Iptables Allow MYSQL server incoming requests

Question

I am trying to get my new MediaWiki server to allow connections to our MySql Server and right now I cannot get my iptables firewall set up right for this.

The rule I am applying is the following

    iptables -A INPUT -p tcp -d 129.130.155.39 --dport 3306 -j ACCEPT           # MySQL

But my iptables log is still show that the connections can not be established and is being blocked/denied.

    Nov 21 09:48:39 hds-it kernel: Firewall Deny: [OUTPUT] IN= OUT=eth1 SRC=129.130.155.210 DST=129.130.155.39 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29232 DF PROTO=TCP SPT=58862 DPT=3306 SEQ=914529531 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A03BCF2BC0000000001030307)

When I turn off iptables, everything works as it should including editing the wiki database. What am I doing wrong with my rule?

Edit: here is my output from iptables -L -n -v => http://pastie.org/5413124 I could not get it to format right here.

Please post other rules as well (``iptables -L -n -v``). The order of rules in the chains *do* matter. Therefore, it might be blocked by a rule earlier in the chain. — gertvdijk, Nov 21 '12 at 16:00
Yes 129.130.155.39 is the MySql server. Here is the iptable -L -n v http://pastie.org/5413124 — thompatry, Nov 21 '12 at 17:00

score 1 · Answer 1 · answered Nov 21 '12 at 16:38

1

From your log entry, this appears to be outgoing traffic, not incoming. You need to place the rule in the OUTPUT chain, not the INPUT chain.

answered Nov 21 '12 at 16:38

Michael Hampton

244,070
43
506
972

I did do this and it still did not make a difference. Same error. – thompatry Nov 23 '12 at 05:51

score 0 · Answer 2 · answered Nov 29 '12 at 15:37

0

I realized what was going on. I accidentally switch two numbers around in one of my rules in the IP and that was was not allowing it to work. So I had 192 instead of 129... Sorry. Thank!

answered Nov 29 '12 at 15:37

thompatry

1
2

Iptables Allow MYSQL server incoming requests

2 Answers2