[mythtv-users] Iptables prevent remote database connection
Andrew Robinson
awrobinson-ml at nc.rr.com
Fri Apr 6 01:46:47 UTC 2007
This is similar to a problem discussed in the last couple of days but
with a seemingly different twist. When I have iptables running on the
backend server, I cannot connect to the mythconverg database from a
remote host. When I stop iptables, I can connect. I think I have opened
the required ports. Can anyone tell me what I am doing wrong?
Here is the mysql session with iptables turned off:
[andrew at proteus ~]$ mysql -h muses -u mythtv -p mythconverg
Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 16 to server version: 5.0.27
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> quit
Bye
Here is the mysql session with iptables turned on:
[andrew at proteus ~]$ mysql -h muses -u mythtv -p mythconverg
Enter password:
ERROR 2003 (HY000): Can't connect to MySQL server on 'muses' (113)
And here is the output of 'service iptables status':
[root at muses ~]$ service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
6 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
7 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 state NEW tcp dpt:22
8 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 state NEW tcp dpt:80
9 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 state NEW tcp dpt:443
10 ACCEPT udp -- 192.168.1.0/24 0.0.0.0/0 udp dpt:631
11 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:631
12 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:111
13 ACCEPT udp -- 192.168.1.0/24 0.0.0.0/0 udp dpt:111
14 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:113
15 ACCEPT udp -- 192.168.1.0/24 0.0.0.0/0 udp dpt:113
16 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:2049
17 ACCEPT udp -- 192.168.1.0/24 0.0.0.0/0 udp dpt:2049
18 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpts:4000:4003
19 ACCEPT udp -- 192.168.1.0/24 0.0.0.0/0 udp dpts:4000:4003
20 ACCEPT udp -- 192.168.1.0/24 0.0.0.0/0 udp dpts:137:138
1 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:139
22 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:445
23 ACCEPT udp -- 192.168.1.0/24 0.0.0.0/0 udp dpt:445
24 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-prohibited
25 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:3306
26 ACCEPT udp -- 192.168.1.0/24 0.0.0.0/0 udp dpt:3306
27 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:6543
28 ACCEPT udp -- 192.168.1.0/24 0.0.0.0/0 udp dpt:6543
29 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:6544
30 ACCEPT udp -- 192.168.1.0/24 0.0.0.0/0 udp dpt:6544
1 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:6546
32 ACCEPT udp -- 192.168.1.0/24 0.0.0.0/0 udp dpt:6546
33 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:1009
34 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:7288
35 ACCEPT udp -- 192.168.1.0/24 0.0.0.0/0 udp dpt:5353
36 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:1527
37 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:2190
38 ACCEPT udp -- 192.168.1.0/24 0.0.0.0/0 udp dpt:2190
39 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:8081
Thanks!
Andrew Robinson
More information about the mythtv-users
mailing list