limit remote connection

linuxjohan · October 1, 2010, 10:47am

Dear All,

I could use some help limiting connection to a remote server.

We have set up a connection in OpenOffice Base to MtSql on a
remote server - a very nifty thing.

We have OpenVpn set up - also works very good, in Yast - Security and users -
allowed services - External Zone we have Mysql added so we can connect no
problem.

My Question is : we can connnect using OpenVpn - through 10.x.x.x. but also
via the normal address , 193.x.x.x.

How can I limit this, so people can only connect via the OpenVpn connection?

The clients are all OpenSuse 11.2, the remote server is OpenSuse 11.1.

Any advise , anyone?

regards, J

ken_yap · October 1, 2010, 11:34am

On the MySQL side you can specify that the logins must come from certain IP addresses. The client IP addresses going through OpenVPN will be different from that going directly.

You can also use an iptables rule on the MySQL server to block port 3306 to direct connections.

linuxjohan · October 1, 2010, 11:48am

sounds like excelent advise, thanks !!
could you also specify where in MySql I could specify that?

greetings, J.

ken_yap · October 1, 2010, 11:53am

When you grant access to a database, the command is of the form:

GRANT ALL ON somedb.* TO account@‘host’ IDENTIFIED BY ‘password’;

That host part can be an IP address, or an IP range/domain specification containing a wildcard. See the MySQL manual for the GRANT syntax.

MySQL :: MySQL 5.1 Reference Manual :: 12.4.1.3 GRANT Syntax

linuxjohan · October 1, 2010, 12:03pm

again thanks! seems like the perfect solution !

greetings, J