How does one go about setting up linux to 'listen' on port 3306 for MyODBC driver traffic coming from my windoze box?

I am trying to connect from a windoze client on my LAN to MySQL
database on my linux box (also on my LAN). It is failing. Testing
telnet 192.168.1.106 3306 from my windoze box to the linux box
fails to connect. I can ping the linux server successfully.

I want to allow 192.168.1.100 access to the linux box over port
3306. But I don't want to cause security concerns. The one and
only windoze box needing to talk to the linux box is 192.168.1.100.

How do I configure linux to allow the connection? And, are there
any gotchas I ought-a-know about?

MLH wrote:

> I am trying to connect from a windoze client on my LAN to MySQL
> database on my linux box (also on my LAN). It is failing. Testing
> telnet 192.168.1.106 3306 from my windoze box to the linux box
> fails to connect. I can ping the linux server successfully.
>
> I want to allow 192.168.1.100 access to the linux box over port
> 3306. But I don't want to cause security concerns. The one and
> only windoze box needing to talk to the linux box is 192.168.1.100.
>
> How do I configure linux to allow the connection? And, are there
> any gotchas I ought-a-know about?

First, are you sure that there is a server listening on that port? Do a
"netstat -an | grep 3306". This is the port used by MySQL? Is that what you
are trying to connect to? Make sure it is running.

Michael

--

"Microsoft isn't evil, they just make really crappy operating systems." -
Linus Torvald

On Sun, 03 Apr 2005 23:55:11 -0700, Michael Pelletier
<mjpelletier@mjpelletier.com> wrote:

>MLH wrote:
>
>> I am trying to connect from a windoze client on my LAN to MySQL
>> database on my linux box (also on my LAN). It is failing. Testing
>> telnet 192.168.1.106 3306 from my windoze box to the linux box
>> fails to connect. I can ping the linux server successfully.
>>
>> I want to allow 192.168.1.100 access to the linux box over port
>> 3306. But I don't want to cause security concerns. The one and
>> only windoze box needing to talk to the linux box is 192.168.1.100.
>>
>> How do I configure linux to allow the connection? And, are there
>> any gotchas I ought-a-know about?
>
>First, are you sure that there is a server listening on that port? Do a
>"netstat -an | grep 3306". This is the port used by MySQL? Is that what you
>are trying to connect to? Make sure it is running.
>
>Michael
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
You were right, Michael...

netstat -tl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 0 appserver.crci.co:mysql *:*
LISTEN
tcp 0 0 *:www *:*
LISTEN
tcp 0 0 *:ssh *:*
LISTEN
tcp 0 0 *:smtp *:*
LISTEN
mlh@appserver credifree $ netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 0 127.0.0.1:3306 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:*
LISTEN

mysql isn't listening to my ethernet interface. I seems its listening
to port 3306 over the linux box's own internal loopback address -
I'm not certain. A couple of files in etc/mysql seem likely places
to make desired change, although I don't know what that change
should be: my.cnf and mysqlaccess.conf.

On Mon, 04 Apr 2005 09:09:44 -0400, MLH mumbled something like this:

> On Sun, 03 Apr 2005 23:55:11 -0700, Michael Pelletier
> <mjpelletier@mjpelletier.com> wrote:
>
>>MLH wrote:
>>
>>> I am trying to connect from a windoze client on my LAN to MySQL
>>> database on my linux box (also on my LAN). It is failing. Testing
>>> telnet 192.168.1.106 3306 from my windoze box to the linux box fails to
>>> connect. I can ping the linux server successfully.
>>>
>>> I want to allow 192.168.1.100 access to the linux box over port 3306.
>>> But I don't want to cause security concerns. The one and only windoze
>>> box needing to talk to the linux box is 192.168.1.100.
>>>
>>> How do I configure linux to allow the connection? And, are there any
>>> gotchas I ought-a-know about?
>>
>>First, are you sure that there is a server listening on that port? Do a
>>"netstat -an | grep 3306". This is the port used by MySQL? Is that what
>>you are trying to connect to? Make sure it is running.
>>
>>Michael
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx You were right, Michael...
>
> netstat -tl
> Active Internet connections (only servers) Proto Recv-Q Send-Q Local
> Address Foreign Address State
> tcp 0 0 appserver.crci.co:mysql *:* LISTEN
> tcp 0 0 *:www *:* LISTEN
> tcp 0 0 *:ssh *:* LISTEN
> tcp 0 0 *:smtp *:* LISTEN
> mlh@appserver credifree $ netstat -ntl Active Internet connections (only
> servers) Proto Recv-Q Send-Q Local Address Foreign Address State
> tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
>
> mysql isn't listening to my ethernet interface.

