Two Servers 1 with mysql database on it

Danielh90 · September 30, 2017

I have two servers 1 with database on it using mysql. I need to have my second server connect up to that database but I would like to make it secure . How do I open 3306 to just the sec server? and do I need to do anything to let the 3306 to go out? I'm using iptables.

SCHISCHKA · September 30, 2017

how familiar are you with iptables?

Danielh90 · September 30, 2017

Just now, SCHISCHKA said:

how familiar are you with iptables?

Not really familiar

SCHISCHKA · September 30, 2017

Iptables is not the mad beast that some articles portray it as. It is very straightforward if you have a few examples saved for reference.

When you add rules to iptables they get cleared on boot, annoying but it is really handy when you lock yourself out experimenting on a headless server.

Im going to assume you are using a debian based distribution.

All commands below need to be executed as root/admin/sude/super user.

First thing you need to do is execute the following to save your current rules:.

iptables-save > /etc/iptables.rules

if you execute iptables-save on its own it will print out all your rules to screen.

Execute this every time you are happy with the changes you have made to iptables.

Next is to have the rules restored on boot in /etc/network/if-pre-up.d/iptablesload put the following script, and make the script executable with chmod +x /etc/network/if-pre-up.d/iptablesload

Spoiler

#!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0

This is the very basic stuff done.

here is the debian wiki for reference https://wiki.debian.org/iptables

For adding rules it goes in the pattern:

iptables -A INPUT -p tcp --dport 3306 -s 192.168.IP.ADRESSHERE -j ACCEPT

iptables -A INPUT -p tcp --dport 3306 -j DROP

The above accepts tcp traffic from port 3306 and the IP supplied but drops from everywhere else. Do some tests that it works and then execute iptables-save > /etc/iptables.rules to save.