I need to provide remote MySQL access to a cPanel server for a handful of clients. However, I do not want to open 3306 to the world (for obvious reasons). cPanel's remote MySQL whitelisting mechanism isn't secure enough on its own. I've already had a server get "partially" compromised by ransomware (which has since been recovered via hardening, cleanup and backup restoration procedures).
My plan is to do one of the following:
A.) Install Pritunl on the same (WHM/cPanel) server, and limit access to port 3306 to the VPN's IPs
-- or --
B.) Install Pritunl on a separate instance (in the same data center) and use private IPs / tunneling for access.
In either case, I need to provide quick and easy VPN access to 3 to 5 clients on a variety of platforms. (OpenVPN Access Server, for the web interface, is too expensive for my use case... which is why I'm opting for Pritunl.)
I'm not sure which method (A or B) is "better", but I have failed to configure option B on my own. (probably has something to do with iptables configurations and/or assigning network adapters correctly -- e.g., eth0/ens7/etc.). I am not a network / firewall specialist, and I feel that haphazardly tossing in various iptables rules, ALLOW / ACCEPT / FORWARD / etc. (adapting snippets found around the web) probably isn't the best idea since security is so important here. Trial and error just isn't worth the risk.
Note: The main server I need to provide access to runs Cloudlinux + LiteSpeed, LVE + CSF + Imunify360.
My task for you would be to implement either option A or option B, depending on your recommendation. I'm happy to assist with any setups / configurations, and provide info as needed -- but root access will only be provided for a secondary server if we go with option B.
Some of my clients absolutely require remote MySQL access for database administration, but they also travel a lot (too many dynamic IPs to manage efficiently). I currently have 3306 blocked in CSF until a proper VPN solution is implemented. So this project is somewhat urgent!
*** I should also mention that my limited attempts to set up OpenVPN myself ended up routing all local computer traffic through the VPN... and we don't want that. Only specific traffic should route through the VPN -- namely 3306, and perhaps FTP port 21.
Feel free to ask any questions.
11 freelance font une offre moyenne de $162 pour ce travail
Systems Admin for more than than 12 years and I have used VPN for such scenarios. If you have option B already in place I can help with it and its workable.
Hi, Instead of option A or B I can setup the VPN server on the cPanel server directly and configure it not to route client's traffic through it. Your clients will connect directly to the VPN server running on the cPa Plus
Hello, l have read your project description and I will recommend option B for your scenario. I will do install a VPN server and you clients will be able to access mysql easily. Best regards,
Hi there. Actually there is an option C. And includes not using OpenVPN or iptables. Is easy to setup and maintain and it has access rules that can be setup to control what traffic goes through the connections. Soun Plus
Greetings, After careful reading of your project description, i would like to work on it. I completed another project a few weeks back, that also involved similar setup. Here is the link, incase you want to check it ou Plus
Hello. I offer high-quality and affordable web development and design services, providing customized solutions that best fit your business's unique needs. Having over 8 years of experience in the software industry, I h Plus
We have a lot of experience of working on server and can do it for you. You can also connect us on [login to view URL] using our chatbot for further discussion. Would love to connect.
I have configured priunl and OpenVPN in my environment so I can help you out with accomplish your requirement.