On Jan 30, 5:00 pm, Anand Sivaram <aspn...@gmail.com> wrote: > On Sun, Jan 30, 2011 at 20:48, geertsky <bege...@gmail.com> wrote: > > Hello, > > I'm having a wierd problem I cannot solve... > > I have a pptp connection from my house to my server using > > 192.168.2.0/24 range ip's > > I ḿ trying to make mysql access able from the 192.168.2.0/24 network. > > On the server I've got ufw firewall so I state "ufw insert 4 allow > > proto tcp from 192.168.2.0/24 to 192.168.2.1 port 3306" > > This gives ufw status numbered: > > Status: active > > > To Action From > > -- ------ ---- > > [ 1] 22/tcp ALLOW IN Anywhere > > [ 2] 1723/tcp ALLOW IN Anywhere > > [ 3] Anywhere DENY IN 192.168.254.0/24 > > [ 4] 192.168.2.1 3306/tcp ALLOW IN 192.168.2.0/24 > > [ 5] 192.168.2.1 80/tcp ALLOW IN 192.168.2.0/24 > > [ 6] 80/tcp ALLOW IN Anywhere > > [ 7] 21/tcp ALLOW IN Anywhere > > [ 8] 192.168.2.0/24 DENY IN 192.168.100.0/24 > > [ 9] 192.168.2.0/24 DENY IN 192.168.1.0/24 > > [10] 217.148.94.148 25 ALLOW IN Anywhere > > [11] 217.148.94.148 993 ALLOW IN Anywhere > > [12] 217.148.94.148 995 ALLOW IN Anywhere > > > looks good I thought... > > To test I used netcat because mysqld has some restrictions and to rule > > any mysql problems out first just a netcat connction... > > so on the server: nc -vl 192.168.2.1 3306 > > on the client: telnet 192.168.2.1 3306 > > and it timesout unable to connect... > > ping 192.168.2.1 on the client gives replys... > > iptables -L on the client gives ACCEPT ACCEPT ACCEPT and no further > > rules... > > hhm... strange... > > After this I've been looking everyhere to findout eventually the > > following: > > ufw delete 4 #delete the existing mysql accept rule > > ufw insert 4 allow proto tcp from 192.168.2.0/24 to 192.168.2.1 port > > 3307 > > ufw status numbered gives: > > Status: active > > > To Action From > > -- ------ ---- > > [ 1] 22/tcp ALLOW IN Anywhere > > [ 2] 1723/tcp ALLOW IN Anywhere > > [ 3] Anywhere DENY IN 192.168.254.0/24 > > [ 4] 192.168.2.1 3307/tcp ALLOW IN 192.168.2.0/24 > > [ 5] 192.168.2.1 80/tcp ALLOW IN 192.168.2.0/24 > > [ 6] 80/tcp ALLOW IN Anywhere > > [ 7] 21/tcp ALLOW IN Anywhere > > [ 8] 192.168.2.0/24 DENY IN 192.168.100.0/24 > > [ 9] 192.168.2.0/24 DENY IN 192.168.1.0/24 > > [10] 217.148.94.148 25 ALLOW IN Anywhere > > [11] 217.148.94.148 993 ALLOW IN Anywhere > > [12] 217.148.94.148 995 ALLOW IN Anywhere > > > on the server: nc -vl 192.168.2.1 3307 > > on the client: telnet 192.168.2.1 3307 > > Connected to 192.168.2.1. > > Escape character is '^]'.!!!!!!!!!!!! > > and i can chat as supposed to be able using nc. > > > Apparently there is somewhere in the os a rule which disables access > > to port 3306, but it's not a iptables rule... > > Does anyone have a idea what apart from iptables controls network > > traffic? > > Thanks cause I'm completely lost... > > > Greetings, > > Geert > > > -- > > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > > with a subject of "unsubscribe". Trouble? Contact > > listmas...@lists.debian.org > > Archive: > > http://lists.debian.org/f663cbd7-417e-4581-9574-90891eae4...@b34g2000yqc.googlegroups.com > > * Could you try it after completely disabling the firewall once, to make > sure that 3306 works. > * Also to see the stats, use "iptables -L -vn" to get the packet stats > also. Take two of these logs before and after > trying to connect to 3306, see which particular rule counter is going up. HI, I forgot to mention... but also disabling the firewall completely results in a timeout... I guess it has to be some client side setting... Your iptables suggestions are not going to show anything I 'm afraid... cause completely disabling the firewall doesn work...
Greetings, Geert -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e5e52905-3e85-4cde-adfe-247f5a4fa...@k9g2000yqi.googlegroups.com
