0

I simply want to open up mysql to be accessible from any server ip.

I have already commented out the bind-address in /etc/mysql/my.conf.

I have already setup the user account within mysql.

I have no clue whats stopping me from connecting.

The more challenging I see this being the more I realize how much of a security risk it is, and I get that, I just want to be able to do it temporarily.

I think that the iptables firewall is the last thing that is preventing me from achieving this, but sudo iptables -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT is seemingly doing nothing.

thomas@vannevar:~$ netstat -tl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 *:mysql                 *:*                     LISTEN     
tcp        0      0 *:git                   *:*                     LISTEN     
tcp        0      0 *:ssh                   *:*                     LISTEN     
tcp6       0      0 [::]:git                [::]:*                  LISTEN     
tcp6       0      0 [::]:http               [::]:*                  LISTEN     
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN     
tcp6       0      0 [::]:https              [::]:*                  LISTEN

and

root@vannevar:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             127.0.0.0/8          reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
LOG        all  --  anywhere             anywhere             limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain fail2ban-ssh (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere
ThomasReggi
  • 601
  • 2
  • 9
  • 24
  • Did you try stopping firewall? you may have some rules that prevent you to connect from outside. Normally by commenting #bind-address will allow you bind mysql on any ip. – Hex Jun 27 '12 at 23:37

2 Answers2

0

Did you comment out the bind-address or bind it to 0.0.0.0?

Also, try flushing your firewall completely. Dump them with an iptables-save > foo.fw and then execute an iptables -F to empty the rules list.

You can also see if it's bound correctly by doing a netstat -tl to see if mysql is listing to 3306 on "*"

William
  • 16
  • I already flushed my iptables and got locked out of ssh my web server was pretty unresponsive overall (apache) so I couldn't see if mysql was working. Output from `netstat -tl` is in question. – ThomasReggi Jun 28 '12 at 14:37
  • Just flushed and IT WORKED!!! http://serverfault.com/questions/129086/how-to-start-stop-iptables-on-ubuntu#answer-129087. I'm putting up my current `iptables -L` could you tell me a more secure way to enable mysql then having no firewall? – ThomasReggi Jun 28 '12 at 14:46
0

You need to enable it in mysql as well.

For example: USE mysql; SELECT * FROM user; UPDATE user set host ="%" WHERE host='127.0.0.1'; Hope this helps.

alan978
  • 219
  • 1
  • 1