LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > CentOS
User Name
Password
CentOS This forum is for the discussion of CentOS Linux. Note: This forum does not have any official participation.

Notices


Reply
  Search this Thread
Old 01-09-2017, 06:55 AM   #1
arkfantasy
LQ Newbie
 
Registered: Jan 2017
Posts: 3

Rep: Reputation: Disabled
Unhappy CentOS 7 - Problems with firewalld/iptables on CentOS 7 Router -Can't connect to MariaDB between private networks (Virtual Box)


Hi, i need help configuring firewalld/iptables on my CentOS 7 VM (VirtualBox).

I have 3 CentOS VM's.

A: 10.0.30.5 (Postfix,Dovecot)
B: 10.0.40.5 (MariaDB, DHCP)
C: 10.0.50.50 (NAT net virtual box) 10.0.30.30 (gateway to 30.0 network), 10.0.40.40 (gateway to 40.0 network).

I have CentOS 7 as router, with iptables to allow NAT from two private networks (Host Only on VirtualBox), and i have access to internet from both private networks.

I can do ping from 10.0.30.X to 10.0.40.x hosts.


I have the next problem:

I have installed postfix,dovecot and MariaDB on host 10.0.30.5 and all works fine.

I can't connnec to MySQL from network 40.0 to 30.0, but i can connect from a client on my real machine (Windows), but because it uses 30.1 gateway (Virtualbox), and it's on the some network...
If i try to connect using:
mysql -u "user" -h "10.0.30.5" -p
From 10.0.40.5 machine (postfix,dovecot...), i have an error (113) can't connect.

If i stop the firewalld service, i can connect fine from 40.0 network to 30.0 network.

How can i say the router i want allow mysql client command to connect to 10.0.40.5 in the other side?

I have a idea how to do it using iptables, but i am using firewalld as default.

Need i create a rule on Router to allow the connection? Can someone tell me the rule? I need fix this today..

All is working fine between networks if i disable firewalld on CentOs 7 router VM.


This is a idea of my config in Router:

3 Network Devices (Ethernet):

A: Custom NAT network (Vbox) 10.0.50.50
B: Custom Host Only network (Vbox) 10.0.40.0
C: Custom Host Only network (Vbox) 10.0.40.0

VBox uses x.1 as gateway on each virtual ethernet/network.

My Router ethernet config is:

A:

ip 10.0.50.50
mask 255.255.255.0
gateway 10.0.50.1
DNS 8.8.8.8

B:

ip 10.0.30.30
mask 255.255.255.0
gateway 10.0.50.1
DNS 8.8.8.8

C:

ip 10.0.40.30
mask 255.255.255.0
gateway 10.0.50.1
DNS 8.8.8.8


All network divices points to 50.1 to access internet (NAT), i think it's ok, but i guess my problem is because this gateway...
I guess i need a rule to redirect/forward 3306 traffic from 40.5 mysql client to 30.5 server (MariaDB).

A rule when traffic come from 40.5 to 30.5 ..right?
Can someone help me?

Thanks and sorry for my english,i am spanish.

If you need more info tell me please, i have to finish this today, and i know it's Router firewalld problem but i have not many time to fix iptables/firewalld rules..Thank you all
 
Old 01-09-2017, 12:28 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,830
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
firewalld is a front end for iptables. Once you're using firewalld you shouldn't do direct edits of iptables but rather use the firewalld commands to add/remove/update rules and it will make the appropriate changes to iptables for you.

Some basic commands for firewalld:
a) openning ports
firewall-cmd --permanent --zone=public --add-port=13782/tcp

b) openning port range
firewall-cmd --permanent --zone=public --add-port=9090-9091/tcp

c) Removing ports
firewall-cmd --permanent --zone=public -remove-port=631/udp

d) Listing ports
firewall-cmd --zone=public --list-ports

e) Listing services
firewall-cmd --zone=public --list-service

What you need to do is determine what port needs to be open for MySQL. The default port I've seen used for MySQL was 3306 but you may be using a different one.
 
1 members found this post helpful.
Old 01-09-2017, 01:29 PM   #3
arkfantasy
LQ Newbie
 
Registered: Jan 2017
Posts: 3

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by MensaWater View Post
firewalld is a front end for iptables. Once you're using firewalld you shouldn't do direct edits of iptables but rather use the firewalld commands to add/remove/update rules and it will make the appropriate changes to iptables for you.

Some basic commands for firewalld:
a) openning ports
firewall-cmd --permanent --zone=public --add-port=13782/tcp

b) openning port range
firewall-cmd --permanent --zone=public --add-port=9090-9091/tcp

c) Removing ports
firewall-cmd --permanent --zone=public -remove-port=631/udp

d) Listing ports
firewall-cmd --zone=public --list-ports

e) Listing services
firewall-cmd --zone=public --list-service

What you need to do is determine what port needs to be open for MySQL. The default port I've seen used for MySQL was 3306 but you may be using a different one.

I've fixed my problem with this rules one hour ago but i am busy finishing all.

Using this rules to access using Thunderbird from 30.0 network to 40.0 network (40.5 is the server):

firewall-cmd --zone=internal --add-forward-port=port=25roto=tcp:toport=25:toaddr=10.0.40.5 --permanent
firewall-cmd --zone=internal --add-forward-port=port=110roto=tcp:toport=110:toaddr=10.0.40.5 --permanent
firewall-cmd --zone=internal --add-forward-port=port=143roto=tcp:toport=143:toaddr=10.0.40.5 --permanent

I've done other rule to access from internal zones (30.0 and 40.0) to my MariaDB server using IP 10.0.30.5 and por 3306 as i use for Thunderbird and it works

I only need this working between host only networks so it's fine now, thanks for your help
 
1 members found this post helpful.
Old 01-09-2017, 01:45 PM   #4
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,830
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
Glad you got it fixed.

If you don't mind please go to thread tools and marked this as Solved. It helps others in future find solutions more quickly.
 
1 members found this post helpful.
Old 01-09-2017, 01:56 PM   #5
arkfantasy
LQ Newbie
 
Registered: Jan 2017
Posts: 3

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by MensaWater View Post
Glad you got it fixed.

If you don't mind please go to thread tools and marked this as Solved. It helps others in future find solutions more quickly.
Done!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: FTP server with PureFTPd and MariaDB virtual users (incl. Quota and Bandwidth Management) on CentOS 7.2 LXer Syndicated Linux News 0 07-04-2016 02:04 PM
linux virtual-box error centos kirthanshetty Linux - Server 2 02-07-2013 02:42 AM
Centos version to work on Virtual Box? paulfoel Linux - Newbie 5 03-11-2011 01:26 PM
How to audit a CentOS VPS (Virtual Private Server) wek888 Linux - Newbie 2 09-09-2009 06:16 PM
Virtual Box and loading CentOS 5.3 enzymezero Linux - Newbie 3 08-25-2009 08:58 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > CentOS

All times are GMT -5. The time now is 08:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration