List:General Discussion« Previous MessageNext Message »
From:Mogens Melander Date:May 7 2007 8:01pm
Subject:RE: secure port 3306
View as plain text  
Well, i that case you can forward the tunnel (port 22) directly
from server-1 to server-2, so when you tunnel from client to
server-1, you get forwarded to server-2.

On Mon, May 7, 2007 21:41, Steven Buehler wrote:
> But I also need to make sure that nobody is sniffing between Server-1 and
> Server-2.
> Steve
>
>
> -----Original Message-----
> From: Mogens Melander [mailto:mogens@stripped]
> Sent: Monday, May 07, 2007 1:35 PM
> To: Steven Buehler
> Cc: mysql@stripped
> Subject: RE: secure port 3306
>
>
> On Mon, May 7, 2007 17:40, Steven Buehler wrote:
>> The thing is...I need to securely do this.  Here would be the setup
>> Desktop -> Secure connection to Server 1 -> Secure connection to Server
>> 2.
>> So I am assuming that what I need to do is to have the Desktop SSH into
>> Server 1 which will have the iptables setup to tunnel to Server 2 and
>> then
>> use a tunnel from Secure CRT (or putty) to tunnel all the way to Server
>> 2
>> through Server 1?  Server one can only be accessed with SSH from Server
>> 1.
>
> The only reason for the need for ssh-tunnel would be to eliminate the
> risk of somebody "sniffing" between desktop -> server-1.
>
> This iptables rule allow only access from one ip-address (desktop).
>
>> ------------
>> On linux, one could do a port forward:
>>
>> EXTIF=eth0 # Or whatever the interface that faces internet is called.
>>
>> iptables -A FORWARD -i $EXTIF -p tcp -s <client-ip> --dport 3306 -j
>> ACCEPT
>> iptables -A PREROUTING -t nat -p tcp -s <client-ip> \
>>    -d <linux-fw-ip> --dport 3306 -j DNAT --to <internal-ip>:3306
>>
>> On Wed, May 2, 2007 17:03, Steven Buehler wrote:
>>> I have a client that needs to be able to remotely connect to port 3306
>>> securely.  I have tried to suggest an SSH Tunnel, but they do not want
>>> their clients to have SSH access.  Another problem is that even if we
>>> do tunnel, it needs to go thru one server that is connected to the
>>> Internet and into the MySQL server which is NOT accessible from the
>>> Internet.
>>>
>>> Any suggestions?
>>>
>>> Thanks
>>> Steve
>>>
>>>
>>> --
>>> MySQL General Mailing List
>>> For list archives: http://lists.mysql.com/mysql
>>> To unsubscribe:    http://lists.mysql.com/mysql?unsub=1
>>>
>>>
>>> --
>>> This message has been scanned for viruses and dangerous content by
>>> OpenProtect(http://www.openprotect.com), and is believed to be clean.
>>>
>>
>>
>> --
>> Later
>>
>> Mogens Melander
>> +45 40 85 71 38
>> +66 870 133 224
>>
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by OpenProtect(http://www.openprotect.com), and is
>> believed to be clean.
>>
>>
>> --
>> MySQL General Mailing List
>> For list archives: http://lists.mysql.com/mysql
>> To unsubscribe:
>> http://lists.mysql.com/mysql?unsub=1
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by OpenProtect(http://www.openprotect.com), and is
>> believed to be clean.
>>
>
>
> --
> Later
>
> Mogens Melander
> +45 40 85 71 38
> +66 870 133 224
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by OpenProtect(http://www.openprotect.com), and is
> believed to be clean.
>
>
> --
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe:    http://lists.mysql.com/mysql?unsub=1
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by OpenProtect(http://www.openprotect.com), and is
> believed to be clean.
>
>


-- 
Later

Mogens Melander
+45 40 85 71 38
+66 870 133 224



-- 
This message has been scanned for viruses and
dangerous content by OpenProtect(http://www.openprotect.com), and is
believed to be clean.

Thread
secure port 3306Steven Buehler2 May
  • RE: secure port 3306Jay Blanchard2 May
  • Re: secure port 3306Mogens Melander2 May
  • RE: secure port 3306Steven Buehler4 May
RE: secure port 3306Steven Buehler7 May
  • Re: secure port 3306BJ Swope7 May
  • RE: secure port 3306Mogens Melander7 May
    • RE: secure port 3306Steven Buehler7 May
      • RE: secure port 3306Mogens Melander7 May