:1::44 is a standalone system connected via an ipsec tunnel to the firewall system. The host is in zone gw.

		       #TYPE	       ZONE    GATEWAY		       GATEWAY ZONES
		       ipsec	       net     2001:cec792b4:1::44     gw

       Example 4:
	   OPENVPN tunnel. The remote gateway is 2001:cec792b4:1::44 and openvpn uses port 7777.

		       #TYPE	       ZONE    GATEWAY		       GATEWAY ZONES
		       openvpn:7777    net     2001:cec792b4:1::44

       Example 8:
	   You have a tunnel that is not one of the supported types. Your tunnel uses UDP port 4444. The other end of the tunnel is
	   2001:cec792b4:1::44.

		       #TYPE		ZONE	GATEWAY 	       GATEWAY ZONES
		       generic:udp:4444 net	2001:cec792b4:1::44

FILES

       /etc/shorewall6/tunnels

SEE ALSO

       http://shorewall.net/configuration_file_basics.htm#Pairs

       shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
       shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5),
       shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5),
       shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-zones(5)

NOTES

	1. shorewall6-exclusion
	   http://www.shorewall.net/manpages6/shorewall6-exclusion.html

[FIXME: source] 						    06/28/2012						     SHOREWALL6-TUNNELS(5)
All times are GMT -4. The time now is 11:11 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy