|
|
Posted by petersprc on 11/14/07 19:16
Hi,
You can restrict remote access to a specific IP like so:
-A INPUT -s 192.168.1.2/255.255.255.255 -p udp -m udp --dport 3306 -j
ACCEPT
-A INPUT -s 192.168.1.2/255.255.255.255 -p tcp -m tcp --dport 3306 -j
ACCEPT
Replace 192.168.1.2 with the allowed IP. On most redhat systems that
would go in /etc/sysconfig/iptables. To update the changes you would
do: service iptables restart
That's good enough security for many applications. For an added level
of security, you can establish a VPN between the hosts or use an
encrypted SSH tunnel as described here:
http://chxo.com/be2/20040511_5667.html
HTH,
John Peters
On Nov 14, 10:33 am, Pseudonyme <norman_cougl...@2cuk.co.uk> wrote:
> A Paris
> Le 14 Nv MMVII
>
> Dear Madam and Sir,
>
> Do you know how to access a MYSQL DB from an external server ?
>
> We read the information and studied :
>
> 1) Sir//Aho : The mysql-server machine must have open ports for the
> incomming connection
> (default 3306). There must be a mysql-user who has the privileged to
> connect from the
> remote server.
>
> 2)http://www.cyberciti.biz/tips/linux-iptables-18-allow-mysql-server-in...
> iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
>
> 3)http://iptables-tutorial.frozentux.net/iptables-tutorial.html
> object : iptables
>
> BUT
>
> 1) Open ports : We do not know where to exactly insert that, and the
> consequences :
> iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
>
> 2) There is an impact an security and we're very affraid about safety.
>
> 3) Changing HTPPD.CONF can lead to a non-access to the server (no SSH
> if the implementation failed) with a guy manually reinstalling the
> former version.
>
> 4) We have a dream of someone in the world having access to our
> servers to enhance configuration.
>
> Thanking you very much for your help,
>
> Norm
Navigation:
[Reply to this message]
|