On Sun, Jan 30, 2011 at 20:48, geertsky <bege...@gmail.com> wrote:
> Hello, > I'm having a wierd problem I cannot solve... > I have a pptp connection from my house to my server using > 192.168.2.0/24 range ip's > I ḿ trying to make mysql access able from the 192.168.2.0/24 network. > On the server I've got ufw firewall so I state "ufw insert 4 allow > proto tcp from 192.168.2.0/24 to 192.168.2.1 port 3306" > This gives ufw status numbered: > Status: active > > To Action From > -- ------ ---- > [ 1] 22/tcp ALLOW IN Anywhere > [ 2] 1723/tcp ALLOW IN Anywhere > [ 3] Anywhere DENY IN 192.168.254.0/24 > [ 4] 192.168.2.1 3306/tcp ALLOW IN 192.168.2.0/24 > [ 5] 192.168.2.1 80/tcp ALLOW IN 192.168.2.0/24 > [ 6] 80/tcp ALLOW IN Anywhere > [ 7] 21/tcp ALLOW IN Anywhere > [ 8] 192.168.2.0/24 DENY IN 192.168.100.0/24 > [ 9] 192.168.2.0/24 DENY IN 192.168.1.0/24 > [10] 217.148.94.148 25 ALLOW IN Anywhere > [11] 217.148.94.148 993 ALLOW IN Anywhere > [12] 217.148.94.148 995 ALLOW IN Anywhere > > looks good I thought... > To test I used netcat because mysqld has some restrictions and to rule > any mysql problems out first just a netcat connction... > so on the server: nc -vl 192.168.2.1 3306 > on the client: telnet 192.168.2.1 3306 > and it timesout unable to connect... > ping 192.168.2.1 on the client gives replys... > iptables -L on the client gives ACCEPT ACCEPT ACCEPT and no further > rules... > hhm... strange... > After this I've been looking everyhere to findout eventually the > following: > ufw delete 4 #delete the existing mysql accept rule > ufw insert 4 allow proto tcp from 192.168.2.0/24 to 192.168.2.1 port > 3307 > ufw status numbered gives: > Status: active > > To Action From > -- ------ ---- > [ 1] 22/tcp ALLOW IN Anywhere > [ 2] 1723/tcp ALLOW IN Anywhere > [ 3] Anywhere DENY IN 192.168.254.0/24 > [ 4] 192.168.2.1 3307/tcp ALLOW IN 192.168.2.0/24 > [ 5] 192.168.2.1 80/tcp ALLOW IN 192.168.2.0/24 > [ 6] 80/tcp ALLOW IN Anywhere > [ 7] 21/tcp ALLOW IN Anywhere > [ 8] 192.168.2.0/24 DENY IN 192.168.100.0/24 > [ 9] 192.168.2.0/24 DENY IN 192.168.1.0/24 > [10] 217.148.94.148 25 ALLOW IN Anywhere > [11] 217.148.94.148 993 ALLOW IN Anywhere > [12] 217.148.94.148 995 ALLOW IN Anywhere > > on the server: nc -vl 192.168.2.1 3307 > on the client: telnet 192.168.2.1 3307 > Connected to 192.168.2.1. > Escape character is '^]'.!!!!!!!!!!!! > and i can chat as supposed to be able using nc. > > Apparently there is somewhere in the os a rule which disables access > to port 3306, but it's not a iptables rule... > Does anyone have a idea what apart from iptables controls network > traffic? > Thanks cause I'm completely lost... > > Greetings, > Geert > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: > http://lists.debian.org/f663cbd7-417e-4581-9574-90891eae4...@b34g2000yqc.googlegroups.com > > * Could you try it after completely disabling the firewall once, to make sure that 3306 works. * Also to see the stats, use "iptables -L -vn" to get the packet stats also. Take two of these logs before and after trying to connect to 3306, see which particular rule counter is going up.