Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 21st September 2011, 05:18
john boy john boy is offline
Junior Member
 
Join Date: Apr 2011
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default Remote MySQL gone sideways

Hi all
Need to setup Remote access via port 3306
Followed this help file
/etc/Bastille/bastille-firewall.cfg
Add port 3306 to line below so it reads
TCP_PUBLIC_SERVICES="21 22 25 53 80 81 110 143 443 3306 10000"

Restart firewall -
/etc/init.d/bastille-firewall restart
then
/etc/mysql/my.cnf
bind-address = *.*.*.*
/etc/init.d/mysql restart

No sites, admn console and no putty via wan
No admin console, buthave sites and putty via lan

This didn't work caus I was using Failban2 hummm...
So i just changed it back
Still not working via lan

Please Help any direction is good

John Boy
Reply With Quote
Sponsored Links
  #2  
Old 21st September 2011, 09:44
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 34,628
Thanks: 793
Thanked 4,998 Times in 3,909 Posts
Default

The bind-address = *.*.*.* is wrong. To configure mysql to listen on all interfaces you have to comment out the bind address line.

Regarding batsille firewall, never edit the config files manually, use always the ispconfig interface.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 21st September 2011, 10:31
john boy john boy is offline
Junior Member
 
Join Date: Apr 2011
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks Till for the reply

But as I said "So i just changed it back"
So Iremarked out the bind-address = *.*.*.*
restarted service
This has the result of putty, website and admin console is access by lan access only
Still no access via WAN address
Reply With Quote
  #4  
Old 21st September 2011, 11:09
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 99 Times in 95 Posts
Default

- Add 3306 to the firewall config VIA ISPConfig web admin.
- comment "bind-address" in my.cnf
- restart mysql
- show us the output of:
Code:
netstat -tapn | grep 3306
iptables-save
__________________
Real men don't backup... Real men cry!

http://www.e-rave.nl/
Reply With Quote
  #5  
Old 22nd September 2011, 02:09
john boy john boy is offline
Junior Member
 
Join Date: Apr 2011
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks Mark for that pointer

netstat -tapn | grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 3023/mysqld

Still no acess to sites, console or Putty to server via WAN
But have full LAN access
Reply With Quote
  #6  
Old 22nd September 2011, 03:29
john boy john boy is offline
Junior Member
 
Join Date: Apr 2011
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Add this as well

netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost:10025 *:* LISTEN 1268/master
tcp 0 0 *:mysql *:* LISTEN 6044/mysqld
tcp 0 0 *:www *:* LISTEN 1369/apache2
tcp 0 0 *:81 *:* LISTEN 1369/apache2
tcp 0 0 *:tproxy *:* LISTEN 1369/apache2
tcp 0 0 *:ftp *:* LISTEN 1281/pure-ftpd (SER
tcp 0 0 econ2.accc.net.a:domain *:* LISTEN 915/named
tcp 0 0 localhost:domain *:* LISTEN 915/named
tcp 0 0 *:ssh *:* LISTEN 792/sshd
tcp 0 0 *:smtp *:* LISTEN 1268/master
tcp 0 0 localhost:953 *:* LISTEN 915/named
tcp 0 0 *:https *:* LISTEN 1369/apache2
tcp 0 0 econ2.accc.net.au:ssh ns3.accc.net.au:2874 ESTABLISHED 2569/sshd: root@not
tcp 0 0 econ2.accc.net.au:ssh ns3.accc.net.au:3210 ESTABLISHED 2933/sshd: root@not
tcp 0 52 econ2.accc.net.au:ssh ns3.accc.net.au:3725 ESTABLISHED 5874/0
tcp6 0 0 [::]:imaps [::]:* LISTEN 1144/couriertcpd
tcp6 0 0 [::]op3s [::]:* LISTEN 1178/couriertcpd
tcp6 0 0 [::]op3 [::]:* LISTEN 1158/couriertcpd
tcp6 0 0 [::]:imap2 [::]:* LISTEN 1124/couriertcpd
tcp6 0 0 [::]:ftp [::]:* LISTEN 1281/pure-ftpd (SER
tcp6 0 0 [::]:domain [::]:* LISTEN 915/named
tcp6 0 0 [::]:ssh [::]:* LISTEN 792/sshd
tcp6 0 0 localhost:953 [::]:* LISTEN 915/named
Reply With Quote
  #7  
Old 22nd September 2011, 03:55
john boy john boy is offline
Junior Member
 
Join Date: Apr 2011
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default

# iptables-save
# Generated by iptables-save v1.4.4 on Thu Sep 22 11:45:20 2011
*mangle
:PREROUTING ACCEPT [11429:913259]
:INPUT ACCEPT [4593:539925]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3563:2232985]
:POSTROUTING ACCEPT [3551:2229025]
COMMIT
# Completed on Thu Sep 22 11:45:20 2011
# Generated by iptables-save v1.4.4 on Thu Sep 22 11:45:20 2011
*nat
:PREROUTING ACCEPT [7118:414299]
:OUTPUT ACCEPT [188:11459]
:POSTROUTING ACCEPT [188:11459]
COMMIT
# Completed on Thu Sep 22 11:45:20 2011
# Generated by iptables-save v1.4.4 on Thu Sep 22 11:45:20 2011
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [439:37815]
:INT_IN - [0:0]
:INT_OUT - [0:0]
:PAROLE - [0:0]
:PUB_IN - [0:0]
:PUB_OUT - [0:0]
:fail2ban-ssh - [0:0]
-A INPUT -d 127.0.0.0/8 ! -i lo -p tcp -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 224.0.0.0/4 -j DROP
-A INPUT -i eth+ -j PUB_IN
-A INPUT -i ppp+ -j PUB_IN
-A INPUT -i slip+ -j PUB_IN
-A INPUT -i venet+ -j PUB_IN
-A INPUT -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j DROP
-A OUTPUT -o eth+ -j PUB_OUT
-A OUTPUT -o ppp+ -j PUB_OUT
-A OUTPUT -o slip+ -j PUB_OUT
-A OUTPUT -o venet+ -j PUB_OUT
-A INT_IN -p icmp -j ACCEPT
-A INT_IN -j DROP
-A INT_OUT -p icmp -j ACCEPT
-A INT_OUT -j ACCEPT
-A PAROLE -j ACCEPT
-A PUB_IN -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A PUB_IN -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A PUB_IN -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A PUB_IN -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A PUB_IN -p tcp -m tcp --dport 20 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 21 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 22 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 25 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 53 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 80 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 81 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 110 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 143 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 443 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 3306 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 8080 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 8081 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 10000 -j PAROLE
-A PUB_IN -p udp -m udp --dport 53 -j ACCEPT
-A PUB_IN -p udp -m udp --dport 80 -j ACCEPT
-A PUB_IN -p udp -m udp --dport 3306 -j ACCEPT
-A PUB_IN -p icmp -j DROP
-A PUB_IN -j DROP
-A PUB_OUT -j ACCEPT
-A fail2ban-ssh -j RETURN
COMMIT
Reply With Quote
  #8  
Old 22nd September 2011, 09:10
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 99 Times in 95 Posts
Default

Ok, so we know mysql is running on all interfaces and there are rules in the firewall that should allow connections from the outside.

- Is there a router between your server and the WAN which possibly need some port forwarding?
- Clear your iptables and try to connect (so we can exclude the firewall if the problem still occurs)
__________________
Real men don't backup... Real men cry!

http://www.e-rave.nl/
Reply With Quote
  #9  
Old 22nd September 2011, 09:57
john boy john boy is offline
Junior Member
 
Join Date: Apr 2011
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default

There is a router with forwarding on ports all working

Clear iptable is done by
# iptables --flush
Done and still no luck
Reply With Quote
  #10  
Old 22nd September 2011, 10:40
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 99 Times in 95 Posts
 
Default

Your INPUT is defaulted to DROP

so you might want to be sure and set it to ACCEPT

you want this to be sure everything is cleared:
Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
then try to connect from the WAN (remeber that when you try to conncet to the external ip from within your own local network some routers don't know how to handle this, so try from a completely differnt machine outside of your network
__________________
Real men don't backup... Real men cry!

http://www.e-rave.nl/
Reply With Quote
Reply

Bookmarks

Tags
remote mysql

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't login (w/ remote MySQL) menganito Installation/Configuration 3 16th May 2011 15:43
CPU load locks up box. Apache or MYSQL related. crypted General 61 29th October 2010 22:16
ISPConfig3 Mail Warn Errors reason8 General 3 25th November 2009 13:58
Management/system config/settings & /server/settings not working!! dactor Installation/Configuration 9 6th February 2008 09:11
Can't Remote Access mysql 4.1 dedibox Installation/Configuration 2 24th August 2006 10:32


All times are GMT +2. The time now is 09:32.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.