Remote Access to Mysql Database

All installation and configuration problems and questions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

Remote Access to Mysql Database

Postby iboam » Sat Jun 22, 2019 8:33 pm

Hi everyone i need access to mysql database from a remote location (hosting server). i want to insert/edit the vicidial_list table but with the firewall on i'm unable to connect, if the firewall is off it works perfect, any solutions ??
ViciBox: 11 | VERSION: 2.14-897a BUILD: 230927-0857 | Clusters: 1 DB-WEB-ASTX | SSL | WebRTC | Wallboard | DNC Nightly Scrubber
iboam
 
Posts: 258
Joined: Mon Feb 08, 2016 2:35 pm

Re: Remote Access to Mysql Database

Postby ambiorixg12 » Sat Jun 22, 2019 9:02 pm

White list the MYSQL port (3306) for the trusted IP, I use iptable for that, I dont have expertise using YAST
ambiorixg12
 
Posts: 453
Joined: Tue Sep 17, 2013 10:35 pm

Re: Remote Access to Mysql Database

Postby williamconley » Sat Jun 22, 2019 9:04 pm

ambiorixg12 wrote:White list the MYSQL port (3306) for the trusted IP, I use iptable for that, I dont have expertise using YAST

Very true. Example:

Code: Select all
iptables -I INPUT -1 -s 99.99.99.99 -j ACCEPT


If you are "99.99.99.99" and you trust yourself, you're fairly safe. Just remember that it applies to everyone at that IP address, so if you're on your laptop at Starbucks ... everyone there is included. This example opens all ports so you'll have ssh access (for PuTTY) and web, phone registration, etc.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Remote Access to Mysql Database

Postby iboam » Sat Jun 22, 2019 10:10 pm

# CLEAR ALL IPTABLE RULES
iptables -F
iptables -X

# ALLOW SYSTEM TRAFFIC
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# ALLOW ALL TRAFFIC FROM TRUSTED SOURCES #
iptables -A INPUT -s XXX.XXX.XXX.XXX -j ACCEPT #Home Office

iptables -A INPUT -s XXX.XXX.XXX.XXX -j ACCEPT #Remote Server

# T-MOBILE
iptables -A INPUT -s 100.128.0.0/9 -j ACCEPT #iPhone
iptables -A INPUT -s 172.32.0.0/11 -j ACCEPT #iPhone
iptables -A INPUT -s 208.54.0.0/17 -j ACCEPT #iPhone
iptables -A INPUT -s 208.54.128.0/19 -j ACCEPT #iPhone
iptables -A INPUT -s 50.28.192.0/18 -j ACCEPT #iPhone
iptables -A INPUT -s 162.160.0.0/11 -j ACCEPT #iPhone
iptables -A INPUT -s 206.29.160.0/19 -j ACCEPT #iPhone
iptables -A INPUT -s 216.155.160.0/20 -j ACCEPT #iPhone
iptables -A INPUT -s 66.94.0.0/19 -j ACCEPT #iPhone
iptables -A INPUT -s 72.250.0.0/17 -j ACCEPT #iPhone


#iptables -I INPUT -p tcp --match multiport --dports 80,443,8089 -s XXX.XXX.XXX.XXX -j ACCEPT
#iptables -I INPUT -p udp --match multiport --dports 8989,5060,5061,10000:25000 -s XXX.XXX.XXX.XXX -j ACCEPT

# SSL CERTIFICATE VERIFICATION
#iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# DROP ALL UNAUTHORIZED TRAFFIC
iptables -A INPUT -j DROP

# DROP ALL FORWARDING TRAFFIC
iptables -P FORWARD DROP

# ALLOW OUTBOUND TRAFFIC
iptables -P OUTPUT ACCEPT

iptables-save
iptables -vnL



Im using this iptables rules to restrict all traffic to server, do i have to turn off yast firewall manualy ???
ViciBox: 11 | VERSION: 2.14-897a BUILD: 230927-0857 | Clusters: 1 DB-WEB-ASTX | SSL | WebRTC | Wallboard | DNC Nightly Scrubber
iboam
 
Posts: 258
Joined: Mon Feb 08, 2016 2:35 pm

Re: Remote Access to Mysql Database

Postby williamconley » Sun Jun 23, 2019 6:44 am

yast firewall is iptables. so you'd be shutting off the firewall you just built. which would probably be counterproductive. 8-)
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Remote Access to Mysql Database

Postby iboam » Sun Jun 23, 2019 2:30 pm

im trying this settings without results

# CLEAR ALL IPTABLE RULES
iptables -F
iptables -X


at this point i'm able to connect to database remotely but system is open to anyone

then add my home office ip address and remote server for db connection
# ALLOW ALL TRAFFIC FROM TRUSTED SOURCES #
iptables -A INPUT -s XXX.XXX.XXX.XXX -j ACCEPT #Home Office
iptables -A INPUT -s XXX.XXX.XXX.XXX -j ACCEPT #Remote Server


at this point i'm able to connect to database remotely too and still system is open to anyone

# DROP ALL UNAUTHORIZED TRAFFIC
iptables -A INPUT -j DROP


then drop all incoming traffic not authorized and there's no connection from the remote server.

i tried using this iptable setting for port 3306 but no result
iptables -A INPUT -i eth0 -s XXX.XXX.XXX.XXX -p tcp --destination-port 3306 -j ACCEPT
ViciBox: 11 | VERSION: 2.14-897a BUILD: 230927-0857 | Clusters: 1 DB-WEB-ASTX | SSL | WebRTC | Wallboard | DNC Nightly Scrubber
iboam
 
Posts: 258
Joined: Mon Feb 08, 2016 2:35 pm

Re: Remote Access to Mysql Database

Postby williamconley » Sun Jun 23, 2019 2:56 pm

Code: Select all
iptables-save

this shows the present firewall (contrary to what you may think: It doesn't "save" anything, it just dumps to the screen! you CAN save it to a file and use it to regenerate the present status by using iptables-restore on that saved file).

note that when you add a new rule at the top, it executes first. if your first rule is "drop all packets", the following "accept these ones" never get a chance to execute.

set your INPUT chain to have DROP as the last item. alternately, you can set the default action for the INPUT chain to be DROP, which will automatically drop any packet that gets to the end without matching a rule.

or you could follow the instructions for installing Dynamic Good Guys, which describes how to set up your system as a whitelisted system before the install (if you skip the install, all you've done is what your goal is: locked down the system and allow only whitelisted IPs to access the server). any whitelisted IPs will have full access, including mysql.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)


Return to Support

Who is online

Users browsing this forum: Bing [Bot] and 56 guests