Top VPS Hosting Provider

Welcome to the myhosting.com Forums.
+ Reply to Thread
Results 1 to 2 of 2

Thread: Firewall Issues

  1. 2011-08-02, 09:29 PM #1
    zjullion
    zjullion is offline Junior Member
    Join Date
    Aug 2011
    Posts
    2

    Default Firewall Issues

    Hi all,

    I think support has opened a Ticket on this, but I don't know where I would go to check that, and besides, I could use some help sooner rather than later.

    I just ordered a Debian VPS today, and most of the setup went extremely smoothly (very, very happy about how easy it was to install Java and MySQL).

    However, I'm now having troubles configuring the firewall (you should know that I am a linux noob). I'm trying to add port 3306 (mysql). From the GUI panel, whenever I try to add or remove a rule, I simply get an error message:
    Code:
    Failed to add the firewall rule to the Input chain.
Error saving the iptables information
    So I tried to edit things manually. Here's what the output of iptables -L now is:
    Code:
    Chain INPUT (policy DROP)
target     prot opt source               destination
VZ_INPUT   all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:mysql
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:mysql

Chain FORWARD (policy DROP)
target     prot opt source               destination
VZ_FORWARD  all  --  anywhere             anywhere

Chain OUTPUT (policy DROP)
target     prot opt source               destination
VZ_OUTPUT  all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:tcpmux:65535

Chain VZ_FORWARD (1 references)
target     prot opt source               destination

Chain VZ_INPUT (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:mysql
ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:32768:65535
ACCEPT     udp  --  anywhere             anywhere            udp dpts:32768:65535
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:mysql

Chain VZ_OUTPUT (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:ssh
ACCEPT     tcp  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:domain
ACCEPT     udp  --  anywhere             anywhere            udp spt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:tcpmux:65535
    As you can see, I added mysql (port 3306) to both INPUT and VZ_INPUT as both dport and sport.

    And here's what my iptables.up.rules file looks like:
    Code:
    # Generated by iptables-save v1.4.2 on Wed Aug  3 16:51:45 2011
*mangle
:PREROUTING ACCEPT [133:9972]
:INPUT ACCEPT [133:9972]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [106:9560]
:POSTROUTING ACCEPT [106:9560]
COMMIT
# Completed on Wed Aug  3 16:51:45 2011
# Generated by iptables-save v1.4.2 on Wed Aug  3 16:51:45 2011
*filter
:INPUT DROP [2:120]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:VZ_FORWARD - [0:0]
:VZ_INPUT - [0:0]
:VZ_OUTPUT - [0:0]
-A INPUT -j VZ_INPUT
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 3306 -j ACCEPT
-A FORWARD -j VZ_FORWARD
-A OUTPUT -j VZ_OUTPUT
-A OUTPUT -p tcp -m tcp --dport 1:65535 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 32768:65535 -j ACCEPT
-A VZ_INPUT -p udp -m udp --dport 32768:65535 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A VZ_INPUT -p udp -m udp --dport 53 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --sport 3306 -j ACCEPT
-A VZ_OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT
-A VZ_OUTPUT -p tcp -j ACCEPT
-A VZ_OUTPUT -p udp -j ACCEPT
-A VZ_OUTPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A VZ_OUTPUT -p udp -m udp --sport 53 -j ACCEPT
-A VZ_OUTPUT -p tcp -m tcp --dport 1:65535 -j ACCEPT
COMMIT
# Completed on Wed Aug  3 16:51:45 2011
# Generated by iptables-save v1.4.2 on Wed Aug  3 16:51:45 2011
*nat
:PREROUTING ACCEPT [15:852]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Wed Aug  3 16:51:45 2011
    However, even after all this, port 3306 is still closed (and so far I've only found that ports 22 and 80 are open). Why is it that I can't do anything to get this port open?

    Any help in a) showing me where to see tickets and b) getting this firewall configured would be much appreciated.
    Reply With Quote Reply With Quote
  2. 2011-08-02, 10:54 PM #2
    zjullion
    zjullion is offline Junior Member
    Join Date
    Aug 2011
    Posts
    2

    Default

    It looks like the issue may have been resolved.
    Reply With Quote Reply With Quote

 
« Previous Thread | Next Thread »

Similar Threads

  1. firewall
    By PotsNPans in forum How-To
    Replies: 1
    Last Post: 2011-03-10, 09:37 AM
  2. Wordpress Issues
    By joeytheg in forum Troubleshooting
    Replies: 14
    Last Post: 2010-11-08, 07:56 AM
  3. Issues with outgoing emails
    By mohansrao in forum Virtual Server
    Replies: 6
    Last Post: 2010-11-08, 03:14 AM
  4. firewall
    By Stoddard in forum Beginners
    Replies: 1
    Last Post: 2010-07-08, 05:28 PM
  5. script not working issues
    By Bargess in forum How-To
    Replies: 1
    Last Post: 2010-05-18, 10:13 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules

Version 4.1.7
Copyright ©2000 - 2013
All times are GMT -4. The time now is 08:46 PM.