Firewall issues

[mscolar]

Hi,

I am running the default firewall and I just can't open port 3306 (mysql), I ve even switched off the firewall but it still won t work. I want mysql traffic to be enabled in incomming and outgoing traffic.

Firewall config:

:INPUT ACCEPT [0:0]

-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 3306 -j ACCEPT


:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 3306 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

Thank you.

[hawkmage]

Do you have the entry bind-address in your MySQL configuration file? If so what is it set to?

[DaemonProgrammr]

Keep in mind that, traditionally, you have to 'GRANT' access for a user from another host than 127.0.0.1.
Otherwise your connections just won't be accepted..

[mscolar]

@hawkmage

I m sorry but i am quite new to Linux. I am using Debian 6, are you referring to the config file located in: /etc/mysql/my.cnf? I am trying to access a database that is hosed on another server on the same network using unixoODBC, i have tried to verify connectivity through the isql tool, unsuccessfully. I have used nmap to check which ports are open but port 3306 appears to be disabled. The bind-address within that file (my.cnf) is set to 127.0.0.1, should this variable be changed to the IP of the other. Also if I change this IP to the IP of the other server, would the localhost be able to access the database? Thank you.

[mscolar]

[quote]
DaemonProgrammr wrote:
Keep in mind that, traditionally, you have to 'GRANT' access for a user from another host than 127.0.0.1.
Otherwise your connections just won't be accepted..[/quote]

As I already said I am quite new to Linux, can you please give me an example of how to open port 3306 using the grant access command? Thank you

[tigalch]

[quote]
I m sorry but i am quite new to Linux. I am using Debian 6, are you referring to the config file located in: /etc/mysql/my.cnf? [/quote]

Just to point out that this is a CentOS-support venue, not a debian support venue.
Yes, the file my.cnf is usually somewhere around /etc.

[quote]
As I already said I am quite new to Linux, can you please give me an example of how to open port 3306 using the grant access command? Thank you
[/quote]

You have to grant access from other hosts from within mysql using SQL-syntax. http://dev.mysql.com/doc/refman/5.5/en//adding-users.html might be of help. It's not an issue of iptables (well yes, the port 3306 has to be opened for the rest to work).

[simon_matthews]

[quote]
mscolar wrote:
@hawkmage

I m sorry but i am quite new to Linux. I am using Debian 6, are you referring to the config file located in: /etc/mysql/my.cnf? I am trying to access a database that is hosed on another server on the same network using unixoODBC, i have tried to verify connectivity through the isql tool, unsuccessfully. I have used nmap to check which ports are open but port 3306 appears to be disabled. The bind-address within that file (my.cnf) is set to 127.0.0.1, should this variable be changed to the IP of the other. Also if I change this IP to the IP of the other server, would the localhost be able to access the database? Thank you.[/quote]

The easiest setting for the bind address is to simply comment it out. This will make mysql bind to (listen on) all interfaces on your server. You also need to comment out the line:
# skip-networking
if it is not already commented out.
Note that bind address is NOT the address of a remote machine -- it configures the addresses on which the mysql server listens for conections.