I have the following scenario:
I changed the port of MySQL 54235, on linux server Centos, I accept connections from outside only on that port.
I have an old and discontinued third-party software, where there is no option to change the default port 3306. However, this software should access 2 fixed external ips.
How do I configure on linux to accept connection on port 3306 only from these 2 fixed ips, and internally, redirect the connection to port 54235?
the most easy is to use "socat"
socat TCP-LISTEN:3306,fork TCP:127.0.0.1:54235
Related
Im trying to setup MariaDB but my TCP port:3306 is already in use by mySQL which has the same port already. How do I fix this problem or rather how do I change to a different port.
3306 is the default port of both MySQL and MariaDB. You can change the port in either of these servers, using the port option in the server's configuration file.
See https://mariadb.com/kb/en/configuring-mariadb-with-option-files/
What value should you use? It's up to you, as long as no other service is using that port on your server host. You might pick 3307 for example.
All clients that need to connect to MariaDB will need to specify the port too. Most client connectors default to port 3306, and if you want to connect to a MySQL or MariaDB instance that has chosen a non-default port, then you need to specify that port in the client code when it makes a connection.
It looks like weird happening, I've followed and fixed all the possible things but still MySQL port 3306 is not accessible remotely.
Here's my setup:
Machine: Windows Server 2012 R2
MySQL Server: 8.xx
Settings have been applied:
In my.ini bind-address did to 0.0.0.0 and and thus after exec command netstat -an this is what I get TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING
From Windows Firewall I've enabled port 3306 inbound/outbound both. and set that to allow edge traversal as well
From the MySQL server I've created a user with % all host and then provided permission to all databases as well. which has been checked
I guess these are the actions I took afterward. But this is not working at all.
When I'm trying to do telnet server_ip 3306 error: Connecting To server_ip ...Could not open a connection to the host, on port 3306: Connect failed from other machines. The local host is working fine.
I don't see any other workaround that could else cause this issue?
I've tried installing MySQL 8.0 on my local PC:
With default setting
Firewall turned on
No firewall exception added manually
Then I tried to connect from a remote Windows Server 2016 Standard using telnet local_ip port through command-prompt and I received this:
J
8.0.27
ZPhqTaMC v|)64Pthmmysql_native_password
Which means the connection has been established. I test it further using SQLYog tool:
and for sure I can connect to it.
What I did next was I went to my firewall setting here
Control Panel\All Control Panel Items\Windows Defender Firewall\Allowed applications
and removed all related firewall exception that was made during the installation so I've removed the following:
mysqld
port3366 <-- this is the port I used
port33060
And when I tried to connect remotely, it tells me this:
Connecting To local_ip...
Could not open connection to the host, on port 3366: Connect failed
This confirms my suspicion that firewall have blocked the connection. Now, OP said that the port have been added to the firewall but still can't connect so my first step after that is adding back mysqld into the firewall exception.
In the firewall setting click "Allow another app"
The "Add and app" dialog opens then click "Browse"
Locate mysqld from MySQL folder - usually found in C:\Program Files\MySQL\MySQL Server 8.0\bin
Click "Add" then tick both "Public" and "Private" checkbox
Once I've done that, I tried connecting and it's successful. Note that I did not re-add the ports that I've removed previously but I still can connect remotely. Also, I didn't add bind-address in my.ini setting.
I am trying to access my rds mySql db via 443 only instead of 3306.
After enabling the ssl option on workbench and entering the path to the mysql-ssl-ca-cert.pem I tried to disable tcp 3306 on my security group to insure it connects using 443 but it doesn't.
I can connect using the mysql command line below but yet again it fails once i disable tcp 443 on the security group
mysql -h myinstance.c9akciq32.rds-us-east-1.amazonaws.com --ssl_ca=rds-ssl-ca-cert.pem
Amazon documentation states:
The SSL support in Amazon RDS is strictly for encrypting the connection between your client and your DB instance; it should not be relied on for authenticating the server.
Does this mean that I can only ever authenticate to mysql db over 3306 and not 443, but the data will be encrypted in transit?
My issue is that my customer won't open 3306 outbound on their firewall but 443 is of course opened. Any help appreciated.
You are confusing SSL and HTTPS. Port 443 is the default port for HTTPS connections. MySQL uses 3306 instead (and can use SSL over this port or any other to encrypt the connection). So, setting up SSL encryption for a MySQL connection doesn't affect the used port.
In order to use a different than the standard port you have to reconfigure the MySQL server, which you probably cannot do with an RDS instance.
It is possible to use tunneling to avoid the default port. In this scenario you have to open an SSH tunnel (MySQL Workbench can do that for you or you use an external program like putty on Windows or ssh on *nix like OSes). With that tunnel in place (which uses port 22 by default but can be configured for any other port if that matters for you) you can then forward access from a local port (here 3306, but can be any) to a remote port (can be any as well). This requires an SSH server on the remote end however.
I'd like to connect to MySQL (deamon is running on my VPS) via HeidiSQL. I've created new user, commented bind-adress option and when I try to connect with it via HeidiSQL, I've got an error 2003: Can't connect to MySQL server on 'xxx.xxx.xxx.xxx' (10061).
What should I do?
It could be a number of factors.
See if a firewall is blocking your traffic to the other host
Can you simply ping the host from the client machine?
Can you also open a simple telnet session to the host on port 3306 ?
(If the telnet is accepted, you will probably see some characters appear and you will remain in the telnet session for a few seconds before the connection is closed. If not accepted, you will see the message Connection refused.)
There's a simple checklist for this:
Is your MySQL server bound to "localhost" only? It might be listening for connections only on 127.0.0.1 or ::1 instead of any which is usually 0.0.0.0. Try connecting on your server to your server with mysql --host=host_ip where host_ip is your network IP address. I think the default is localhost-only.
Is port 3306 firewalled? Many distributions allow only SSH by default, so you may need to open this up to your client machine. Try not to open this up to everyone on the internet as having an open MySQL port is asking for trouble. It's always best to limit access to a set of specific IPs if possible.
Can you connect via an SSH tunnel instead? This is far more secure as it means your 3306 port is properly firewalled. There are many tools for creating SSH tunnels, but the basic principle is to forward a local port of your choosing to the remote server's port 3306.
I have a MySQL instance running locally on port 3306, but for some legacy apps I also want to make it available on port 3305 (don't ask). Is there an easy way to do this on OS X, so that if I try to connect on either 3305 or 3306 they will both go to the MySQL server on 3306?
You can use ipfw to set up a forwarding rule for port 3305 to send it to port 3306.
ipfw add fwd localhost,3306 tcp from any to any 3305 via en0
My syntax might be a little off and you may have to change it to the actual IP address or add a second rule for it.