LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   CentOS (https://www.linuxquestions.org/questions/centos-111/)
-   -   CentOS 7 - Problems with firewalld/iptables on CentOS 7 Router -Can't connect to MariaDB between private networks (Virtual Box) (https://www.linuxquestions.org/questions/centos-111/centos-7-problems-with-firewalld-iptables-on-centos-7-router-cant-connect-to-mariadb-between-private-networks-virtual-box-4175597083/)

arkfantasy 01-09-2017 06:55 AM
CentOS 7 - Problems with firewalld/iptables on CentOS 7 Router -Can't connect to MariaDB between private networks (Virtual Box)
 
Hi, i need help configuring firewalld/iptables on my CentOS 7 VM (VirtualBox).

I have 3 CentOS VM's.

A: 10.0.30.5 (Postfix,Dovecot)
B: 10.0.40.5 (MariaDB, DHCP)
C: 10.0.50.50 (NAT net virtual box) 10.0.30.30 (gateway to 30.0 network), 10.0.40.40 (gateway to 40.0 network).

I have CentOS 7 as router, with iptables to allow NAT from two private networks (Host Only on VirtualBox), and i have access to internet from both private networks.

I can do ping from 10.0.30.X to 10.0.40.x hosts.


I have the next problem:

I have installed postfix,dovecot and MariaDB on host 10.0.30.5 and all works fine.

I can't connnec to MySQL from network 40.0 to 30.0, but i can connect from a client on my real machine (Windows), but because it uses 30.1 gateway (Virtualbox), and it's on the some network...
If i try to connect using:
mysql -u "user" -h "10.0.30.5" -p
From 10.0.40.5 machine (postfix,dovecot...), i have an error (113) can't connect.

If i stop the firewalld service, i can connect fine from 40.0 network to 30.0 network.

How can i say the router i want allow mysql client command to connect to 10.0.40.5 in the other side?

I have a idea how to do it using iptables, but i am using firewalld as default.

Need i create a rule on Router to allow the connection? Can someone tell me the rule? I need fix this today..

All is working fine between networks if i disable firewalld on CentOs 7 router VM.


This is a idea of my config in Router:

3 Network Devices (Ethernet):

A: Custom NAT network (Vbox) 10.0.50.50
B: Custom Host Only network (Vbox) 10.0.40.0
C: Custom Host Only network (Vbox) 10.0.40.0

VBox uses x.1 as gateway on each virtual ethernet/network.

My Router ethernet config is:

A:

ip 10.0.50.50
mask 255.255.255.0
gateway 10.0.50.1
DNS 8.8.8.8

B:

ip 10.0.30.30
mask 255.255.255.0
gateway 10.0.50.1
DNS 8.8.8.8

C:

ip 10.0.40.30
mask 255.255.255.0
gateway 10.0.50.1
DNS 8.8.8.8


All network divices points to 50.1 to access internet (NAT), i think it's ok, but i guess my problem is because this gateway...
I guess i need a rule to redirect/forward 3306 traffic from 40.5 mysql client to 30.5 server (MariaDB).

A rule when traffic come from 40.5 to 30.5 ..right?
Can someone help me?

Thanks and sorry for my english,i am spanish.

If you need more info tell me please, i have to finish this today, and i know it's Router firewalld problem but i have not many time to fix iptables/firewalld rules..Thank you all :(

MensaWater 01-09-2017 12:28 PM
firewalld is a front end for iptables. Once you're using firewalld you shouldn't do direct edits of iptables but rather use the firewalld commands to add/remove/update rules and it will make the appropriate changes to iptables for you.

Some basic commands for firewalld:
a) openning ports
firewall-cmd --permanent --zone=public --add-port=13782/tcp

b) openning port range
firewall-cmd --permanent --zone=public --add-port=9090-9091/tcp

c) Removing ports
firewall-cmd --permanent --zone=public -remove-port=631/udp

d) Listing ports
firewall-cmd --zone=public --list-ports

e) Listing services
firewall-cmd --zone=public --list-service

What you need to do is determine what port needs to be open for MySQL. The default port I've seen used for MySQL was 3306 but you may be using a different one.

arkfantasy 01-09-2017 01:29 PM
Quote:
Originally Posted by MensaWater (Post 5652472)
firewalld is a front end for iptables. Once you're using firewalld you shouldn't do direct edits of iptables but rather use the firewalld commands to add/remove/update rules and it will make the appropriate changes to iptables for you.

Some basic commands for firewalld:
a) openning ports
firewall-cmd --permanent --zone=public --add-port=13782/tcp

b) openning port range
firewall-cmd --permanent --zone=public --add-port=9090-9091/tcp

c) Removing ports
firewall-cmd --permanent --zone=public -remove-port=631/udp

d) Listing ports
firewall-cmd --zone=public --list-ports

e) Listing services
firewall-cmd --zone=public --list-service

What you need to do is determine what port needs to be open for MySQL. The default port I've seen used for MySQL was 3306 but you may be using a different one.

I've fixed my problem with this rules one hour ago but i am busy finishing all.

Using this rules to access using Thunderbird from 30.0 network to 40.0 network (40.5 is the server):

firewall-cmd --zone=internal --add-forward-port=port=25:proto=tcp:toport=25:toaddr=10.0.40.5 --permanent
firewall-cmd --zone=internal --add-forward-port=port=110:proto=tcp:toport=110:toaddr=10.0.40.5 --permanent
firewall-cmd --zone=internal --add-forward-port=port=143:proto=tcp:toport=143:toaddr=10.0.40.5 --permanent

I've done other rule to access from internal zones (30.0 and 40.0) to my MariaDB server using IP 10.0.30.5 and por 3306 as i use for Thunderbird and it works :)

I only need this working between host only networks so it's fine now, thanks for your help :)

MensaWater 01-09-2017 01:45 PM
Glad you got it fixed.

If you don't mind please go to thread tools and marked this as Solved. It helps others in future find solutions more quickly.

arkfantasy 01-09-2017 01:56 PM
Quote:
Originally Posted by MensaWater (Post 5652519)
Glad you got it fixed.

If you don't mind please go to thread tools and marked this as Solved. It helps others in future find solutions more quickly.
Done! :)


All times are GMT -5. The time now is 03:14 AM.