[CentOS] Frustrations with MySQL loss, tcpdump, netstat, etc
Les Mikesell
lesmikesell at gmail.com
Tue Dec 22 17:00:27 UTC 2009
ML wrote:
> Hi Les,
>
>>> MySQL is running, my Wordpress stuff is working, but I cannot connect to the server from my house. This server is in my house, however, but on a public IP, behind a firewall, etc.
>>>
>>> I checked my hardware firewall (a dedicated UnTangle system) and that is successfully allowing the passage. I know this because the firewall shows:
>>>
>>> 2009-12-22 6:29:41 am passed <my IP>:35606 <server IP>:3306
>>>
>> [...]
>
>>> What am I doing wrong? What can I check for? I am stumped!
>> Where does the client connection originate? Is it behind the same
>> firewall but on a NATed address? Or is NAT involved in some other way
>> that might keep you from seeing the source you expect in your tcpdump?
>
> OK, I have a comcast modem as pass through.
>
> I have a firewall and behind it is the mysql server (public IP)
>
> I have an Apple Time Capsule that is NOT behind the firewall, but does have a public IP on the same network as the firewall and MySQL Server. The Time Capsule nats and give clients behind it a private IP.
I still don't understand the exact relationship - or which address you
are expecting in the tcpdump. From this description I'd guess you would
see the time capsule's public IP as the source for your connections. Is
that what you were expecting, but not seeing, in your tcpdump? Are
there other connections to mysql through this interface or can you just
look for anything on port 3306? And is the firewall running as an
unnumbered bridge? I'd make sure packets are going back and forth before
looking further. Also, comcast modems can overlay a private range on
the same subnet as the assigned public set. It would be possible for
your time capsule to use a dhcp-assigned private address on it's public
facing side which would be NATted by the comcast modem.
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list