0

I have a problem with a VPS ports config (on ovh.com). I set up Debian 10 and updated it, but when I try to configure ports I get many errors.

I found that OVH infrastructure is protected by a global firewall, but on my panel it's shown as disabled and there are no rules applied.

EXAMPLE

If I use port 22 for SSH, it's all ok, but if I change the port then I get locked out. Same goes for any port.

ANOTHER EXAMPLE:

MariaDB is installed and listening on port 3306:

MariaDB [(none)]> show variables where variable_name = 'port';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| port          | 3306  |
+---------------+-------+

Also the rules in iptables are supposed to allow al conections:

debian@vps-54c8e268:~$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

Showed open with netstat:

debian@vps-54c8e268:~$ sudo netstat -tln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State  
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN

BUT: When I test port 3306 on https://www.yougetsignal.com/tools/open-ports/, it shows Port Closed. And when I try to connect from DBeaver, it gets connection refused.

Fahed
  • 121
  • 8
  • 1
    Does this answer your question? [What causes the 'Connection Refused' message?](https://serverfault.com/questions/725262/what-causes-the-connection-refused-message) – Michael Hampton Jul 04 '21 at 19:16
  • Hi, Michael. No, I just tested but netstat shows the service is listening on port, and tcpdump shows packet are sent and replied correctly. – Fahed Jul 04 '21 at 19:26
  • Your situation is covered in the linked post. It is also explained below. – Michael Hampton Jul 04 '21 at 19:28

1 Answers1

1

In case of your MySQL Daemon: It's set to listen to 127.0.0.1:3306. 127.0.0.1 is the loop back interface, and not reachable externally.

This is the default configuration of MySQL, and probably what you want unless you're aware that you have to change the configuration.

This is defined with the bind-address directive in the MySQL configuration file. Set it to 0.0.0.0 to make MySQL listen on all interfaces.

Note that this is probably not a good idea. It means that any vulnerability in MySQL may lead to a loss of database. To manage the DB, use SSH tunneling:

ssh -L 3306:127.0.0.1:3306 user@example.com

This will create a secure tunnel, using SSH, to transport packages from your PC to the remote server. Connect your MySQL client to localhost:3306, and enjoy.

vidarlo
  • 3,775
  • 1
  • 12
  • 25