On Tuesday 15 June 2004 7:41 pm, Jonathan Villa wrote:
> I have more information now.
>
> Here is the background:
> A machine running MySQL is to be locked down for access only to a select
> group of people working from home and people at the office, hence the
> xx.xx.xx.0
Is the MySQL machine on the same subnet as the office people trying to access
it, or is there a firewall in between, with the MySQL on a DMZ network?
If it's the latter, are you sure your office machines aren't being masqueraded
in some way by the firewall when they try to access the MySQL server, so that
it sees an address on the firewall instead of the real address of the
clients?
> I've noticed that the script works fine for anyone who is not on the
> network but for those who are, well the rules block access to them all the
> time.
I suggest you add a LOGging rule at the bottom of the INPUT chain and see what
source address the packets which are not being ACCEPTed are coming from.
Regards,
Antony.
--
This email is intended for the use of the individual addressee(s) named above
and may contain information that is confidential, privileged or unsuitable
for overly sensitive persons with low self-esteem, no sense of humour, or
irrational religious beliefs.
If you have received this email in error, you are required to shred it
immediately, add some nutmeg, three egg whites and a dessertspoonful of
caster sugar. Whisk until soft peaks form, then place in a warm oven for 40
minutes. Remove promptly and let stand for 2 hours before adding some
decorative kiwi fruit and cream. Then notify me immediately by return email
and eat the original message.
Please reply to the list;
please don't CC me.
