Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

iptables - allow MySql

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users iptables - allow MySql
# 1  
Old 04-10-2018
iptables - allow MySql
Hi

I want to allow mysql connections to my server and I have added the following iptables.

Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:mysql

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:mysql

Unfortunately they dont seem to be working
Could someone please provide the correct set of commands to enable mysql access via iptables?

Thank you
Damien
Last edited by damogallagher; 04-10-2018 at 07:39 AM..
# 2  
Old 04-10-2018
Quote:
Unfortunately they dont seem to be working
What do you mean by saying it is not working?
  • What exactly are you doing(actually typed in commands)?
  • What is the exact error message you got?
  • What interfaces is your mysql server configured to listen to(netstat -ntlp)
  • Making mysql listen to non-local interfaces should done with care because it may open a security threat if not done properly.
Last edited by stomp; 04-10-2018 at 07:43 AM..
# 3  
Old 04-10-2018
Quote:
Originally Posted by stomp
What do you mean by saying it is not working?

What exactly are doing(actually typed in commands)?
What is the exact error message you got?

What interfaces is your mysql server configured to listen to(netstat -ntlp)?
I mean I still cannot connect to mysql on my remote server.
The commands I am using are as follows
Code:
iptables -I INPUT -p tcp -m tcp --dport 3306 -j ACCEPT;
iptables-save > /etc/sysconfig/iptables
service iptables restart

I dont get any error message - just mysql cannot connect and appears to hang.

The result of netstat -ntlp is as follows
Code:
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:48008           0.0.0.0:*               LISTEN      29057/perl
tcp        0      0 0.0.0.0:48009           0.0.0.0:*               LISTEN      29077/nimbus(cdm)
tcp        0      0 0.0.0.0:48010           0.0.0.0:*               LISTEN      29058/nimbus(snmptd
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      6655/mysqld
tcp        0      0 0.0.0.0:48011           0.0.0.0:*               LISTEN      29059/nimbus(proces
tcp        0      0 0.0.0.0:48012           0.0.0.0:*               LISTEN      29060/nimbus(hdb)
tcp        0      0 127.0.0.1:38125         0.0.0.0:*               LISTEN      340/magent
tcp        0      0 127.0.0.1:46413         0.0.0.0:*               LISTEN      340/magent
tcp        0      0 0.0.0.0:48013           0.0.0.0:*               LISTEN      29266/nimbus(logmon
tcp        0      0 0.0.0.0:8400            0.0.0.0:*               LISTEN      23025/cvd
tcp        0      0 0.0.0.0:8402            0.0.0.0:*               LISTEN      23026/EvMgrC
tcp        0      0 127.0.0.1:42581         0.0.0.0:*               LISTEN      23025/cvd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      5398/sshd
tcp        0      0 0.0.0.0:60056           0.0.0.0:*               LISTEN      23025/cvd
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      4899/master
tcp        0      0 127.0.0.1:8126          0.0.0.0:*               LISTEN      322/trace-agent
tcp        0      0 0.0.0.0:8192            0.0.0.0:*               LISTEN      339/mrouter
tcp        0      0 0.0.0.0:48000           0.0.0.0:*               LISTEN      12718/nimbus(contro
tcp        0      0 0.0.0.0:8193            0.0.0.0:*               LISTEN      339/mrouter
tcp        0      0 0.0.0.0:48001           0.0.0.0:*               LISTEN      12721/nimbus(spoole
tcp        0      0 127.0.0.1:7777          0.0.0.0:*               LISTEN      322/trace-agent
tcp        0      0 0.0.0.0:45249           0.0.0.0:*               LISTEN      23026/EvMgrC
tcp        0      0 0.0.0.0:8194            0.0.0.0:*               LISTEN      339/mrouter
tcp        0      0 127.0.0.1:17123         0.0.0.0:*               LISTEN      324/python
tcp        0      0 0.0.0.0:48007           0.0.0.0:*               LISTEN      12718/nimbus(contro
tcp        0      0 127.0.0.1:199           0.0.0.0:*               LISTEN      5648/snmpd
tcp6       0      0 :::80                   :::*                    LISTEN      1741/httpd
tcp6       0      0 :::52787                :::*                    LISTEN      1426/java
tcp6       0      0 :::22                   :::*                    LISTEN      5398/sshd
tcp6       0      0 :::3000                 :::*                    LISTEN      1426/java
tcp6       0      0 :::25                   :::*                    LISTEN      4899/master
tcp6       0      0 :::443                  :::*                    LISTEN      1741/httpd
tcp6       0      0 ::1:17123               :::*                    LISTEN      324/python

# 4  
Old 04-10-2018
Seems that the mysqld listening to all interfaces. That one checked and fine.

---

Quote:
I dont get any error message - just mysql cannot connect and appears to hang.
That points to a possible firewall issue with the mysql server just dropping the packages of the mysql-connection attempt, the mysql server is being blocked completely or the mysql server is not reachable via ip(check with ping!).

