I am using Squid as a proxy server for web cache in my local network. I have developed a utility in VB.NET that requires a remote connection to a MySQL database on a remote server over internet. I am able to connect to remote server if I disable the proxy server but can not if the proxy is enabled.
I don't know if I can use MySql Proxy in this scenario on my local proxy server and what configurations will I have to make.
Below is my squid configuration;
ACL to define ports allowed to passthrough Squid acl SSL_ports
port 443 acl Safe_ports port 80 # http acl Safe_ports
port 21 # ftp acl Safe_ports port 1025-65535 #
unregistered ports acl Safe_ports port 3306 # mysql remote
connection acl CONNECT method CONNECT http_access
deny !Safe_ports http_access allow Safe_ports http_access
allow CONNECT !SSL_ports
What alternative I can have to achieve a similar setup that is web cache + remote connection to mysql database.
Squid can't proxy MySQL at all.
You have to configure your firewall (or use direct connect, nat, etc) to use remote connection.
I've been looking into proxying database traffic, too. Squid can't proxy MySQL traffic, but you do want to proxy MySQL traffic, you can try SQLProxy, which is an IIS plug-in to proxy MySQL traffic.
A Java-based solution that runs on Windows, Mac, and Linux is TcpCatcher. It's primarily intended to monitor and change TCP traffic, but it can also be used as a pure proxy server.
If you are open to a *nix-based solution, there's High Availability Proxy ("HAProxy"), which is as a TCP/HTTP load balancer, which can be used to proxy MySQL database connections as well as HTTP connections.
There's a tutorial and information page on using HAProxy to proxy MySQL connections at http://www.severalnines.com/resources/clustercontrol-mysql-haproxy-load-balancing-tutorial (as of June 2013). Here's an example of using HAProxy to proxy a single MySQL connection: http://flavio.tordini.org/a-more-stable-mysql-with-haproxy.
I have managed to get it worked with Microsoft Forefront TMG. An access rule is to be created with a port 3306 outbound connection from internal to external for all the users. Firewall client should also be installed on client machines.
Squid and Polipo can not be used in an environment where remote connections to MySql are required. In such a scenario setting up a local server before proxy and some sync mechanism with the remote server or VPN/SSH is a possibility.
Hope it helps to other relevant readers.
Related
I have an application that connects to a domain using port 3306 (MySQL) and port 21 (FTP).
I've had to move the MySQL hosting to another server (AWS) and need to keep the FTP server as is.
Now the problem I have is that the application doesn't allow you to specify a different server name for each service so it's trying to connect via FTP to the MySQL server in AWS.
Is there any way to setup Windows to redirect certain ports only to a different IP?
Is there a way to set up the new server to bounce FTP requests back to the older server?
Alternatively is there a way to setup the domain DNS to point MySQL port requests to the MySQL server?
One of the ways to fix this is, install a TCP proxy server (Eg. nginx, haproxy) on the new server and pass the request to the old server based on the request type.
I am developing simple application with Visual Studio that gets data from remote MySQL server through MySql.Data.dll extension. Everything works fine when I'm in my own network, but when I'm at customer site it won't work. I'm assuming their IT is blocking port 3306. Since this is a big corp with strict rules cooperation with network admin is not an option. I heard about tunneling with SSH, tried to do some research but this time this is something not supported by my remote MySQL server provider. I'm out of ideas. What are my options?
Many thanks,
Paw
You can try the command > telnet <yourDBHost> 3306 to verify if port is blocked.
In that case, if you can't request to your admin to open port, maybe you can change the port of MySQL to another open port in the firewall, using your CPanel or editing config files directly if you can access it.
I've some mysql host in private network and would like to use a reverse proxy server (i.e. nginx) to connect with mysql-client to mysql host via reverse proxy server.
An example to better understand my answer:
suppose I've:
a mysql server with ip yyy.1
a mysql server with ip yyy.2
both in the network of a proxy server with ip XXX, and I associate to XXX the DNS mysql-server1.com and mysql-server2.com.
My goal is connect to mysql server yyy.1 when I use mysql client to connect to XXX by calling mysql-server1.com on port 3306, and similare when try mysql-server2.com on port 3306.
The problem with nginx is that I can't differenciate TCP request by server name, so in XXX server I should associate one port foreach mysql server, but this implies that every time I should change the port also in mysql client settings, and I don't wanna this!
There's some proxy-server that can accomplish that?
Could I use IP Table to route the request mysql-server1.com:3306 to localhost:[some port], where I could use [some port] in proxy setting to forward the requests to the server yyy.1?
This is impossible.
In the MySQL Client/Server protocol, the client never identifies the hostname to which it is attempting to connect to. Unlike in some other protocols, such as HTTP (with the Host header), the original name the client used to resolve an IP address from DNS is not preserved. TLS SNI is also not available, because TLS negotiation on a MySQL connection does not begin until the client reads the server capability flags to discover whether the server supports TLS, at which point the client asks to switch the connection to TLS... and this, of course, is after the connection is is already established.
In the MySQL Client/Server protocol, the server always talks first.
Your only options are for the proxy machine to listen on multiple IP addresses, with a DNS hostname pointing to each IP, and use the address to which the client connected to determine which server to use.
Or, each proxy instance listens on a separate port.
The protocol design prevents name-based virtual hosting.
I am trying to configure nginx as a tcp proxy for ejabberd.
The nginx configuration for tcp proxying is as shown below
stream{
upstream ejabberd-servers{
server ejabberd:5222;
}
server{
listen 5222;
proxy_pass ejabberd-servers;
}
}
The ejabberd server is the ejabberd server node name. Since this is done in a docker environment.
When I connect to nginx using smack client library, I get the error is SOCKS5 socket fail.
When I try connection using SOCKS4, I get Servers response VN 60
The reason I am trying to do so is because I do not want to expose ejabberd directly to the Internet. I need to have a proxy to load balance connections and also prevent DDos attacks.
Setting up ejabberd for Internet is nicely explained here.
[how to open ejabberd server to public
Has anybody done so successfully?
I want to know what is the protocol that is used by JDBC to connect to MySQL Database that is present on an other host.
My client has only http and https access restricted to his host. I want an application on an other host to communicate with that MySQL Database available on my client's host.
Please note my Client uses WINDOWS 2012 SERVER
He has asked me the protocols and ports my application is using to connect to MySQL so that he would enable them.
Request you to help.
By default mysql server uses 3306/tcp port but this is configurable. They should open up only the port that the server is listening on. Regarding the protocol it is mysql specific, you can find more info at the official documentation
By default MySQL server listens on port 3306/TCP. See manual for more details.
MySQL uses its own binary protocol over TCP to destination port 3306 to connect to the database. If you cannot get a path open betwee your client and the server for port 3306 maybe you can get the server configured to use a port that IS available to you. It would depend on who has the stricter rules, the network admins or the DBA :-)