[Shorewall-users] MySQL Replication with ssl connection and ports configuration

Tue, 22 Aug 2017 03:29:10 -0700 

Hi friends,
I've just configured MySQL Replication, between two VPS Debian Jessie.
I've open the 3306 port on each server and ssh port (60319), but this seem not sufficient, could you suggest me please if I should open other specific TCP/UDP port? 


This is "rules" for "MASTER" server:

?SECTION ALL
?SECTION ESTABLISHED
?SECTION RELATED
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW

Invalid(DROP)  net              $FW             tcp
Ping(DROP)      net             $FW
ACCEPT          $FW             net             icmp

Web(ACCEPT)     net             $FW
ACCEPT net $FW tcp 443 #HTTPS ACCEPT net $FW tcp 60319 #SSH ACCEPT net $FW tcp 587 #SUBMISSION SERVICE DOVECOT #ACCEPT net $FW tcp 465 #SUBMISSION SERVICE DOVECOT RFC DEPRECATED!! ACCEPT net $FW tcp 995 #SUBMISSION SERVICE DOVECOT SSL/TSL ACCEPT net $FW tcp 993 #SUBMISSION SERVICE DOVECOT SSL/TSL ACCEPT net $FW tcp 110 #SUBMISSION SERVICE DOVECOT STARTTLS ACCEPT net $FW tcp 143 #DOVECOT POSTFIX ACCEPT net $FW tcp 25 #POSTFIX #ACCEPT net $FW tcp 21 #PROFTP ACCEPT net $FW tcp 2222 #PROSFTP ACCEPT net $FW tcp 49152:65534 #PROSFTP PASSIVE PORT ACCEPT net $FW tcp 3306 #MYSQL REPLICATION 



This is "rules" for "SLAVE" server:


?SECTION ALL
?SECTION ESTABLISHED
?SECTION RELATED
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW


Invalid(DROP)  net              $FW             tcp
Ping(DROP)      net             $FW
ACCEPT          $FW             net             icmp


Web(ACCEPT)     net             $FW
ACCEPT net $FW tcp 443 #HTTPS ACCEPT net $FW tcp 60319 #SSH ACCEPT net $FW tcp 587 #SUBMISSION SERVICE DOVECOT ACCEPT net $FW tcp 465 #SUBMISSION SERVICE DOVECOT ACCEPT net $FW tcp 995 #SUBMISSION SERVICE DOVECOT SSL/TSL ACCEPT net $FW tcp 993 #SUBMISSION SERVICE DOVECOT SSL/TSL ACCEPT net $FW tcp 110 #SUBMISSION SERVICE DOVECOT STARTTLS ACCEPT net $FW tcp 143 #DOVECOT POSTFIX ACCEPT net $FW tcp 25 #POSTFIX ACCEPT net $FW tcp 3306 #MYSQL REPLICATION 




This is the syslog on MASTER:
Aug 22 11:57:06 server kernel: [17623379.688961] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220 DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP SPT=38443 DPT=1370 LEN=35 Aug 22 11:57:43 server kernel: [17623415.939990] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220 DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP SPT=47055 DPT=1370 LEN=35 Aug 22 11:57:49 server kernel: [17623421.911426] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=83.147.104.92 DST=91.205.175.213 LEN=40 TOS=0x08 PREC=0x40 TTL=50 ID=58689 PROTO=TCP SPT=39204 DPT=23 WINDOW=35126 RES=0x00 SYN URGP=0 Aug 22 11:58:06 server kernel: [17623439.719721] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220 DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP SPT=38443 DPT=1370 LEN=35 Aug 22 12:05:07 server kernel: [17623859.923044] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220 DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP SPT=38443 DPT=1370 LEN=35 Aug 22 12:05:43 server kernel: [17623896.206829] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220 DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP SPT=47055 DPT=1370 LEN=35 Aug 22 12:06:06 server kernel: [17623919.099304] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=177.37.126.79 DST=91.205.175.213 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=54006 DF PROTO=TCP SPT=3869 DPT=23 WINDOW=5808 RES=0x00 SYN URGP=0 Aug 22 12:06:07 server kernel: [17623919.951563] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220 DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP SPT=38443 DPT=1370 LEN=35 Aug 22 12:06:09 server kernel: [17623922.098951] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=177.37.126.79 DST=91.205.175.213 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=54007 DF PROTO=TCP SPT=3869 DPT=23 WINDOW=5808 RES=0x00 SYN URGP=0 


This is the syslog on SLAVE:
Aug 22 11:57:24 server2 kernel: [11466741.408787] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=82.146.62.226 DST=5.189.166.16 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=5607 PROTO=TCP SPT=52617 DPT=3390 WINDOW=1024 RES=0x00 SYN URGP=0 Aug 22 11:58:10 server2 kernel: [11466787.231208] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=116.231.227.70 DST=5.189.166.16 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=8563 DF PROTO=TCP SPT=54936 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0 Aug 22 11:58:13 server2 kernel: [11466790.233791] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=116.231.227.70 DST=5.189.166.16 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=9641 DF PROTO=TCP SPT=54936 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0 Aug 22 11:58:19 server2 kernel: [11466796.303315] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=116.231.227.70 DST=5.189.166.16 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=11725 DF PROTO=TCP SPT=54936 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0 Aug 22 11:58:38 server2 kernel: [11466815.286378] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=201.173.38.250 DST=5.189.166.16 LEN=40 TOS=0x08 PREC=0x20 TTL=242 ID=35062 PROTO=TCP SPT=65386 DPT=5358 WINDOW=14600 RES=0x00 SYN URGP=0 Aug 22 12:04:06 server2 kernel: [11467142.680481] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=150.95.142.241 DST=5.189.166.16 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=63065 DF PROTO=TCP SPT=56534 DPT=3128 WINDOW=28240 RES=0x00 SYN URGP=0 Aug 22 12:04:07 server2 kernel: [11467143.692710] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=150.95.142.241 DST=5.189.166.16 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=63066 DF PROTO=TCP SPT=56534 DPT=3128 WINDOW=28240 RES=0x00 SYN URGP=0 Aug 22 12:04:09 server2 kernel: [11467145.698675] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=150.95.142.241 DST=5.189.166.16 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=63067 DF PROTO=TCP SPT=56534 DPT=3128 WINDOW=28240 RES=0x00 SYN URGP=0 Aug 22 12:04:10 server2 kernel: [11467146.971235] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=120.26.93.69 DST=5.189.166.16 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=12785 DF PROTO=TCP SPT=2636 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0 Aug 22 12:04:13 server2 kernel: [11467149.876582] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=120.26.93.69 DST=5.189.166.16 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=12835 DF PROTO=TCP SPT=2636 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0 Aug 22 12:04:13 server2 kernel: [11467149.896289] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=150.95.142.241 DST=5.189.166.16 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=63068 DF PROTO=TCP SPT=56534 DPT=3128 WINDOW=28240 RES=0x00 SYN URGP=0 Aug 22 12:04:19 server2 kernel: [11467155.907904] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=120.26.93.69 DST=5.189.166.16 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=12938 DF PROTO=TCP SPT=2636 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0 



many many thanks!

Davide
Italy

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to