Search code examples
mysqlcentosiptablesteamspeak

IPTABLES Allow teamspeak 3 to connect to Mariadb on the same machine

Goodday, I have a centos 7 machine that is going to be a webserver and a teamspeak server at the same time. I have configured the iptables correctly for my webserver: Nginx and Mariadb are available to the designated ports. Now I have my teamspeak 3 server installed but it cannot contact the Mysql (Mariadb) database on the same machine. I dont know what iptable entry I should add to make it contact it. These are my iptable rules:

//Fresh start
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

//SSH
iptables -A INPUT -p tcp -s <ADMIN IP> --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT  -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

//allow rpm and stuff
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp --dport 53 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

//HTTP(S) Webserver
iptables -A INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT

//MariaDB Mysql
iptables -A INPUT -p tcp -s <ADMIN IP> --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 3306 -m state --state ESTABLISHED -j ACCEPT

//Teamspeak
iptables -A INPUT -p udp --dport 9987 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp --sport 9987 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 2008 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 2008 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 30033 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 30033 -m state --state ESTABLISHED -j ACCEPT

//save & reboot
service iptables save
systemctl restart iptables

What entry am I missing to make it work? The logs of teamspeak cleary say it cannot connect to 127.0.0.1 and when I turn off iptables everything works so it has to be something I am missing. I also dont want to do a global loopback entry!

Solution

  • Add the following to your //MariaDB MySQL rule

    iptables -A INPUT -p tcp -s 127.0.0.1 --dport 3306 -j ACCEPT
iptables -A OUTPUT -p tcp -d 127.0.0.1 --sport 3306 ! --syn -j ACCEPT