From: Josh Trutwin (joshtrutwins.homeip.net)
Date: Fri Jul 02 2004 - 08:45:28 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2 Jul 2004 06:34:39 -0700
"bruce" <bedouglasearthlink.net> wrote:

> i'm investigating what needs to be done to allow mysql on a server
> to be used remotely by client machines. each machine is running
> iptables. so i'm wondering what has to be in the iptables for the
> machine being used as the mysql server, as well as the client
> machines that will be communicating with the mysql box...

Assuming tcp communications in mysqld are not disabled and grant permissions are setup to allow remote connections, you should just be able to just allow your firewall to accept port 3306 (the default MySQL port)

I use this on my FORWARD chain as I NAT it - you'll probably use it on the INPUT chain if you are running the firewall on a local machine:

$IPTABLES -A FORWARD -p tcp -j ACCEPT --dport 3306 -m state --state NEW

The --state NEW is used in conjunction with:

$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

which says to accept all connections that have already been established. $IPTABLES is just a var with the path to the iptables command.

> also, how would i test that the iptable/mysql configuration setup is
> working properly...

Best way to test is to actually try it I guess. Find a remote computer and see if your iptables rules allows you to connect to mysql. If you are able to connect to mysql and input your username/password but get a permission denied or something then most likely your GRANTs are incorrect. Make sure connections are still denied by your firewall on ports you have closed, turn on logging, etc.

Josh

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]