php - MySQL on LAN not working when IPTables are enabled -

php - MySQL on LAN not working when IPTables are enabled -

i have 2 centos vm. ip address on vm_1 10.99.0.10 , vm_2 10.99.0.12. apache , php in vm_1 , mysql in vm_2. both having iptables rules. vm_2 working fine rules. testing vm_1.

first, disabled vm_1 iptables , connect vm_2 mysql (connected successfully).

[root@foster ~]# service iptables stop iptables : applying firewall rules: [ ok ] [root@foster ~]# mysql -h 10.99.0.12 -u root -p come in password: welcome mysql monitor. commands end ; or \g. mysql connection id 16 server version: 5.6.21 mysql community server (gpl)

next, enabled vm_1 iptables , connect vm_2 mysql (it never respond in hours , hours also).

[root@foster ~]# service iptables start iptables : applying firewall rules: [ ok ] [root@foster ~]# mysql -h 10.99.0.12 -u root -p come in password:

what wrong iptables rules? rules in pastebin.

the problem in method enable mysql traffic:

# allow mysql private networking sudo iptables -a input -i eth1 -p tcp -s 10.99.0.12 --dport 3306 -m state --state new,established -j take sudo iptables -a output -o eth1 -p tcp --sport 3306 -m state --state established -j take

these rules have 2 issues:

they allow outgoing mysql traffic vm_1 if connection first initiated vm_2 (10.99.0.12). they specify port 3306 client's (vm_1) port rather server's (vm_2) port.

a more suitable rule set follows:

# allow mysql private networking sudo iptables -a output -o eth1 -p tcp --dport 3306 -m state --state new, established -j take sudo iptables -a input -i eth1 -p tcp -s 10.99.0.12 --sport 3306 -m state --state established -j take

php mysql apache iptables centos6.5