SSH tunneling firewall query
oxfordmusic.net
lists at oxfordmusic.net
Thu Aug 26 14:47:36 UTC 2004
I have two boxes running RHEL3 with Webmin,MySQL and Iptables firewalls. I
am trying to create an SSH tunnel so that i can safely connect between the
boxes in MySQL. Both boxes need to run MySQL servers and the connections
will be in both directions.
Box 1: 11.33.55.77
Box 2: 22.44.66.88
Here's what I have at the moment on 11.33.55.77:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ## allow
stateful inbound
iptables -A INPUT -p tcp -s 22.44.66.88 --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -d 22.44.66.88 -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # allow
stateful outbound
and on 22.44.66.88:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ## allow
stateful inbound
iptables -A INPUT -p tcp -s 11.33.55.77 --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -d 11.33.55.77 -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # allow
stateful outbound
When I try the following command on 22.44.66.88:
ssh -L 3307:11.33.55.77:3306 11.33.55.77
it just hangs. From netstat I can see an outbound connection from
22.44.66.88 to 11.33.55.77:22 but nothing comes up on 11.33.55.77. I'm
pretty sure it must be something simple in my firewall configs that is
blocking this. Can anyone point me in the right direction?
Cheers
Andy
More information about the redhat-list
mailing list