\\Solved// Need Help With IPTables

Discussion in 'Systems Administration' started by MeMyself, Aug 21, 2014.

  1. @PhanaticD Suck it. This is essentially what I already suggested.
     
  2. Why did you quote me, and then say "@PhanaticD Suck it."? Sorry if I had already repeated what you suggested, I didn't mean to.
     
  3. I already made the same suggestion you just made, except @PhanaticD said it was dumb. So I'm taking in a moment of ego boost. :p
     
    • Like Like x 1
  4. PhanaticD

    Patron

    You are both stupid
     
    • Agree Agree x 1
  5. I mean, that's what I believe to be the best way to do it. Care to explain? I'm always willing to learn something new! :)
     
  6. PhanaticD

    Patron

    if a server is bound to localhost it will not be able to communicate over the normal network interface to another server
     
    • Agree Agree x 2
  7. Sorry for the confusion, I skimmed the thread and missed the part where you wanted a secondary server to communicate with it. You could setup a GRE tunnel and then allow communication through that interface, and that would work fine, but you could also just do the basic IPTables rules such as
    Code (Text):

    iptables -A INPUT -p tcp --dports {{ ports }} -s {{ secondary server IP }} -j ACCEPT
    iptables -A INPUT -p tcp --dports {{ ports }} -j DROP
     
     
  8. Hmm, for some reason IPTables won't let me connect to the server even through the proxy.
    Here is my firewall.sh:
    Code (Text):
    PORTS="

    25566 <-- Lobby Port
    25567 <-- KitPvP Port
    25568 <-- Skywars Port
    3306 <-- MySQL Port?
    "
    IPS="

    127.0.0.1
    {Second Server's IP}
    "
    iptables -F
    iptables -X
    iptables -N BungeeCord

    for ip in $IPS
    do
    iptables -A BungeeCord --src $ip -j ACCEPT
    done
    iptables -A BungeeCord -j DROP

    for p in $PORTS
    do
      iptables -I INPUT -m tcp -p tcp --dport $p -j BungeeCord
    done
     
  9. PhanaticD

    Patron

    if by 2nd IP you mean the one the servers are on thats the wrong IP, you need the bungee IP in there
     
  10. So just the Bungee IP?
    Bungee is on the same machine, so it should be 127.0.0.1, right?
     
  11. PhanaticD

    Patron

    just put all your IPs in it lol
     
  12. Just get your main interface or as @PhanaticD said, put all of your IPs.
    The following should work and give you all the IPs on your machine.
    Code (Text):

    ifconfig -a | grep "inet " | awk '{print $2}

     
     
  13. It doesn't work. If I put the external IP of the server, since I have port 3306 closed, MySQL is not accessible, making plugins that use MySQL never start on server startup. If I use 127.0.0.1, plugins can connect to MySQL, and both servers start-up successfully. However I can't connect to the default server neither from the proxy or directly.
     
  14. PhanaticD

    Patron

    you have to allow remote connections in mysql then, thats not necessarily the firewall. by default MySQL doesnt allow logins from outside the machine
     
  15. MySQL is on the same machine it is trying to get accessed from, and I have allowed remote connections anyway.
     
  16. PhanaticD

    Patron

    is mysql running :p
     
  17. Its always running o_O
     
  18. Well, I fixed it. I had to put 127.0.0.1, and the external IPs of both dedicated servers.
    Thanks for your help @PhanaticD :)
     
    • Friendly Friendly x 1
  19. PhanaticD

    Patron

    phancymc ur totally copying my f=ph thing D;
     
  20. how can i uplaod the unix scipt to the root via the putty