I have an internal RFC 1918 computer lab that runs entirely on
192.168.1.0/24 space and my firewall (within the internal lab) runs between 192.168.1.0/24 and 10.10.10.0/24In ipfw I've allowed generously
05005 allow tcp from 192.168.1.0/24 to any 3306 05006 allow tcp from 192.168.1.0/24 to any 33400-33450I'm not so concerned about 3306 per-se. I can modify my allowances of
3306 to suit my purposes. But what I've noticed is that the replies come back on ports higher than 3306 (namely 33400 and upwards.) These I've allowd for in my firewall) and all appears to be working splendidly. But I'd like to know how other people have done it. I've heard of people allowing only port 3306. But I can't see how this works if the replies are on higher ports. (I've tried allow tcp from any to any 3306 established. but that didn't work.) The only setup that worked is the one I've now got.Paulb