Don't forget firewall rules are first come first served. ( I hope I'm remembering this correctly) If you have a rule that is preceded by a rule that doesn't allow it, it won't work.
On 06/12/2010 05:09 PM, Scott Hughes wrote: > Thanks for the reply Fin! I have the ping rule further up in my file. > I am using the stock firewall.sh script that comes with QMT. > > I just do not understand why it is that when I activate either of the > two rules below, it stops other types of traffic from flowing that are > already allowed. I have to reboot the machine to get it back to where > I can ping and SCP properly. > > Scott > > > On 6/12/10 7:06 PM, Edward Finlayson wrote: >> >> Hi Scott, >> >> >> >> The answer is to be more... or less specific in your firewall rules. >> >> To be more clear, neither of your rule allow pinging as they are >> both for the wrong protocol. >> >> 1) This rule explicitly allows tcp connection from a single IP >> address to port 3306, normally used by MySQL >> >> 2) This rule allows any TCP connection from a specific IP address >> >> 'ping' does NOT used TCP connection and therefore is still disallowed >> by both if your attempt. >> >> >> >> I can't remember the correct setting but have a feeling it's ICMP or >> something like that (a quick google for it will clarify) >> >> Sorry cant be of more help >> >> >> >> Fin >> >> >> >> *From:* Scott Hughes [mailto:sonicscott9...@gmail.com] >> *Sent:* 13 June 2010 00:27 >> *To:* qmailtoaster-list@qmailtoaster.com >> *Subject:* [qmailtoaster] iptables question >> >> >> >> I am trying to allow mysql communications between two of my servers >> for replication purposes. I have tried two iptables statements, but >> instead of allowing the communications, it stops all communications. >> I can no long ping the second server or SCP to it. Very strange. >> Here are the two things I've tried: >> >> 1) iptables -A INPUT -p tcp -m tcp --syn -s 66.232.241.121 --dport >> 3306 -j ACCEPT >> >> and >> >> 2) iptables -A INPUT -p tcp -m tcp --syn -s 66.232.241.121 -j ACCEPT >> >> What am I doing missing here? >> >> Thanks, >> Scott >> -- Cecil Yother, Jr. "cj" cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 | fax 510.864.7300 http://yother.com
