Re: allow range syntax - perplexed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Tuesday 15 June 2004 7:41 pm, Jonathan Villa wrote:
>
>> I have more information now.
>>
>> Here is the background:
>> A machine running MySQL is to be locked down for access only to a select
>> group of people working from home and people at the office, hence the
>> xx.xx.xx.0
>
> Is the MySQL machine on the same subnet as the office people trying to
> access
> it, or is there a firewall in between, with the MySQL on a DMZ network?

Sad to say, but there is no firewall.  Machines are open to the world,
hence the xxx.xxx.xxx.xxx everywhere.


> If it's the latter, are you sure your office machines aren't being
> masqueraded
> in some way by the firewall when they try to access the MySQL server, so
> that
> it sees an address on the firewall instead of the real address of the
> clients?
>
>> I've noticed that the script works fine for anyone who is not on the
>> network but for those who are, well the rules block access to them all
>> the
>> time.
>
> I suggest you add a LOGging rule at the bottom of the INPUT chain and see
> what
> source address the packets which are not being ACCEPTed are coming from.

Good point.  Since I am fairly new to iptables, I usually carry my book
with me, unfortunately, I don't have it today.  But I will implement lots
of logging to help once I figure out how to :)


> Regards,
>
> Antony.
>
>




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux