RE: [Mysql-discussions] netstat

Sun, 25 Jan 2004 08:34:59 -0800 

Hi adam,

you can tell mysql to listen on 127.0.0.1, the loopback interface,
--bind-address=IP , add that to the startup parameters of MySQL

if you require access from othermachines to your db but want to restrict
every other host, you can , or you should use a firewall..

iptables is a good firewall for that purpose,

cheers

--

Kind regards,

Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene

-----Oorspronkelijk bericht-----
Van: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Adam Hardy
Verzonden: zondag 25 januari 2004 14:19
Aan: [EMAIL PROTECTED]
Onderwerp: [Mysql-discussions] netstat


I'm running a web server with Apache Tomcat and mySQL for the first time
and I've been following various recommendations to make the server more
secure (it's Linux Debian). One of these recommendations is to keep the
number of open ports to a minimum.

I'm looking at netstat (see the output below) and it makes me wonder if
the mysql port needs to be open at all, since the tomcat and mysql
database are running on the same machine.

Can I block off these ports? Would I have to use a firewall to do that?
(like ip_tables)

Thanks
Adam

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
PID/Program name
tcp        0      0 localhost:8005          *:*                     LISTEN
30723/java
tcp        0      0 *:mysql                 *:*                     LISTEN
1890/mysqld
tcp        0      0 *:www                   *:*                     LISTEN
30723/java
tcp        0      0 *:ssh                   *:*                     LISTEN
248/sshd
tcp        0      0 *:12121                 *:*                     LISTEN
267/perl
tcp        0      0 *:smtp                  *:*                     LISTEN
239/master
tcp        0      0 *:https                 *:*                     LISTEN
30723/java
tcp        0      0 localhost:mysql         localhost:1311
ESTABLISHED 1890/mysqld
tcp        1      0 localhost:1312          localhost:mysql
CLOSE_WAIT  30723/java
tcp        0      0 localhost:1311          localhost:mysql
ESTABLISHED 30723/java




--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:
http://lists.mysql.com/[EMAIL PROTECTED]

_______________________________________________
Mysql-discussions mailing list
[EMAIL PROTECTED]
http://lists.elvandar.org/mailman/listinfo/mysql-discussions


-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/[EMAIL PROTECTED]

Reply via email to