The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Firewall 3306 but still allow remote access? Possible?

Discussion in 'General Discussion' started by jols, Oct 31, 2006.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    I would like to take 3306 out of the TCP IN list in the firewall. But at the same time, I would like to grant access via particular IPs using the Allowed Hosts list in the vsite's cPanel. Possible?

    Is there some way to open access to 3306 just for specific IPs, but firwalling them down for others, when it comes to remote access?

    Thanks for any response on this one.
     
  2. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    765
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    N.W. Iowa
    if your using the CSF firewall, in the csf.allow file you can use the following formats:
    Code:
    out:d=3306:d=REMOTE_IP_ADDR
    tcp:in:d=3306:s=YOUR_IP_ADDR
    
    the 'out' allows you to access a remote IP server from your server, the "tcp:in" allows you access to your server from a remote location using your IP address. You must also make sure that the remote and local MySQL privileges are setup too allow access via the IP's too the user connecting to the MySQL server.

    Mickalo
     
  3. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Thanks very much for the info. But should'nt this be?:

    out:d=3306:d=SERVER_IP_ADDR
    tcp:in:d=3306:s=REMOTE_IP_ADDR
     
  4. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    765
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    N.W. Iowa
    I guess it depends on the wording. but I believe yours is the same as I stated but terminology slightly different :)

    Mickalo
     
Loading...

Share This Page