I have a local application that needs to connect to a remote mysql server at 40.40.40.40:3306
The main firewall blocks all connections but ssh, I can set up a ssh tunnel and connect to the server without problems
ssh [email protected] -L 3306:127.0.0.1:3306 -N
(in another terminal)
$ mysql -udb_user -h127.0.0.1 -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
[...]
My intent is to configure iptables to forwards the connection destinated to 40.40.40.40:3306 to my tunnel at 127.0.0.1:3306
# iptables -t nat -A PREROUTING -d 40.40.40.40 -p tcp --dport 3306 -j DNAT --to-destination 127.0.0.1:3306
# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere 40.40.40.40 tcp dpt:mysql to:127.0.0.1:3306
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
#cat /proc/sys/net/ipv4/ip_forward
1
With this setup my applications still can't connect to the database, if I change the connection settings to 127.0.0.1 I have no problems, so I assume that the application works perfectly.
You need to use the OUTPUT chain to redirect an outbound connection to a local port.
This rule will work as you need:
iptables -t nat -A OUTPUT -p tcp -d 40.40.40.40 --dport 3306 -j REDIRECT --to-port 3306
이 기사는 인터넷에서 수집됩니다. 재 인쇄 할 때 출처를 알려주십시오.
침해가 발생한 경우 연락 주시기 바랍니다[email protected] 삭제
몇 마디 만하겠습니다