iptables causing external sites to have problems when connecting to mysql

Question

Recently I've managed to block all unused ports on my dedicated server (Linux CentOS latest 64-bit) but whenever I do so, sites that connect to my database just simply cannot connect.

iptables -A INPUT -i lo -p tcp --dport 3306 -j ACCEPT 
iptables -A OUTPUT -o lo -p tcp --sport 3306 -j ACCEPT

I believe it has something to do with the OUTPUT port, but I am not sure.

Thanks.

Answer 1

If you want to allow remote incoming mysql connections you will need to define an INPUT rule that is not isolated to your local interface:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

In Centos this will be defined in the /etc/sysconfig/iptables file. Then restart:

sudo service iptables restart

Alternatively, from the command line, you can use:

sudo system-config-firewall-tui

To configure your firewall, it is in the package of the same name:

sudo yum install system-config-firewall-tui -y