[ILUG] MySQL V4 with SSL has problems with iptables

[Bailey, Darragh]

> -----Original Message-----
> From: ilug-bounces at linux.ie [mailto:ilug-bounces at linux.ie] On Behalf Of
> Lance Dryden
> Sent: 16 October 2008 04:46
> To: ilug at linux.ie
> Subject: Re: [ILUG] MySQL V4 with SSL has problems with iptables
>
> Scríobh Bailey, Darragh De Ceadaoin 15 Deireadh Fómhair 2008:
> > The other thing about rejecting on port 3306, I believe the way MySQL
> server
> and clients work is that after the initial handshake on port 3306, the
> client
> is told to reconnect via another port for its queries, where a server
> thread
> will handle its requests.
>
> Hi,
>
> Just a note: the traffic for MySQL, SSL'ed or otherwise, stays on port (so
> 3306/tcp by default).  This trivially inspectable in a lab.
>
> In practice, Cisco admins know there's no "MySQL fixup" or "MySQL MPF
> inspect"
> need to keep MySQL working through a PIX or an ASA firewall, and iptables
> gurus know there's no "MySQL" inspection to support MySQL-RELATED
> connections
> as exists for FTP.
>
> Yours, &c
> Lance Dryden

Interesting, I didn't realise that, I assumed that in order to support multiple simultaneous connections that the clients would have to connect to a different port for each connection.

--
Regards,
Darragh Bailey

Systems Software Engineer
Hewlett Packard Galway Ltd.

Postal Address:    Hewlett Packard Galway Limited, Ballybrit Business Park, Galway
Registered Office: Hewlett Packard Galway Limited, 63-74 Sir John Rogerson's Quay Dublin 2
Registered Number: 361933