I have two Centos VM.
The IP Addresses are as follows :
- VM_1 => 10.99.0.10
- VM_2 => 10.99.0.12
Apache and PHP are in VM_1 and MySQL is in VM_2. Both are having iptables rules. VM_2 is working fine with rules. Now I am Testing from VM_1.
First I disabled VM_1 iptables and connect to VM_2 MySQL (connected successfully).
[root@foster ~]# service iptables stop
iptables: Applying firewall rules: [ OK ]
[root@foster ~]# mysql -h 10.99.0.12 -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 16
Server version: 5.6.21 MySQL Community Server (GPL)
...
Second I enabled VM_1 iptables and connect to VM_2 MySQL (It never respond in hours and hours also).
[root@foster ~]# service iptables start
iptables: Applying firewall rules: [ OK ]
[root@foster ~]# mysql -h 10.99.0.12 -u root -p
Enter password:
What is wrong with my iptables rules? Here are my iptables rules:
[root@foster ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state N EW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW,ESTABLISHED
ACCEPT tcp -- 10.99.0.12 anywhere tcp dpt:mysql state NEW,ESTABLISHED
ACCEPT tcp -- localhost anywhere tcp dpt:mysql state NEW,ESTABLISHED
LOGGING all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:ssh state E STABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:http state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:https state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:mysql state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:mysql state ESTABLISHED
Chain LOGGING (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 2/min bu rst 5 LOG level debug prefix `IPTables Dropped -:- '
DROP all -- anywhere anywhere