-4

I am try to set up mysql remotely. I have followed a number of guides such as this, and I have ended up using nmap to see what ports are open.

When I am on my laptop, nmap -P0 <server> gives:

Nmap scan report for <> (ip.address.here)
Host is up (0.054s latency).
Not shown: 997 filtered ports
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https

So it doesn't show port 3306 being open.

However on my server (Ubuntu 14.04), if I run nmap -P0 localhost I get the following:

Nmap scan report for localhost (127.0.0.1)
Host is up (0.00064s latency).
Not shown: 995 closed ports
PORT    STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
443/tcp  open  https
3306/tcp open  mysql

Which implies that the port is open as it should be. What could be causing the discrepancy? (Admittedly this is my first time using nmap). Is this the reason I can't connect to my mysql server?

Additionally, from my laptop (windows using linux subsystem) telnet <host> 3306 gives an error saying that the remote resource is not available.

k4kuz0
  • 93
  • 1
  • 2
    It means that the service is listening on the loopback interface only. You need to make it listen to the interface you are actually planning to use. – Jenny D Dec 13 '17 at 10:34

1 Answers1

1

The nmap report on your laptop includes the line:

Not shown: 997 filtered ports

Here, filtered indicates that there’s a firewall blocking access to all ports other than 22, 80 and 443. This contrasts with the output from nmap when run on the server itself:

Not shown: 995 closed ports

In this case, closed simply means that no process is listening on the 995 tested ports.

The firewall could be running on the server itself (if running on a GNU/Linux system, this can be checked by running iptables -L) or it could be running on some intermediate gateway.

If you require external access to MySQL, you would need to configure the firewall to also allow external access to Port 3306. I would also recommend that you configure it to allow access only from your own IP address – or that of your ISP’s autonomous system (AS).

Anthony Geoghegan
  • 2,800
  • 1
  • 23
  • 34
  • How do I check whether or not there's a firewall running on the server? The server isn't running selinux for example – k4kuz0 Dec 13 '17 at 10:20
  • The server is run as an Azure virtual machine (an older version). I have perused the options available on Azure and can't see anything that suggests they are blocking specific ports. – k4kuz0 Dec 13 '17 at 10:21
  • [Here's](https://pastebin.com/8yvuJM8F) the output of `iptables -L`. Does anything look fishy there? I can't see anything that would imply the port is blocked, but I'm not sure. – k4kuz0 Dec 13 '17 at 10:43
  • I'm guessing you're running some distribution of GNU/Linux so I've updated my answer to show how you might check if Netfilter is being used to block traffic. I have no familiarity with Azure but that would be a different question. – Anthony Geoghegan Dec 13 '17 at 10:44