[ILUG] MySQL V4 with SSL has problems with iptables
lkd-ilug at sky-haven.net
Thu Oct 16 04:45:38 IST 2008
Scríobh Bailey, Darragh De Ceadaoin 15 Deireadh Fómhair 2008:
> The other thing about rejecting on port 3306, I believe the way MySQL server
and clients work is that after the initial handshake on port 3306, the client
is told to reconnect via another port for its queries, where a server thread
will handle its requests.
Just a note: the traffic for MySQL, SSL'ed or otherwise, stays on port (so
3306/tcp by default). This trivially inspectable in a lab.
In practice, Cisco admins know there's no "MySQL fixup" or "MySQL MPF inspect"
need to keep MySQL working through a PIX or an ASA firewall, and iptables
gurus know there's no "MySQL" inspection to support MySQL-RELATED connections
as exists for FTP.
More information about the ILUG