3

I'm trying to connect to port 3306 on an Ubuntu box and am unable to do so. When I do iptables -L -n | grep 3306 I see this:

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:3306 
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:3306

So it looks like I should be able to connect.

Are there any rules that I should look for that could undo these? In my cursory glance I didn't see any. Plus, when I do grep 80 and grep 443 I see pretty much the same thing as above, but with 80 and 443 instead of 3306. And I'm able to connect on ports 80 and 443 even tho I'm not able to connect on port 3306.

The webserver is hosted on Rackspace's cloud. I know AWS has additional firewall rules independent of the OS that can be set - does Rackspace? I wasn't able to find any in going through the menu and my Google searches haven't proven very fruitful either.

Dave M
  • 4,514
  • 22
  • 31
  • 30
neubert
  • 317
  • 8
  • 26
  • Did you check if the mysql server is actually running and listening to port 3306? Run `netstat -tulpn | grep 3306` so check. Maybe permissions in mysql are set wrong. You can set the host in mysql a user can connect from. When you created the user like this: `CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password';` it could be the problem. – Henrik Pingel Nov 11 '15 at 21:20
  • Yes, the MySQL server is running. I'm able to connect to when I'm SSH'd into that machine. eg. `mysql -uuser -p`. And sure, there could be an issue with the user permissions but I can't even connect to port 3306. I can do `telnet servername.com 22`, `telnet servername.com 80` and `telnet servername.com 443` just fine. But `telnet servername.com 3306` times out. And I'm not running a telnet server on those ports - it's just an easy way to see if a port is at least open and port 3306 isn't. – neubert Nov 11 '15 at 21:46
  • A timeout while other ports do work usually indicates a firewall issue. – wurtel Nov 12 '15 at 13:23
  • @wurtel - yup. That's why I was looking at the iptables config. I consider myself to very much be a newbie when it comes to iptables hence this post. And like I said in my OP, as well, I do wonder if there might be an additional firewall that lives outside of the virtual machine. AWS has them so maybe Rackspace does too but my Google searches and searches of their web interface haven't been very fruitful in that regard. – neubert Nov 12 '15 at 14:15
  • 2
    Don't be fooled by the `iptables | grep` output, if those are preceded by a DROP they won't be reached. Use` iptables -L -vn` to show counters to show what rules are hit how often. – wurtel Nov 12 '15 at 14:51

3 Answers3

1

My solution was to reinstall ufw.

apt purge ufw
apt install ufw

Then add port 3306.

sysadmin1138
  • 133,124
  • 18
  • 176
  • 300
Percy Riquelme
  • 21
  • 1
1

In general, you should consider 1) MySQL bind-address, and 2) the firewall.
Since you aren't able to make a connection with telnet SERVER_IP 3306, either the firewall is blocking the connection or MySQL is not listening on that port.

Firewall

You should review your firewall rules as a set, without piping to grep, to see if there are any matching rules above the one you pasted in your question.
On the topic of your firewall, it's generally a BadIdea™ to open :3306 to the public internet. I prefer to use an SSH tunnel to connect to my remote databases.

MySQL bind-address

Either look for "bind_address" in your MySQL config, or try netstat -plnt and look for MySQL in the list. To accept remote connections, bind_address must be something other than "127.0.0.1" (SSH tunnels work around this!).

Joe A
  • 300
  • 2
  • 9
-1

with me i do not use ipbles though is a system manager you need to know but have to be very careful how about using a firewall ufw . if you already have that i will recommend you uninstall the fire wall: sudo apt-get ufw remove then restart your sever and clear all existing iptables. think its iptables -F** then reinstall ufw then open port 3306. **sudo ufw allow 3306/protocol` that will open the port. if you can still connect with telnet then you need to check on your MySQL bind-address

toxic
  • 9
  • 1
  • Reinstall the firewall and restart your host, to open a port? – Andrew Schulman Apr 19 '21 at 12:11
  • not that, uninstall your fire wall then clear all the iptables. then reinstall your firewall . u can now open the ports you want to open . the commands i used above are for the ufw firewall . reinstalling the fire wall will set the default ports of 22,80 etc as open ports – toxic Apr 20 '21 at 09:34