[CentOS] Frustrations with MySQL loss, tcpdump, netstat, etc

Les Mikesell lesmikesell at gmail.com
Tue Dec 22 17:00:27 UTC 2009

ML wrote:
> Hi Les,
>>> MySQL is running, my Wordpress stuff is working, but I cannot connect to the server from my house. This server is in my house, however, but on a public IP, behind a firewall, etc.
>>> I checked my hardware firewall (a dedicated UnTangle system) and that is successfully allowing the passage. I know this because the firewall shows:
>>> 2009-12-22 6:29:41 am passed <my IP>:35606 <server IP>:3306
>> [...]
>>> What am I doing wrong? What can I check for? I am stumped!
>> Where does the client connection originate?  Is it behind the same 
>> firewall but on a NATed address?  Or is NAT involved in some other way 
>> that might keep you from seeing the source you expect in your tcpdump?
> OK, I have a comcast modem as pass through.
> I have a firewall and behind it is the mysql server (public IP)
> I have an Apple Time Capsule that is NOT behind the firewall, but does have a public IP on the same network as the firewall and MySQL Server. The Time Capsule nats and give clients behind it a private IP.

I still don't understand the exact relationship - or which address you 
are expecting in the tcpdump.  From this description I'd guess you would 
see the time capsule's public IP as the source for your connections.  Is 
that what you were expecting, but not seeing, in your tcpdump?  Are 
there other connections to mysql through this interface or can you just 
look for anything on port 3306?  And is the firewall running as an 
unnumbered bridge? I'd make sure packets are going back and forth before 
looking further.  Also, comcast modems can overlay a private range on 
the same subnet as the assigned public set.  It would be possible for 
your time capsule to use a dhcp-assigned private address on it's public 
facing side which would be NATted by the comcast modem.

   Les Mikesell
    lesmikesell at gmail.com

More information about the CentOS mailing list