How to configure Firewall to allow remote access to the mysql server

davidehs · May 31, 2011, 8:33pm

Hi,

I have a server machine that is running SUSE Linux Enterprise Server 11. I set up a mysql server there. Now I want to access this mysql server from my laptop. I used the following command,

> mysql -h 12.246.5.70 -u davidehs -p

I found if the firewall on the server machine is running, I can not connect the mysql server from my laptop. If I stop the firewall first, and the do the connection, I can access the mysql. Do you guys have any idea how to keep the firewall running and allow the remote mysql incoming requests?

Any comments and suggestions are appreciated.

Thanks a lot.

ab · May 31, 2011, 8:56pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MySQL uses, by default, TCP 3306. It may have an option in the Firewall
configuration section of Yast as well to simplify things but otherwise go
to Advanced: TCP and type in 3306.

sudo /sbin/yast firewall

Good luck.

On 05/31/2011 12:36 PM, davidehs wrote:
>
> Hi,
>
> I have a server machine that is running SUSE Linux Enterprise Server
> 11. I set up a mysql server there. Now I want to access this mysql
> server from my laptop. I used the following command,
>
>> mysql -h 12.246.5.70 -u davidehs -p
>
> I found if the firewall on the server machine is running, I can not
> connect the mysql server from my laptop. If I stop the firewall first,
> and the do the connection, I can access the mysql. Do you guys have any
> idea how to keep the firewall running and allow the remote mysql
> incoming requests?
>
> Any comments and suggestions are appreciated.
>
> Thanks a lot.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJN5TnwAAoJEF+XTK08PnB5nRsQAISQH8LOgl/2MTAMQL4rrD97
jqmDX6hyacuxNF4B7faCATeGFTpu8qYXzq4G9q3f+jHmH2Ii88HCI7QjFAGi8bU+
2FdMnIAbRet5xnE+Gr+Z+lkSDP/VMGrD1qwaVPcglw8sl4jKpMhq94bTu6/rRUWk
69PzESWaClBVe4Vz+1NxvOiQFTvRlcGvKRE01YHxxnIJwPpEsFCOUr08QKGZHi12
1EaPYQXVIk7QtX4zQMqeqmMfLv0xjnjj6Qab1YkXYqd6zxWbuC1Amf8aQkr/z6e0
JlxE9PKM3PBQUiQ/WceI8+eCBufca7PGX5KzTlNVTfW2hWXHrbjRCQhXukS3zuOj
jAv57+9GWXadBupwqKaPc9TqDyP1Aho7Vp0UKVBGaNc1wOn6TrAl5KsrR6Glpg7K
uVlkcZ5x7jYexMGsaewxmA8vXV4vudt9Sh9/cmpSciS9aOEPdYHIFSR93HBaxA7v
9fHqv+7A+VOstgMm06YMOi4qHYSJLCPFFm6vOSfj52iiAiKj3IkFJfcRsOJTPczE
WxGluHOs6R5Ns7Y9FQQOQdRQoOnTR793fSGJCrtXEMaw9SU2Ery5HsbwkvPSRSa4
X09tCYZ/j3Dd6gVgX9TkExr87bGMKqYtVZEeX7Fk0jY6TivRDvovpuG0JBEdchw0
wkGOnLapqjq7Sy9CtMK8
=35iu
-----END PGP SIGNATURE-----

hcvv · May 31, 2011, 9:23pm

While the above advice seems sound enough to me, it may be to the point to tell you that we are an openSUSE forums and not a SLES/SLED forums. Sometimes people won’t see that you use SLED/SLES (they even may not even know what it is) and thus give you wrong advice.

SLES/SLED support is here: SUSE Linux Enterprise

davidehs · June 1, 2011, 1:41pm

Hi ab and hccv,

It works. What I did is: open yast–>select http service–>Advanced–> add 3306 to TCP ports box.

Thanks for your suggestions.

Best,

David

vodoo · June 2, 2011, 2:04pm

@davidehs

As long as you are doing this within a LAN you are fine. But when this is an internet connection (firewall port 3306 TCP is opened on the EXTERNAL device) this may be a security leak. In this case you may consider to close the firewall for port 3306 and connect over an SSH tunnel.

Example: MySQL ssh tunnel