How to allow an ip address to access a specific port on the server without blocking other traffic

Question

First off, am using Firewalld and my configuration is as follows:

All traffic is allowed (nothin fancy).
Server has MySQL and Apache2 (Linux Debian)

I need to allow MySQL remote connections to a specific ip address (my ip) without shutting out http connections. The MySQL config file only allows one ip and thus I can't directly add my ip there cuz then Apache2 won't be able to connect over http that's why am looking for a firewall solution.

I have also tried creating a specific zone using firewalld (firewall-cmd) but the zone ended up blocking all http traffic since it had a source ip and thus ended up here.

Any help is greatly appreciate.

score 0 · Answer 1 · answered Sep 02 '21 at 06:22

0

Opening MySQL port anywhere outside is a security risk and I prefer to avoid it.

I would leave MySQL listening to localhost and instead use SSH port forwarding to access MySQL remotely:

Run ssh -L 3306:localhost:3306 user@example.com on the remote machine
On remote machine, use localhost as the MySQL server.

If you need to have the SSH connection on all the time, then you can use a tool autossh which keeps the SSH connection open and automatically reconnects if it is disconnected at some point.

answered Sep 02 '21 at 06:22

Tero Kilkanen

36,796
3
41
63

I get the idea but how would you apply that approach in PHP or Python.? – Dennisrec Sep 02 '21 at 10:38
You need to run the SSH connection in the background, and in PHP / Python DB connector use localhost port 3306 as the server address. – Tero Kilkanen Sep 02 '21 at 13:58

How to allow an ip address to access a specific port on the server without blocking other traffic

1 Answers1