I have two Centos VM. The IP Address on VM_1 is 10.99.0.10 and VM_2 is 10.99.0.12. Apache and PHP are in VM_1 and MySQL is in VM_2. Both are having IPTables rules. VM_2 is working fine with rules. Now I am Testing from VM_1.
First, I disabled VM_1 IPTables and connect to VM_2 MySQL (connected successfully).
[root@foster ~]# service IPTables stop
IPTables : Applying firewall rules: [ OK ]
[root@foster ~]# mysql -h 10.99.0.12 -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 16
Server version: 5.6.21 MySQL Community Server (GPL)
Next, I enabled VM_1 IPTables and connect to VM_2 MySQL (It never respond in hours and hours also).
[root@foster ~]# service IPTables start
IPTables : Applying firewall rules: [ OK ]
[root@foster ~]# mysql -h 10.99.0.12 -u root -p
Enter password:
What is wrong with my IPTables rules? My rules are in Pastebin.
The problem is in the method you enable MySQL traffic:
# Allow MySQL private Networking
sudo iptables -A INPUT -i eth1 -p tcp -s 10.99.0.12 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -o eth1 -p tcp --sport 3306 -m state --state ESTABLISHED -j ACCEPT
These rules have two issues:
MySQL traffic from VM_1 only if the connection was first initiated from VM_2 (10.99.0.12). 3306 as the client's (VM_1) port rather than as the server's (VM_2) port.A more suitable rule set would be as follows:
# Allow MySQL private Networking
sudo iptables -A OUTPUT -o eth1 -p tcp --dport 3306 -m state --state NEW, ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i eth1 -p tcp -s 10.99.0.12 --sport 3306 -m state --state ESTABLISHED -j ACCEPT