[vox-tech] Port Forwarding or firewall?

Jeff Newmiller jdnewmil at dcn.davis.ca.us
Sun May 10 00:57:10 PDT 2009 

Hai Yi wrote:
> thank you, Rod. Actually, it also happened to the MySQL server as
> well. As you can see that I have mysql open @ port 3306. From another
> computer (Widnows XP) in my LAN, I installed a MySQL client
> (MySQLQueryBrowser.exe), it can't establish the connection to the
> server either. It's quite weird.

I think Rod's point was that it is not weird at all... it is per design.

The people packaging these servers don't want to assume that you
are prepared to have everyone on the internet accessing them, so they
only enable it on the localhost network interface (127.0.0.1).  Therefore
it is standard operating procedure to have YOU make that configuration
change... and you shouldn't do that until you have read enough of
the manual to know just what you want to expose on the outward-facing
network interface (192.168.1.128).  Apache and MySQL are both programs
with very configurable internal security options that you can get wrong and
end up exposing some or all of your computer contents to people running
vulnerability scanners.

I would recommend disabling your port forwarding on the router, and
reading some more about the configuration of these daemons and
testing them from your windows box (verify your configuration works
the way you want it to manually, and also try Zenmap/Nmap?) before exposing
them willy-nilly.

> On Sun, May 10, 2009 at 1:10 AM, Rod Roark <rod at sunsetsystems.com> wrote:
>> It sounds like your DB server's admin feature is listening only on
>> localhost and not on the network interface... which is the default
>> setting that you'd probably expect.
>>
>> Rod
>>
>> Hai Yi wrote:
>>> Hello there:
>>>
>>> I installed an apache http server on my ubuntu linux box, and I config
>>> the port forwarding in my router, and I can access the page from
>>> outside of my local network, everything is cool.
>>> however, when I installed an oracle express version db server on the
>>> same box, I can access its admin page from the same box by typing:
>>> http://localhost:8080/apex, I config the router's port forwarding
>>> again, but this time, I can't visit the page from outside, and I can't
>>> visit the page from inside either (use
>>> http://192.168.1.128:8080/apex).
>>>
>>> Some ppl said that it might be that I have my firewall installed on
>>> the linux box, and this is my opened services:
>>>
>>> PORT     STATE SERVICE
>>> 22/tcp   open  ssh
>>> 80/tcp   open  http
>>> 631/tcp  open  ipp
>>> 1521/tcp open  oracle
>>> 3306/tcp open  mysql
>>> 8080/tcp open  http-proxy
>>>
>>>
>>> I hope that I've made myself understood.
>>>
>>> any help?
>>>
>>> Thanks a lot!
>>> Hai


-- 
---------------------------------------------------------------------------
Jeff Newmiller                        The     .....       .....  Go Live...
DCN:<jdnewmil at dcn.davis.ca.us>        Basics: ##.#.       ##.#.  Live Go...
                                       Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
/Software/Embedded Controllers)               .OO#.       .OO#.  rocks...1k
---------------------------------------------------------------------------

More information about the vox-tech mailing list