---

Please check if the mysql-port is open from the machine from which you are trying to connect:

Code:
nmap -p3306 -P0 ip.of.mysql.server

Check/Show your complete firewall rule set(iptables -L -v -n):
Last edited by stomp; 04-10-2018 at 07:53 AM..
# 5  
Old 04-10-2018
Quote:
Originally Posted by stomp
Seems that the mysqld listening to all interfaces. That one checked and fine.

---

Please check if the mysql-port is open from the machine from which you are trying to connect:

Code:
nmap -p3306 -P0 ip.of.mysql.server

Check/Show your complete firewall rule set(iptables -L -v n):
This is the result of running the nmap command
Code:
Host is up.
PORT     STATE    SERVICE
3306/tcp filtered mysql

# 6  
Old 04-10-2018
Quote:
Check/Show your complete firewall rule set(iptables -L -v n):
That one is still open.

And for the record, the answer in the first place, which gets us most information about your situation and error to be able to best help you would have been this:
  1. What I have executed is this: mysql -h 1.2.3.4
  2. What I got is this: ERROR 2003 (HY000): Can't connect to MySQL server on '1.2.3.4' (101 "Network is unreachable")
# 7  
Old 04-10-2018
Quote:
Originally Posted by stomp
That one is still open.

And for the record, the answer in the first place, which gets us most information about your situation and error to be able to best help you would have been this:
  1. What I have executed is this: mysql -h 1.2.3.4
  2. What I got is this: ERROR 2003 (HY000): Can't connect to MySQL server on '1.2.3.4' (101 "Network is unreachable")
Apologies - here is the result of that command
Code:
Chain INPUT (policy ACCEPT 323 packets, 123K bytes)
 pkts bytes target     prot opt in     out     source               destination
 5244  285K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:3306

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 7357 packets, 19M bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:3306

when I run mysql -h 1.2.3.4 - it just hangs and cannot connect

---------- Post updated at 06:32 AM ---------- Previous update was at 06:20 AM ----------

The server is hosted by Rackspace.
Is there a chance the connection may be getting blocked by some firewall functionality in the admin console?
Login or Register to Ask a Question

Previous Thread | Next Thread

5 More Discussions You Might Find Interesting

1. IP Networking

Iptables Log in mysql

Hello all friends I am using ulogd with iptables to import iptables log into mysql but it is not working , Is there any way to log iptables log into mysql , i am using centos 6 Thanks (0 Replies)
Discussion started by: rink
0 Replies

2. UNIX and Linux Applications

MySQL Daemon failed to start - no mysql.sock file

After doing a yum install mysql mysql-server on Fedora 14 I wasn't able to fully install the packages correctly. It installed MySQL 5.1. I was getting the following error when running the: mysql ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)... (3 Replies)
Discussion started by: jastanle84
3 Replies

3. Red Hat

MySQL conflicts with mysql-3.23.58-16.RHEL3.1

I am tring to install mysql 5.0 on redhat linux3. In this server mysql 3 is already installed and hence while I install mysql 5 it gives the following error. How I can install mysql 5 with out affect previous installation? bash-2.05b# rpm -i MySQL-server-community-5.0.41-0.rhel3.i386.rpm... (2 Replies)
Discussion started by: johnveslin
2 Replies

4. UNIX for Advanced & Expert Users

mysql would not start: missing mysql.sock

I recently installed mysql-standard-5.0.21-solaris9-sparc-64bit.pkg on a Solaris 9 machine (SunOS 5.9 Generic_118558-19 sun4u sparc SUNW,Ultra-250). The package installation went very smooth, however, starting mysql is a different story. I get the message below everytime I try to start mysql: #... (2 Replies)
Discussion started by: xnightcrawl
2 Replies

5. UNIX for Advanced & Expert Users

MySQL problem >> missing mysql.sock

MySQL on my server is down.... I figured out that the mysqld process isn't running. When I try to run it, it says it can't find mysql.sock Any suggestions? Here's what I can't do: can't be root don't have physical access (do stuff via SSH) reinstall MySQL (need to keep the current MySQL... (8 Replies)
Discussion started by: _hp_
8 Replies
Login or Register to Ask a Question