and now in English, sorry! Since I am running mysqld on my server the port 3306 is open though its not inlcuded in EXTERNAL_TCP services services I allow: FW_SERVICES_EXT_TCP="ssh smtp www pop3 https domain" any clue why this port is open ?
Karsten Schell wrote:
Since I am running mysqld on my server the port 3306 is open though its not inlcuded in EXTERNAL_TCP services
Did you run nmap on the external side of your packetfilter ?
services I allow: FW_SERVICES_EXT_TCP="ssh smtp www pop3 https domain"
So you intend to provide all those services to the Internet ? Even if mysqld could be reached from outside, there should be easy ways to limit the usability of it by applying suitable rules within the mysql system. To go one step further, you could add al line in /etc/my.cnf that tells mysqld only to listen on one interface, say the LAN side of your server. ---- /etc/my.cnf ---- # The MySQL server [mysqld] port = 3306 bind-address = 192.168.0.254 socket = /var/lib/mysql/mysql.sock ---------------------
any clue why this port is open ?
Maybe the server is there but can't be reached from outside ? netstat or nmap would still report an open port. Obviously you need this open port to connect from inside your LAN to use the mysql server.
1/24/02 2:54:57 PM, Andreas Fiesser <fiesser@gmx.net> wrote:
Karsten Schell wrote:
Since I am running mysqld on my server the port 3306 is open though its not inlcuded in EXTERNAL_TCP services
Did you run nmap on the external side of your packetfilter ?
I have a firewall running on a linux PC behind a CM which is connected to the eth0 interface and a home lan on eth1 currently serving a couple of windows boxes. I run squid as a proxy server on the linux box (not ideal as it's on the firewall but I only have the one linux box). Squid might seem over the top for this setup but it dramatically speeds up browsing, particularly on the ad-heavy US sites and it was pretty easy to set up. I've set ACLs in squid to only allow access on the masqueraded 192.168.x.x network. How can I run nmap on the external side of my packet filter, as I think currently when I run nmap it shows the 3128 port open because it's being run from *behind* the firewall (I can't run nmap at work). Thanks, Tim Harrell <suse-ml@tharrell.com>
participants (3)
-
Andreas Fiesser -
Karsten Schell -
Tim Harrell