> On Tuesday 15 June 2004 8:24 pm, Jonathan Villa wrote: > >> > The output from "iptables -L -nvx" would be useful, as it shows us the >> > rules >> > in the correct order, which interfaces they apply to, and the packet / >> > byte >> > counts so we can see how many times particular rules have been >> matched. >> >> here is the output for iptables -L -nvx. I've also attached a txt file >> in >> case you want to see a cleaner output > > Nice. The .txt file was much easier to read :) > > The first thing I notice about the ruleset you have posted is that none of > the > rules which included your network range matched any packets at all. My serious bad!!!! I am so overworked that I was staring at the ip addresses and never realized that I was using xx1. rather than xx3 which is the correct one. It now works as expected. > > Therefore that doesn't tell us much about what source address/es the > packets > you are having problems with are coming from. > > Maybe the timing was just unfortunate, but I can't see any TCP port 3306 > packets at all. Therefore I think a LOG rule would be a good idea, to > try > and track down where the packets are coming from, which your > carefully-crafted -s xxx.xxx.xx.0/24 rules aren't apparently matching. > > Try something like the following: > > iptables -A INPUT -p tcp --dport 3306 -j LOG thanks, this will help > > The -A will ensure that the rule comes after all your other rules (which > are > supposed to ACCEPT the packets one way or another). However, I notice > you > have a default ACCEPT policy (ugh) I agree. When I planned the rules, it was set to DROP however with the "issue" I was having, I changed it. and a final rule which DROPs all > non-loopback packets. I suggest you change this to a default DROP policy > and a final rule which ACCEPTs all the loopback packets. Then the rule > above will become the final rule in your chain, guaranteeing that you LOG > any > packets destined for MySQL just before they get (unfortunately) DROPped. > One quick question regarding logging. Where does it get logged to? I check /var/log/messages and see lots of traffic being logged at a rapid rate. I've read that syslog takes care logging, but I would prefer to have a separate log. Again, my original issue was a silly mistake. Sorry for wasting anyone's time.
