zjullion
2011-08-02, 09:29 PM
Hi all,
I think support has opened a Ticket on this, but I don't know where I would go to check that, and besides, I could use some help sooner rather than later.
I just ordered a Debian VPS today, and most of the setup went extremely smoothly (very, very happy about how easy it was to install Java and MySQL).
However, I'm now having troubles configuring the firewall (you should know that I am a linux noob). I'm trying to add port 3306 (mysql). From the GUI panel, whenever I try to add or remove a rule, I simply get an error message:
Failed to add the firewall rule to the Input chain.
Error saving the iptables information
So I tried to edit things manually. Here's what the output of iptables -L now is:
Chain INPUT (policy DROP)
target prot opt source destination
VZ_INPUT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere tcp spt:mysql
Chain FORWARD (policy DROP)
target prot opt source destination
VZ_FORWARD all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
VZ_OUTPUT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpts:tcpmux:65535
Chain VZ_FORWARD (1 references)
target prot opt source destination
Chain VZ_INPUT (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere tcp dpts:32768:65535
ACCEPT udp -- anywhere anywhere udp dpts:32768:65535
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:mysql
Chain VZ_OUTPUT (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
ACCEPT tcp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere tcp dpts:tcpmux:65535
As you can see, I added mysql (port 3306) to both INPUT and VZ_INPUT as both dport and sport.
And here's what my iptables.up.rules file looks like:
# Generated by iptables-save v1.4.2 on Wed Aug 3 16:51:45 2011
*mangle
:PREROUTING ACCEPT [133:9972]
:INPUT ACCEPT [133:9972]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [106:9560]
:POSTROUTING ACCEPT [106:9560]
COMMIT
# Completed on Wed Aug 3 16:51:45 2011
# Generated by iptables-save v1.4.2 on Wed Aug 3 16:51:45 2011
*filter
:INPUT DROP [2:120]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:VZ_FORWARD - [0:0]
:VZ_INPUT - [0:0]
:VZ_OUTPUT - [0:0]
-A INPUT -j VZ_INPUT
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 3306 -j ACCEPT
-A FORWARD -j VZ_FORWARD
-A OUTPUT -j VZ_OUTPUT
-A OUTPUT -p tcp -m tcp --dport 1:65535 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 32768:65535 -j ACCEPT
-A VZ_INPUT -p udp -m udp --dport 32768:65535 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A VZ_INPUT -p udp -m udp --dport 53 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --sport 3306 -j ACCEPT
-A VZ_OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT
-A VZ_OUTPUT -p tcp -j ACCEPT
-A VZ_OUTPUT -p udp -j ACCEPT
-A VZ_OUTPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A VZ_OUTPUT -p udp -m udp --sport 53 -j ACCEPT
-A VZ_OUTPUT -p tcp -m tcp --dport 1:65535 -j ACCEPT
COMMIT
# Completed on Wed Aug 3 16:51:45 2011
# Generated by iptables-save v1.4.2 on Wed Aug 3 16:51:45 2011
*nat
:PREROUTING ACCEPT [15:852]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Wed Aug 3 16:51:45 2011
However, even after all this, port 3306 is still closed (and so far I've only found that ports 22 and 80 are open). Why is it that I can't do anything to get this port open?
Any help in a) showing me where to see tickets and b) getting this firewall configured would be much appreciated.
I think support has opened a Ticket on this, but I don't know where I would go to check that, and besides, I could use some help sooner rather than later.
I just ordered a Debian VPS today, and most of the setup went extremely smoothly (very, very happy about how easy it was to install Java and MySQL).
However, I'm now having troubles configuring the firewall (you should know that I am a linux noob). I'm trying to add port 3306 (mysql). From the GUI panel, whenever I try to add or remove a rule, I simply get an error message:
Failed to add the firewall rule to the Input chain.
Error saving the iptables information
So I tried to edit things manually. Here's what the output of iptables -L now is:
Chain INPUT (policy DROP)
target prot opt source destination
VZ_INPUT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere tcp spt:mysql
Chain FORWARD (policy DROP)
target prot opt source destination
VZ_FORWARD all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
VZ_OUTPUT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpts:tcpmux:65535
Chain VZ_FORWARD (1 references)
target prot opt source destination
Chain VZ_INPUT (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere tcp dpts:32768:65535
ACCEPT udp -- anywhere anywhere udp dpts:32768:65535
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:mysql
Chain VZ_OUTPUT (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
ACCEPT tcp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere tcp dpts:tcpmux:65535
As you can see, I added mysql (port 3306) to both INPUT and VZ_INPUT as both dport and sport.
And here's what my iptables.up.rules file looks like:
# Generated by iptables-save v1.4.2 on Wed Aug 3 16:51:45 2011
*mangle
:PREROUTING ACCEPT [133:9972]
:INPUT ACCEPT [133:9972]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [106:9560]
:POSTROUTING ACCEPT [106:9560]
COMMIT
# Completed on Wed Aug 3 16:51:45 2011
# Generated by iptables-save v1.4.2 on Wed Aug 3 16:51:45 2011
*filter
:INPUT DROP [2:120]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:VZ_FORWARD - [0:0]
:VZ_INPUT - [0:0]
:VZ_OUTPUT - [0:0]
-A INPUT -j VZ_INPUT
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 3306 -j ACCEPT
-A FORWARD -j VZ_FORWARD
-A OUTPUT -j VZ_OUTPUT
-A OUTPUT -p tcp -m tcp --dport 1:65535 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 32768:65535 -j ACCEPT
-A VZ_INPUT -p udp -m udp --dport 32768:65535 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A VZ_INPUT -p udp -m udp --dport 53 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --sport 3306 -j ACCEPT
-A VZ_OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT
-A VZ_OUTPUT -p tcp -j ACCEPT
-A VZ_OUTPUT -p udp -j ACCEPT
-A VZ_OUTPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A VZ_OUTPUT -p udp -m udp --sport 53 -j ACCEPT
-A VZ_OUTPUT -p tcp -m tcp --dport 1:65535 -j ACCEPT
COMMIT
# Completed on Wed Aug 3 16:51:45 2011
# Generated by iptables-save v1.4.2 on Wed Aug 3 16:51:45 2011
*nat
:PREROUTING ACCEPT [15:852]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Wed Aug 3 16:51:45 2011
However, even after all this, port 3306 is still closed (and so far I've only found that ports 22 and 80 are open). Why is it that I can't do anything to get this port open?
Any help in a) showing me where to see tickets and b) getting this firewall configured would be much appreciated.