Re: iptables/routing network problem
On Sun, 30 Jan 2011 13:30:40 -0800 (PST)
geertsky <begeert@gmail.com> wrote:
> On Jan 30, 10:20 pm, geertsky <bege...@gmail.com> wrote:
> > On Jan 30, 4:50 pm, Mihira Fernando <mihirathe...@gmail.com> wrote:
> >
> >
> >
> > > On 01/30/2011 08:48 PM, geertsky wrote:
> >
> > > > Hello,
> > > > I'm having a wierd problem I cannot solve...
> > > > I have a pptp connection from my house to my server using
> > > > 192.168.2.0/24 range ip's
> > > > I ḿ trying to make mysql access able from the 192.168.2.0/24
> > > > network. On the server I've got ufw firewall so I state "ufw
> > > > insert 4 allow proto tcp from 192.168.2.0/24 to 192.168.2.1
> > > > port 3306" [snip]
> >
> > > > Apparently there is somewhere in the os a rule which disables
> > > > access to port 3306, but it's not a iptables rule...
> > > > Does anyone have a idea what apart from iptables controls
> > > > network traffic?
> > > > Thanks cause I'm completely lost...
> >
> > > > Greetings,
> > > > Geert
> >
> > > Maybe a stupid question but have you enabled network access in
> > > the MySQL server settings so that MySQL will actually accept
> > > connections over the network ?
> >
> > > Mihira.
> >
> > > --
> > > To UNSUBSCRIBE, email to debian-user-REQU...@lists.debian.org
> > > with a subject of "unsubscribe". Trouble? Contact
> > > listmas...@lists.debian.org Archive:
> > > http://lists.debian.org/4D45865A.10...@gmail.com
> >
> > Hi Mihira,
> > I'm not trying connecting to mysql, well not with the tests
> > atleast... I'm using netcat to try to make a connection to port
> > 3306 and that even fails...
> >
> > Greetings,
> > Geert
> >
> > --
> > To UNSUBSCRIBE, email to debian-user-REQU...@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> > listmas...@lists.debian.org Archive:
> > http://lists.debian.org/b3b35d5d-20a1-448c-a1d7-103b93389...@q36g2000yqn.googlegroups.com
>
> Ok, am a bit further now...
> So I found out it's the pptp connection who is malicious configured
> somehow...
> I have other pptp conections also listening on that server and a
> connection over one of the other pptp servers succeeds!
> Still very strange though... why only the port 3306 is infected by
> this...
> Anyways... I'll look into it maybe tomorrow or something and I'll
> report what I mis configured...
>
> If anyone has suggestions I'm happy to hear it!
>
Your PPTP servers are presumably handing out different DHCP scopes,
based on different server addresses. Check in /etc/mysql/my.cnf for the
bind-address parameter, and confirm it contains all the PPTP server
addresses. This still looks the most likely issue.
You mention above that you are not trying to connect to mysql, just
check the port. A slight misunderstanding, you can never check whether
a firewall port is open by sending to it. What you are doing is both
checking that the firewall port is open and also that there is a
process listening on that port and is willing to reply. Whatever tool
you use to try the connection, it must be mysql which replies, (you
already know that mysql is correctly binding to 3306 when it starts,
because other addresses work). So any mysql configuration which
prevents replying will also cause the port to appear closed.
There is a further stage of configuration, in the mysql database store
itself. It stores user names and (hashed) password pairs but the user
names are linked to IP addresses or ranges. This is another area that
might have a problem.
The table is 'user' in the database 'mysql', and you'll need root
(mysql root, not Linux) privileges to edit it. I'm sorry, I can't give
you the mysql commands, I've been using phpmyadmin for so long I can't
remember them. But any mysql tutorial will show you how to add and edit
users. The % is the wildcard in mysql, so IP ranges can be configured
with it, or indeed hostnames. A listing of the table will show what
form the other entries take.
--
Joe
Reply to: