l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2009 May 12 10:47

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Port Forwarding or firewall?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Port Forwarding or firewall?



Hai Yi wrote:
> thank you, Rod. Actually, it also happened to the MySQL server as
> well. As you can see that I have mysql open @ port 3306. From another
> computer (Widnows XP) in my LAN, I installed a MySQL client
> (MySQLQueryBrowser.exe), it can't establish the connection to the
> server either. It's quite weird.

I think Rod's point was that it is not weird at all... it is per design.

The people packaging these servers don't want to assume that you
are prepared to have everyone on the internet accessing them, so they
only enable it on the localhost network interface (127.0.0.1).  Therefore
it is standard operating procedure to have YOU make that configuration
change... and you shouldn't do that until you have read enough of
the manual to know just what you want to expose on the outward-facing
network interface (192.168.1.128).  Apache and MySQL are both programs
with very configurable internal security options that you can get wrong and
end up exposing some or all of your computer contents to people running
vulnerability scanners.

I would recommend disabling your port forwarding on the router, and
reading some more about the configuration of these daemons and
testing them from your windows box (verify your configuration works
the way you want it to manually, and also try Zenmap/Nmap?) before exposing
them willy-nilly.

> On Sun, May 10, 2009 at 1:10 AM, Rod Roark <rod@sunsetsystems.com> wrote:
>> It sounds like your DB server's admin feature is listening only on
>> localhost and not on the network interface... which is the default
>> setting that you'd probably expect.
>>
>> Rod
>>
>> Hai Yi wrote:
>>> Hello there:
>>>
>>> I installed an apache http server on my ubuntu linux box, and I config
>>> the port forwarding in my router, and I can access the page from
>>> outside of my local network, everything is cool.
>>> however, when I installed an oracle express version db server on the
>>> same box, I can access its admin page from the same box by typing:
>>> http://localhost:8080/apex, I config the router's port forwarding
>>> again, but this time, I can't visit the page from outside, and I can't
>>> visit the page from inside either (use
>>> http://192.168.1.128:8080/apex).
>>>
>>> Some ppl said that it might be that I have my firewall installed on
>>> the linux box, and this is my opened services:
>>>
>>> PORT     STATE SERVICE
>>> 22/tcp   open  ssh
>>> 80/tcp   open  http
>>> 631/tcp  open  ipp
>>> 1521/tcp open  oracle
>>> 3306/tcp open  mysql
>>> 8080/tcp open  http-proxy
>>>
>>>
>>> I hope that I've made myself understood.
>>>
>>> any help?
>>>
>>> Thanks a lot!
>>> Hai


-- 
---------------------------------------------------------------------------
Jeff Newmiller                        The     .....       .....  Go Live...
DCN:<jdnewmil@dcn.davis.ca.us>        Basics: ##.#.       ##.#.  Live Go...
                                       Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
/Software/Embedded Controllers)               .OO#.       .OO#.  rocks...1k
---------------------------------------------------------------------------
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.