主页 / server / 问题 / 713938
Accepted
khinester
Asked: 2015-08-14 05:48:55 +0800 CST

apache / mysql 无法使用 PF 防火墙连接监狱

  • 772

我在 FreeBSD11 上设置了两个监狱环境

root@ns312773:/etc # jls
   JID  IP Address      Hostname                      Path
     1  10.6.6.6        www                           /usr/jails/www
     2  10.6.6.7        dbs                           /usr/jails/dbs

这就是我的 /etc/pf.conf 中的内容

### Interfaces ###
 ExtIf ="igb0"
 IntIf ="lo666"

### Hosts ###
 IP_WEB ="192.168.0.1"
 IP_JAIL = "{10.6.6.6, 10.6.6.7, 10.6.6.8, 10.6.6.9}"
 IP_JAIL_WWW = "10.6.6.6"
 IP_JAIL_DBS = "10.6.6.7"
 IP_JAIL_APP = "10.6.6.8"
 NET_JAIL="10.6.6.0/24"

### Ports ###
 PORT_WWW="{80,443}"
 PORT_MYSQL="{3306}"

# WWW
rdr pass on $ExtIf proto tcp from any to $IP_WEB port $PORT_WWW -> $IP_JAIL_WWW
# MYSQL
rdr pass on $ExtIf proto tcp from any to $IP_JAIL_WWW port $PORT_MYSQL -> $IP_JAIL_DBS

当我试图检查端口是否从$IP_JAIL_WWW

# ezjail-admin console www
Last login: Thu Aug 13 13:30:14 on pts/0
FreeBSD 11.0-CURRENT (GENERIC) #0 r286285: Tue Aug  4 15:12:53 UTC 2015

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

Edit /etc/motd to change this login announcement.
root@www:~ # telnet 10.6.6.7 3306
Trying 10.6.6.7...
Connected to 10.6.6.7.
Escape character is '^]'.
AHost '10.6.6.6' is not allowed to connect to this MySQL serverConnection closed by foreign host.
root@www:~ #

据我所知,rdr pass on $ExtIf proto tcp from any to $IP_JAIL_WWW port $PORT_MYSQL -> $IP_JAIL_DBS应该通过两个监狱之间的交通,任何建议都非常感谢。

mysql

1 个回答

  1. Best Answer

    我明白了,我必须创建一个 MySQL 用户才能连接

    mysql> use mysql;
mysql> CREATE USER 'web'@'10.6.6.6' IDENTIFIED BY 'password';
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER ON *.* TO 'web'@'10.6.6.6';
mysql> FLUSH PRIVILEGES;

    然后从网络监狱:

    # ezjail-admin console www
root@www:~ # vi /usr/local/www/apache24/data/mysql.php

<?php
$servername = "10.6.6.7";
$username = "web";
$password = "password";

// Create connection
$conn = new mysqli($servername, $username, $password);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully";
?>

    然后去http://192.168.0.1/mysql.php你应该得到Connected successfully

    • 0

相关问题