Re: iptables/routing network problem
On Jan 30, 5:00 pm, Anand Sivaram <aspn...@gmail.com> wrote:
> On Sun, Jan 30, 2011 at 20:48, geertsky <bege...@gmail.com> wrote:
> > Hello,
> > I'm having a wierd problem I cannot solve...
> > I have a pptp connection from my house to my server using
> > 192.168.2.0/24 range ip's
> > I ḿ trying to make mysql access able from the 192.168.2.0/24 network.
> > On the server I've got ufw firewall so I state "ufw insert 4 allow
> > proto tcp from 192.168.2.0/24 to 192.168.2.1 port 3306"
> > This gives ufw status numbered:
> > Status: active
>
> > To Action From
> > -- ------ ----
> > [ 1] 22/tcp ALLOW IN Anywhere
> > [ 2] 1723/tcp ALLOW IN Anywhere
> > [ 3] Anywhere DENY IN 192.168.254.0/24
> > [ 4] 192.168.2.1 3306/tcp ALLOW IN 192.168.2.0/24
> > [ 5] 192.168.2.1 80/tcp ALLOW IN 192.168.2.0/24
> > [ 6] 80/tcp ALLOW IN Anywhere
> > [ 7] 21/tcp ALLOW IN Anywhere
> > [ 8] 192.168.2.0/24 DENY IN 192.168.100.0/24
> > [ 9] 192.168.2.0/24 DENY IN 192.168.1.0/24
> > [10] 217.148.94.148 25 ALLOW IN Anywhere
> > [11] 217.148.94.148 993 ALLOW IN Anywhere
> > [12] 217.148.94.148 995 ALLOW IN Anywhere
>
> > looks good I thought...
> > To test I used netcat because mysqld has some restrictions and to rule
> > any mysql problems out first just a netcat connction...
> > so on the server: nc -vl 192.168.2.1 3306
> > on the client: telnet 192.168.2.1 3306
> > and it timesout unable to connect...
> > ping 192.168.2.1 on the client gives replys...
> > iptables -L on the client gives ACCEPT ACCEPT ACCEPT and no further
> > rules...
> > hhm... strange...
> > After this I've been looking everyhere to findout eventually the
> > following:
> > ufw delete 4 #delete the existing mysql accept rule
> > ufw insert 4 allow proto tcp from 192.168.2.0/24 to 192.168.2.1 port
> > 3307
> > ufw status numbered gives:
> > Status: active
>
> > To Action From
> > -- ------ ----
> > [ 1] 22/tcp ALLOW IN Anywhere
> > [ 2] 1723/tcp ALLOW IN Anywhere
> > [ 3] Anywhere DENY IN 192.168.254.0/24
> > [ 4] 192.168.2.1 3307/tcp ALLOW IN 192.168.2.0/24
> > [ 5] 192.168.2.1 80/tcp ALLOW IN 192.168.2.0/24
> > [ 6] 80/tcp ALLOW IN Anywhere
> > [ 7] 21/tcp ALLOW IN Anywhere
> > [ 8] 192.168.2.0/24 DENY IN 192.168.100.0/24
> > [ 9] 192.168.2.0/24 DENY IN 192.168.1.0/24
> > [10] 217.148.94.148 25 ALLOW IN Anywhere
> > [11] 217.148.94.148 993 ALLOW IN Anywhere
> > [12] 217.148.94.148 995 ALLOW IN Anywhere
>
> > on the server: nc -vl 192.168.2.1 3307
> > on the client: telnet 192.168.2.1 3307
> > Connected to 192.168.2.1.
> > Escape character is '^]'.!!!!!!!!!!!!
> > and i can chat as supposed to be able using nc.
>
> > Apparently there is somewhere in the os a rule which disables access
> > to port 3306, but it's not a iptables rule...
> > Does anyone have a idea what apart from iptables controls network
> > traffic?
> > Thanks cause I'm completely lost...
>
> > Greetings,
> > Geert
>
> > --
> > To UNSUBSCRIBE, email to debian-user-REQU...@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> > listmas...@lists.debian.org
> > Archive:
> > http://lists.debian.org/f663cbd7-417e-4581-9574-90891eae4...@b34g2000yqc.googlegroups.com
>
> * Could you try it after completely disabling the firewall once, to make
> sure that 3306 works.
> * Also to see the stats, use "iptables -L -vn" to get the packet stats
> also. Take two of these logs before and after
> trying to connect to 3306, see which particular rule counter is going up.
HI,
I forgot to mention... but also disabling the firewall completely
results in a timeout...
I guess it has to be some client side setting...
Your iptables suggestions are not going to show anything I 'm
afraid... cause completely disabling the firewall doesn work...
Greetings,
Geert
Reply to: