OVH Community, your new community space.

Iptables


heoheo
16-05-2016, 09:18
Hello Fouad , I also encountered the same bug you. and thanks to those who know to fix it last shared I used to be

heise
15-07-2014, 15:16
I have set phpmyadmin to accept conections only from 127.0.0.1. I then ssh to my server with "ssh 12.23.34.45 -D 1234" 12.23.34.45 Server IP and D dynamically forward on home computer port 1234 to server. This way I have a socks5 proxy I can use in Firefox. If I then open http://127.0.0.1/phpmyadmin the data is going through my ssh tunnel to the server and there locally accessing phpmyadmin. Phpmyadmin is never exposed to the internet and same goes for mysqld. I fear, that you have opened mysqld and phpmyadmin to bruteforce attacks.

https://www.google.com/search?q=check+ports gives you sites that help you check your firewall

Fouad
15-07-2014, 13:38
Quote Originally Posted by heise
Since mysql is running on same server as application, I block networking in mysql alltogether and I connect through sockets.
my.cnf
Code:
[mysqld]
skip-networking
skip-name-resolve
[..]
It all depends, what is your setup and needs, but you didn't give us any details.
im using mysql only for phpmyadmin database no any additional uses

well i've set the iptables successfully without any problems
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:579
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:7171
ACCEPT tcp -- anywhere anywhere tcp dpt:7172
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
DROP all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
i had issues with install iptables before and everything works fine as shown above, but dont know if it rly activated and works correctly or not!

is there anyway to check firewall ?

heise
15-07-2014, 08:59
It depends how you have configured mysql access for your projects.
Since mysql is running on same server as application, I block networking in mysql alltogether and I connect through sockets.
my.cnf
Code:
[mysqld]
skip-networking
skip-name-resolve
[..]
It all depends, what is your setup and needs, but you didn't give us any details.

Fouad
15-07-2014, 04:07
Quote Originally Posted by heise
That depends on your setup.



It depends how you have configured mysql access for your projects.


A firewall is not a blackbox that fits all sizes. You have to see what are your needs and configure a firewall to fulfill as many of those needs as possible. I just published my firewall script http://forum.kimsufi.com/showthread....rewall-amp-DNS
Hello,
Thanks for your replay, could you please tell me how to configure mysql to just allow it after iptables setup ? since i dont have that much experience in firewall im looking only for a way to install iptables to allowing 3 or 4 ports, mysql included without losing connection after the setup.

heise
14-07-2014, 17:02
1- is it make any difference when i setup it in main node, and VPS ?
That depends on your setup.

2-when i install the iptable for ssh(22) and http(80) the web of www blocked and i lose mysql connection too for my project.
It depends how you have configured mysql access for your projects.


A firewall is not a blackbox that fits all sizes. You have to see what are your needs and configure a firewall to fulfill as many of those needs as possible. I just published my firewall script http://forum.kimsufi.com/showthread....rewall-amp-DNS

Fouad
14-07-2014, 15:13
Hello,

Im trying to setup the iptables and i got a couple questions

1- is it make any difference when i setup it in main node, and VPS ?
for example do i need to install the iptables in my VPS if it already installed in main node ?


2-when i install the iptable for ssh(22) and http(80) the web of www blocked and i lose mysql connection too for my project.

any information about how to setup the iptables without losing MYSQL connection and avoid web block ??

Regards