Hi, Anyone know if there are any other ports I need to configure to allow access to mysql? I''ve setup this rule in my rules file: ACCEPT net:216.52.220.121 loc tcp 3306 And it seems that at least the initial connect is fine, if I simply go into port 3306: # telnet somehost 3306 Trying 38.118.152.246... Connected to server2 (38.118.152.246). Escape character is ''^]''. '' 4.0.13??OroYN[_J, However, if I use the mysql client program, it just hangs: # /usr/bin/mysql -h somehost -u user -B db -P 3306 -p Enter password: I enter in the password, and then it just hangs... help! :-) Ricardo
Try allowing incoming UDP 3306 also. ----- Original Message ----- From: "Ricardo Kleemann" <ricardo@americasnet.com> To: <shorewall-users@lists.shorewall.net> Sent: Wednesday, September 03, 2003 10:52 AM Subject: [Shorewall-users] please help opening up for mysql> Hi, > > Anyone know if there are any other ports I need to configure > to allow access to mysql? > > I''ve setup this rule in my rules file: > > ACCEPT net:216.52.220.121 loc tcp 3306 > > And it seems that at least the initial connect is fine, if I > simply go into port 3306: > > # telnet somehost 3306 > Trying 38.118.152.246... > Connected to server2 (38.118.152.246). > Escape character is ''^]''. > '' > 4.0.13??OroYN[_J, > > However, if I use the mysql client program, it just hangs: > > # /usr/bin/mysql -h somehost -u user -B db -P 3306 -p > Enter password: > > I enter in the password, and then it just hangs... > > help! :-) > > Ricardo > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:http://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
Ok...> Try allowing incoming UDP 3306 also.I did that but still having problems... :-/ The strange thing is that if I try to access and provide the incorrect password, I do get an error back from the server. But if I provide the correct password for access, it just hangs. Ricardo
----- Original Message Follows -----> Try allowing incoming UDP 3306 also.Ok, one clue now is that I''m getting a net2all:DROP in my shorewall.log: Sep 3 15:37:08 firewall Shorewall:net2all:DROP: IN=eth0 OUT=eth1 MAC=00:00:24:c0:01:08:00:00:cd:04:fd:48:08:00 SRC=65.86.234.142 DST=192.168.1.246 LEN=60 TOS=00 PREC=0x00 TTL=53 ID=59544 DF PROTO=TCP SPT=1183 DPT=3306 SEQ=2749242935 ACK=0 WINDOW=5840 SYN URGP=0 Do I need to add something else in my rules file? Ricardo
Are you using a DNAT rule or an ACCEPT rule? I believe you said you were using an ACCEPT rule. Looks like you need DNAT (DST=192.168.1.246). -d Ricardo Kleemann wrote:> ----- Original Message Follows ----- > >>Try allowing incoming UDP 3306 also. > > > Ok, one clue now is that I''m getting a net2all:DROP in my > shorewall.log: > > > Sep 3 15:37:08 firewall Shorewall:net2all:DROP: IN=eth0 > OUT=eth1 MAC=00:00:24:c0:01:08:00:00:cd:04:fd:48:08:00 > SRC=65.86.234.142 DST=192.168.1.246 LEN=60 TOS=00 PREC=0x00 > TTL=53 ID=59544 DF PROTO=TCP SPT=1183 DPT=3306 > SEQ=2749242935 ACK=0 WINDOW=5840 SYN URGP=0 > > Do I need to add something else in my rules file? > > Ricardo > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: http://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
Thanks! ----- Original Message Follows -----> Are you using a DNAT rule or an ACCEPT rule? I believe you > said you were using an ACCEPT rule. Looks like you need > DNAT (DST=192.168.1.246).Actually I figured out my problem... I was using an extra parameter to the mysql command line (-B) which I shouldn''t be using. So it actually works only with the ACCEPT line, for tcp (no need for udp either) Ricardo