Then, what is this?:
tcp 0 0 appserver.crci.co:mysql *:* LISTEN

> I seems its listening to
> port 3306 over the linux box's own internal loopback address - I'm not
> certain. A couple of files in etc/mysql seem likely places to make desired
> change, although I don't know what that change should be: my.cnf and
> mysqlaccess.conf.

My personal approach is to err on the side of security and block all
external access to port 3306 with an iptables rule along the lines of:

$IPTABLES -A INPUT -i $EXTERNALIF -p tcp --dport 3306 -j REJECT

Set or replace $IPTABLES and $EXTERNALIF to the appropriate values for
your situation. In my case they are set in my iptables init script:

IPTABLES="/sbin/iptables"
EXTERNALIF="eth1"

HTH
--
Rinso
/\
/ \
/wizz\
~~~~~~~~~~~~

On Mon, 04 Apr 2005 09:09:44 -0400, MLH wrote:

>
> mysql isn't listening to my ethernet interface. I seems its listening
> to port 3306 over the linux box's own internal loopback address -
> I'm not certain. A couple of files in etc/mysql seem likely places
> to make desired change, although I don't know what that change
> should be: my.cnf and mysqlaccess.conf.

Check the cmd line args that are being passed to mysqld. It may be using
the --skip-networking arg, which restricts incoming connections to the
local machine only. man mysqld

On Mon, 04 Apr 2005 16:43:23 -0700, chud <chud@whoknowswhat.domain>
wrote:

>On Mon, 04 Apr 2005 09:09:44 -0400, MLH wrote:
>
>>
>> mysql isn't listening to my ethernet interface. I seems its listening
>> to port 3306 over the linux box's own internal loopback address -
>> I'm not certain. A couple of files in etc/mysql seem likely places
>> to make desired change, although I don't know what that change
>> should be: my.cnf and mysqlaccess.conf.
>
>Check the cmd line args that are being passed to mysqld. It may be using
>the --skip-networking arg, which restricts incoming connections to the
>local machine only. man mysqld

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I understood that until my linux server will respond to a command
like this: telnet 192.168.1.106 3306
I haven't got a snowball's chance of attaching to my mysql
tables on that same linux server. Does that sound right to you?.
It seems logical to me. BTW, my skip-networking arg is set to off.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxx

<snip>

>Then, what is this?:
>tcp 0 0 appserver.crci.co:mysql *:* LISTEN
>

You've got me. I'm not sure what that is. But whatever it is,
it doesn't let telnet to the linux box over 3306...

Welcome to Microsoft Telnet Client

Escape Character is 'CTRL+]'

Microsoft Telnet> open \\192.168.1.106 3306
Connecting To \\192.168.1.106...Could not open connection to the host,
on port 3306: Connect failed

Microsoft Telnet> open 192.168.1.106 3306
Connecting To 192.168.1.106...Could not open connection to the host,
on port 3306: Connect failed
Microsoft Telnet>

<snip>

<snip>

Also worthy of mention is that I cannot telnet to the linux
box over the default telnet port 23 either...

Welcome to Microsoft Telnet Client

Escape Character is 'CTRL+]'

Microsoft Telnet> open 192.168.1.106
Connecting To 192.168.1.106...Could not open connection to the host,
on port 23: Connect failed
Microsoft Telnet> quit

C:\WINDOWS>

This may be a wild shot, but I have a router between my LAN and the
DSL pipe to the InterNET. All of my LAN nodes are connected into
that router. Is it possible that the router is filtering my telnet
requests? Just because ping works between boxes on my LAN
doesn't imply that telnet will get through. I was under the impression
that routers would filter transmissions going through it but not any
destined for local addresses on the same subnet.

MLH wrote:
> This may be a wild shot, but I have a router between my LAN and the
> DSL pipe to the InterNET. All of my LAN nodes are connected into
> that router. Is it possible that the router is filtering my telnet
> requests? Just because ping works between boxes on my LAN
> doesn't imply that telnet will get through. I was under the impression
> that routers would filter transmissions going through it but not any
> destined for local addresses on the same subnet.

A few questions:

Can you connect locally on the Linux box?
From the linux box, do:
telnet 127.0.0.1 3306
and
telnet 192.168.0.106 3306

If both work, the problem is definitely networking/firewalls

Do you have a firewall running on the Linux box? Please post output of
iptables -L

The default iptables setup doesn't let 3306 through, so try

iptables -A INPUT -p tcp -s 192.168.0.100 -m tcp --dport 3306 -j ACCEPT

Last resort, see if the packets from the windoze box get there using
tcpdump or ethereal. That will definitely tell you if the router does
any funnies.

J