On google compute engine, I can access a port on a server through 'localhost', but I can not access the same port using IP address from the same server or from external client machines. I tried to create a new firewall rule on web console page, and can see it from Linux command, but port 8888 still can't be accessed
$ gcloud compute firewall-rules list
NAME NETWORK SRC_RANGES RULES SRC_TAGS TARGET_TAGS
allow8888 default 0.0.0.0/0 tcp:8888,udp:8888
default-allow-http default 0.0.0.0/0 tcp:80 http-server
default-allow-https default 0.0.0.0/0 tcp:443 https-server
Problem solved by changing local tcp server setting files
from 'localhost' to '0.0.0.0'
Problem solved by changing local tcp server setting files from 'localhost' to '0.0.0.0'
goto etc/hosts and update your host entries it should work
Related
background purpose: I want to restrict inbound connection to MYSQL server only for specific host by setting inbound rules of windows firewall.
MYSQL server port is open on 3306.
However, when I open firewall setting, I can see two ports are opened on 3306 and 33060 as follows:
what is that? Should I restrict 33060 as well?
The port for X Protocol (mysqlx_port), supported by clients such as MySQL Shell, MySQL Connectors and MySQL Router, is calculated by multiplying the port used for classic MySQL protocol by 10. For example if the classic MySQL protocol port is the default value of 3306 then the X Protocol port is 33060.
See MySQL Port Reference Tables for more information.
The MySQL X service, is listening on all interfaces, by default over localhost, on TCP port 33060 and clients can connect to it through x protocol. So you need to restrict it for specific host to ban it to connect through x protocol. I suggest use it just for localhost.
You can see open ports by mysql through the following command:
sudo lsof -i -P -n | grep 3306
I am having problem to connect to MariaDB on Linuc GCP VM. I have followed all practices to expose the VM on 3306, I use ephemeral IP. The VM is reachable as I have nginx installed. I have create remote user in MySQL, enabled remote access but still nothing. When i cannoct from my PC with MySQL Workbench i get connection error. What can it be?
I have also followed this:
enter link description here
Update
this the output of netstat:
$> netstat -ant | grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
Result of nmap is more intersting though:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp closed https
3389/tcp closed ms-wbt-server
I do not see 3306 but it is a port I have opened on firewall rule in GCP... How can it be is not shown?
Ok, I have found a mistake. It was in the GCP firewall configuration rule. The tag name of the VM was spelled wrongly. thanks.
I have added .ppk file is auth file
IPv4 Public Ip
Tunnel: 8888 localhost:80
username:ec2-user
When I log in via Bash it works fine, but when trying to view in the browser it won't show
http://localhost:8888/phpmyadmin
or
http://127.0.0.1:8888/phpmyadmin
it gives 404 Page Not Found
Security Group
You need to open TCP port 8888 in the ec2 Security Group. Also need to open the same port on the EC2 instance's firewall. and phpmyadmin default port is 3306 so try to open TCP port 3306 and access with ec2 instance IP with 3306 port.
steps to allow port
Go to the "Network & Security" -> Security Group settings in the left
hand navigation
Find the Security Group that your instance is apart of
Click on Inbound Rules
Use the drop-down and add HTTP (port 8888)
Click Apply and enjoy
I've just launched a MariaDB instance on RDS. I used all the default options, on the free tier. It has finished creating. When I try to access it with Sequel Pro or with the command line, I get an error:
Can't connect to MySQL server on {endpoint}
My security group is the default group. Its Inbound and Outbound Rules have:
Type: ALL Traffic
Protocol: ALL
Port Range: ALL
What am I missing here?
The answer for me was to add a new Inbound Rule to my existing Security Group:
Type: MySQL/Aurora (3306)
Protocol: TCP (6)
Port Range: 3306
Source: 0.0.0.0/0
[EDIT Oct 2020]: See Leon's comment below. Instead of 0.0.0.0/0 use your specific IP address.
Does the instance have an internet ip? If not, you know, you can
only connect it from inner net.
The port is 3306?
I am trying to access my rds mySql db via 443 only instead of 3306.
After enabling the ssl option on workbench and entering the path to the mysql-ssl-ca-cert.pem I tried to disable tcp 3306 on my security group to insure it connects using 443 but it doesn't.
I can connect using the mysql command line below but yet again it fails once i disable tcp 443 on the security group
mysql -h myinstance.c9akciq32.rds-us-east-1.amazonaws.com --ssl_ca=rds-ssl-ca-cert.pem
Amazon documentation states:
The SSL support in Amazon RDS is strictly for encrypting the connection between your client and your DB instance; it should not be relied on for authenticating the server.
Does this mean that I can only ever authenticate to mysql db over 3306 and not 443, but the data will be encrypted in transit?
My issue is that my customer won't open 3306 outbound on their firewall but 443 is of course opened. Any help appreciated.
You are confusing SSL and HTTPS. Port 443 is the default port for HTTPS connections. MySQL uses 3306 instead (and can use SSL over this port or any other to encrypt the connection). So, setting up SSL encryption for a MySQL connection doesn't affect the used port.
In order to use a different than the standard port you have to reconfigure the MySQL server, which you probably cannot do with an RDS instance.
It is possible to use tunneling to avoid the default port. In this scenario you have to open an SSH tunnel (MySQL Workbench can do that for you or you use an external program like putty on Windows or ssh on *nix like OSes). With that tunnel in place (which uses port 22 by default but can be configured for any other port if that matters for you) you can then forward access from a local port (here 3306, but can be any) to a remote port (can be any as well). This requires an SSH server on the remote end however.