-3

I started MySQL with this command service mysql start and it worked pretty well. So:

  1. Using the netstat command, I found 127.0.0.1:3306 was in listening state, this is the MySQL service.
  2. So I did a scan with nmap on localhost using nmap -p 3306 127.0.0.1 it gave me the result 3306 is open, this is the MySQL service running.
  3. And now I did nmap scan from the public IP 192.168.1.100 and it throws me a output MySQL ports is closed.

So why the port is show showing open when I scanned through internal IP and not from the remote IP, do I have to forward the IP?

Vilican
  • 2,703
  • 8
  • 21
  • 35
black
  • 1
  • Welcome to security.SE black. I tried to clean up your question to make it easier to understand but wasn't sure about the last sentence. As this is your actual question, you may want to try to word it a bit better. You can [edit your question](https://security.stackexchange.com/posts/108459/edit) to update the question. Have a clear title and question will increase the chance that you get helpful answers. – Neil Smithline Dec 18 '15 at 06:14
  • The 'Internet' is a local IP on your network (I presume). Can the 192.168.1.100 machine ping the MySQL machine? Also what nmap command did you on the 192.168.1.100 machine to scan the MySQL machine? – TheJulyPlot Dec 18 '15 at 06:50

1 Answers1

2

The netstat command told you MySQL was listening on 127.0.0.1, the loopback address, to which you can only connect from the local machine, but not from any other host in the Internet.

If you really want to reach your database server from the net you'd have to configure it to listen on your internet IP and add the appropriate firewall rules to allow the connections, but opening up your DB server to the whole internet is a really bad idea and I wouldn't advise it.

André Borie
  • 12,706
  • 3
  • 39
  • 76