SSH tunneling firewall query

"oxfordmusic.net" <lists@xxxxxxxxxxxxxxx> · Thu, 26 Aug 2004 15:47:36 +0100

I have two boxes running RHEL3 with Webmin,MySQL and Iptables firewalls. I 
am trying to create an SSH tunnel so that i can safely connect between the 
boxes in MySQL. Both boxes need to run MySQL servers and the connections 
will be in both directions.

Box 1: 11.33.55.77
Box 2:  22.44.66.88

Here's what I have at the moment  on 11.33.55.77:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ## allow 
stateful inbound

iptables -A INPUT -p tcp -s 22.44.66.88 --dport 22 -j ACCEPT

iptables -A OUTPUT -p tcp --sport 22 -d 22.44.66.88 -j ACCEPT

iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # allow 
stateful outbound

and on 22.44.66.88:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ## allow 
stateful inbound

iptables -A INPUT -p tcp -s 11.33.55.77 --dport 22 -j ACCEPT

iptables -A OUTPUT -p tcp --sport 22 -d 11.33.55.77 -j ACCEPT

iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # allow 
stateful outbound

When I try the following command on 22.44.66.88:

ssh -L 3307:11.33.55.77:3306 11.33.55.77

it just hangs. From netstat I can see an outbound connection from 
22.44.66.88 to 11.33.55.77:22 but nothing comes up on 11.33.55.77. I'm 
pretty sure it must be something simple in my firewall configs that is 
blocking this. Can anyone point me in the right direction?

Cheers

Andy

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list