LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-17-2003, 05:35 PM   #1
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86; Gentoo PPC; Gentoo Sparc64; FreeBSD; OS X; Solaris
Posts: 3,731
Blog Entries: 4

Rep: Reputation: 68
mysql port 3306


Well, this isn't a security issue per se, but I am curious about a few things. I only run a webserver, so my iptables firewall drops everything not destined for port 80, however, when I run nmap it shows 3306 mysql as open.

I do use mysql, but it is on the same computer so I don't need the port open right?

Why does port 3306 ignore my firewall rules? Anyone know what's up?
 
Old 04-17-2003, 05:44 PM   #2
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,783
Blog Entries: 1

Rep: Reputation: 413Reputation: 413Reputation: 413Reputation: 413Reputation: 413
You might want to post your iptables script to get a better answer. However, I'll hazard the guess that your script isn't blocking internal requests. In other words, if you used nmap to scan from a different computer, you might not see port 3306 open.

Of course without seeing your iptables rules, this is nothing more than a WAG.
 
Old 04-17-2003, 06:27 PM   #3
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86; Gentoo PPC; Gentoo Sparc64; FreeBSD; OS X; Solaris
Posts: 3,731
Blog Entries: 4

Original Poster
Rep: Reputation: 68
Hey, maybe you're right.

Here's the relevant sections:
Code:
# set a sane policy:    everything not accepted > /dev/null
iptables -P INPUT    DROP
iptables -P FORWARD  DROP
iptables -P OUTPUT   DROP

# allow local-only connections
iptables -A INPUT  -i lo -j ACCEPT

# free output on any interface to any ip for any service (equal to -P ACCEPT)
iptables -A OUTPUT -j ACCEPT

# permit answers on already established connections
# and permit new connections related to established ones (eg active-ftp)
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# accepts http requests at port 80 
iptables -A INPUT -p tcp --dport 80  -j ACCEPT
Perhaps you could scan me to see...my domain is in my sig
 
Old 04-17-2003, 07:51 PM   #4
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,356

Rep: Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616Reputation: 2616
If you never connect to mysql over the network you may want to add
Code:
skip-networking
to your [mysqld] section in /etc/my.cnf.

--jeremy
 
Old 04-17-2003, 08:00 PM   #5
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86; Gentoo PPC; Gentoo Sparc64; FreeBSD; OS X; Solaris
Posts: 3,731
Blog Entries: 4

Original Poster
Rep: Reputation: 68
Cool, thanks Jeremy. Worked perfectly...

Last edited by bulliver; 04-17-2003 at 08:14 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
MySQL not listening on port 3306 mr_sarge Linux - Newbie 14 12-03-2013 04:17 AM
How do I allow mysql connections over network (netstat -an | grep 3306 produces nil)? jdruin Linux - Software 6 04-03-2013 10:35 AM
mysqld running and reading for connections on port 3306, no port 3306 found from scan darkenigmaa Linux - Networking 7 09-21-2005 10:10 AM
OpenBSD MySQL port Erik Thorsson *BSD 3 10-20-2004 06:10 PM
mysql 3306 security sopiaz57 Linux - Security 8 03-07-2004 04:32 PM


All times are GMT -5. The time now is 05:27 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration