Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] SuSEfirewall2 & mysql
  • From: Andreas Fiesser <fiesser@xxxxxxx>
  • Date: Thu, 24 Jan 2002 15:54:57 +0100
  • Message-id: <3C502041.DCF989FD@xxxxxxx>

Karsten Schell wrote:

> Since I am running mysqld on my server the port 3306 is open though its not
> inlcuded in EXTERNAL_TCP services

Did you run nmap on the external side of your packetfilter ?

> services I allow:
> FW_SERVICES_EXT_TCP="ssh smtp www pop3 https domain"

So you intend to provide all those services to the Internet ?

Even if mysqld could be reached from outside, there should be easy
ways to limit the usability of it by applying suitable rules within
the mysql system.

To go one step further, you could add al line in /etc/my.cnf that
tells mysqld only to listen on one interface, say the LAN side of
your server.

---- /etc/my.cnf ----
# The MySQL server
port = 3306
bind-address =
socket = /var/lib/mysql/mysql.sock

> any clue why this port is open ?

Maybe the server is there but can't be reached from outside ?
netstat or nmap would still report an open port. Obviously you need
this open port to connect from inside your LAN to use the mysql

< Previous Next >
Follow Ups