[ILUG] MySQL V4 with SSL has problems with iptables
dbailey at hp.com
Thu Oct 16 09:02:18 IST 2008
> -----Original Message-----
> From: ilug-bounces at linux.ie [mailto:ilug-bounces at linux.ie] On Behalf Of
> Lance Dryden
> Sent: 16 October 2008 04:46
> To: ilug at linux.ie
> Subject: Re: [ILUG] MySQL V4 with SSL has problems with iptables
> Scríobh Bailey, Darragh De Ceadaoin 15 Deireadh Fómhair 2008:
> > The other thing about rejecting on port 3306, I believe the way MySQL
> and clients work is that after the initial handshake on port 3306, the
> is told to reconnect via another port for its queries, where a server
> will handle its requests.
> Just a note: the traffic for MySQL, SSL'ed or otherwise, stays on port (so
> 3306/tcp by default). This trivially inspectable in a lab.
> In practice, Cisco admins know there's no "MySQL fixup" or "MySQL MPF
> need to keep MySQL working through a PIX or an ASA firewall, and iptables
> gurus know there's no "MySQL" inspection to support MySQL-RELATED
> as exists for FTP.
> Yours, &c
> Lance Dryden
Interesting, I didn't realise that, I assumed that in order to support multiple simultaneous connections that the clients would have to connect to a different port for each connection.
Systems Software Engineer
Hewlett Packard Galway Ltd.
Postal Address: Hewlett Packard Galway Limited, Ballybrit Business Park, Galway
Registered Office: Hewlett Packard Galway Limited, 63-74 Sir John Rogerson's Quay Dublin 2
Registered Number: 361933
More information about the ILUG