MySQL Remote server || Open ports

A Paris
Le 14 Nv MMVII


Dear Madam and Sir,

Do you know how to access a MYSQL DB from an external server ?

We read the information and studied :

1) Sir//Aho : The mysql-server machine must have open ports for the
incomming connection
(default 3306). There must be a mysql-user who has the privileged to
connect from the
remote server.

2) http://www.cyberciti.biz/tips/linux-iptables-18-allow-mysql- server-incoming-request.html
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT

3) http://iptables-tutorial.frozentux.net/iptables-tutorial.htm l
object : iptables

BUT

1) Open ports : We do not know where to exactly insert that, and the
consequences :
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT

2) There is an impact an security and we're very affraid about safety.

3) Changing HTPPD.CONF can lead to a non-access to the server (no SSH
if the implementation failed) with a guy manually reinstalling the
former version.

4) We have a dream of someone in the world having access to our
servers to enhance configuration.

Thanking you very much for your help,

Norm

Re: MySQL Remote server || Open ports

Hi,

You can restrict remote access to a specific IP like so:

-A INPUT -s 192.168.1.2/255.255.255.255 -p udp -m udp --dport 3306 -j
ACCEPT
-A INPUT -s 192.168.1.2/255.255.255.255 -p tcp -m tcp --dport 3306 -j
ACCEPT

Replace 192.168.1.2 with the allowed IP. On most redhat systems that
would go in /etc/sysconfig/iptables. To update the changes you would
do: service iptables restart

That's good enough security for many applications. For an added level
of security, you can establish a VPN between the hosts or use an
encrypted SSH tunnel as described here:

http://chxo.com/be2/20040511_5667.html

HTH,
John Peters

On Nov 14, 10:33 am, Pseudonyme wrote:
> A Paris
> Le 14 Nv MMVII
>
> Dear Madam and Sir,
>
> Do you know how to access a MYSQL DB from an external server ?
>
> We read the information and studied :
>
> 1) Sir//Aho : The mysql-server machine must have open ports for the
> incomming connection
> (default 3306). There must be a mysql-user who has the privileged to
> connect from the
> remote server.
>
> 2)http://www.cyberciti.biz/tips/linux-iptables-18-allow-mysq l-server-in...
> iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
>
> 3)http://iptables-tutorial.frozentux.net/iptables-tutorial.h tml
> object : iptables
>
> BUT
>
> 1) Open ports : We do not know where to exactly insert that, and the
> consequences :
> iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
>
> 2) There is an impact an security and we're very affraid about safety.
>
> 3) Changing HTPPD.CONF can lead to a non-access to the server (no SSH
> if the implementation failed) with a guy manually reinstalling the
> former version.
>
> 4) We have a dream of someone in the world having access to our
> servers to enhance configuration.
>
> Thanking you very much for your help,
>
> Norm

Re: MySQL Remote server || Open ports

Pseudonyme wrote:
> We could have the procedure done.
> -A INPUT -s 192.168.1.2/255.255.255.255 -p udp -m udp --dport 3306 -j
> ACCEPT
> -A INPUT -s 192.168.1.2/255.255.255.255 -p tcp -m tcp --dport 3306 -j
> ACCEPT. Thanks.
>
>
> The speed of the http shown-pages is a key factor.
>
> We are sure our configuration for our MYSQL server is not optimized.
>
> We thought asking to these US Company might help :
> . Touchsupport.com (lafayette town)
> . PlatinumServerManagement.com
> . Serverwizards.com
>
> With objectives to :
>
> a. optimize the configuration of the 2 servers (Unix/Apache/Linux/
> MySQL/PHP)
> b. advise us to get the fastest websites
> c. advise us in the architecture of servers
> d. upgrade PHP, MYSQL and other application installed to get the
> latest versions
> e. act during traffic peaks
> f. advise us to always get a secured server
>
> But answers are : please pay USD 150 from the following link and move
> from ENSIM to cPanel prior to your subscription.
>
> Do you know someone that could be able to optimize our configuration.
>
> My Regards,
>
> Norm
>
>
>
>

There are a number of consulting companies who could help you.
Basically you need three skills - Unix Admin, MySQL Admin and PHP
programmer. It sounds like a lot, but it really isn't. The three
typically go together well.

Just check out references before buying. Some people, for instance,
play with MySQL but don't know how to tune it well for a heavy load.
Find someone who's successfully worked on systems similar to yours.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: MySQL Remote server || Open ports

Pseudonyme wrote:
> .... "Some people, for instance, play with MySQL but don't know how to
> tune it well for a heavy load." ...
>
> That might be right.
>
> Problem is to give all access to Serverwizar for instance with the
> background of a guy :
> http://216.239.59.104/search?q=cache:1gQ6io6YCOcJ:www.namepr os.com/warnings-and-alerts/267727-serverwizards-sucks.html+s erverwizards&hl=en&ct=clnk&cd=2
>
> where they basically broke everything.
>
> "Server Wizar : We Never Sleep. We Never Eat. We Do Magic.". >>
> What's that ?
>
> In the Admin we trust ... but in someone secured.
>
> *****
>
> MYSQL :
> If I divide by 10 the weight of threads, multiple by 10 the weight of
> cache, multiple by 10 the number of threads, multiplie by 10 the
> number the simultaneous connections.
> I multiplie by 10.000 the available data in theory.
>
> Is there an option to apply that theory ?
> http://groups.google.com/group/comp.databases.mysql/browse_t hread/thread/aee95d485b92977c?hl=en#717aaead47c4b27b
>
> My Regards
>
> Bob
>
>

Bob,

I can't help you a lot on that. Most of my experience with heavily
loaded systems is with DB2, which is completely different than MySQL in
tuning. I can tune MySQL and get good performance out of it, but it's
more hit and miss, and I probably don't get the best performance. Just
"good enough".

And when I do, I always start with the Optimizing chapter in the MySQL
documentation. It's got some really great information in it.

So I really hesitate to give you any guidance. It probably would be
worth exactly what you paid for it :-)

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================