MySQL Forums
Forum List  »  Security

Re: Connect to MySQL over the internet
Posted by: Tom Roche
Date: January 15, 2008 08:29AM

Glenn Schworak December 15, 2007 10:13AM
> I am really new to MySQL setup although I have used the database for
> years running queries and such.

Me too, so bear in mind that I Could Be Wrong.

> I have two computers. One is the main server and I used SHIELDS UP!
> to check the ports and 3306 is responding as OPEN. The other is at
> another office and I simply want to use SQL.EXE to reach accross the
> internet to the main server.

I also

* have never used "SHIELDS UP!", so I don't know how in/correct it is

* have mysql.exe on my winXP box, not "SQL.EXE"

> The error I get is...
> ERROR 2003: Can't connect to MySQL server on 'XXXXXXXXX.com' (10051)

> I am sure it is a matter of the server simply ignoring my queries
> because the port is open and when I connect on another computer
> within the same network as the main server everything works fine.

But is there anything between the two networks (the other office and
the main server) that's blocking the port? E.g. a company firewall or
your ISP? That's my suspicion.

Here's 2 things you can do to check. One is easy, but is just
diagnostic: i.e. it probably won't work, but at least allows you to
prove you were using the correct parameters. The other is harder, and
requires SSH. This is easy to get/install for linux, but harder for
windows. FWIW on windows I get SSH and lots more useful tools from
Cygwin

http://cygwin.com/

Note that I use an SSH tunnel like that below to allow myself
circumvent a firewall that I put in place *deliberately* to block
port=3306, which is insecure. With the SSH tunnel, your data is
encrypted, but using port=3306 directly, your data is in the clear!

0 This probably won't make a difference, but: be sure you're
specifying everything explicitly. Try

mysql -h <FQ path to MySQL server/> -u <username/> -p <password/> -P 3306

from the remote site. JIC there's a DNS problem, you can also try

mysql -h <IP# of server/> -u <username/> -p <password/> -P 3306

1 I suspect something is blocking 3306. Hopefully it is not also
blocking port=22 (SSH), and hopefully you also have SSH access to
(and a shell account on) the MySQL server. If so, try (from the
remote site)

ssh <shell account/>@<FQ path to MySQL server/>

where <shell account/> may not be the same as your MySQL account. If
that works, from the resulting shell try

mysql -h localhost -u <username/> -p <password/> -P 3306

or

mysql -h 127.0.0.1 -u <username/> -p <password/> -P 3306

using your MySQL credentials. If those both work, then you should be
able to setup an SSH tunnel from your remote site. Try

ssh -fNL 3306:localhost:3306 <shell account/>@<FQ path to server/>

from the remote site, or

ssh -fNL 3306:127.0.0.1:3306 <shell account/>@<FQ path to server/>

Note that, in either case,

* the tunnel endpoint must be specified relative to the location into
which you are SSHing. In this case, you are using SSH to tunnel from
the box you're on (at the remote office), which is localhost
relative to you, to the MySQL server, and you want to pass traffic
for port=3306 on the box you're on to port=3306 on the MySQL server
... which is localhost relative to itself :-)

* you will not get a shell prompt after setting up the tunnel (though
you should get an error if it fails)

If you don't get an error, try using the tunnel from the remote
site. I.e. from a shell on the remote site, do

mysql -h localhost -u <username/> -p <password/> -P 3306

or

mysql -h 127.0.0.1 -u <username/> -p <password/> -P 3306

using your MySQL credentials.

HTH.

Options: ReplyQuote


Subject
Views
Written By
Posted
8379
December 15, 2007 10:13AM
Re: Connect to MySQL over the internet
26902
January 15, 2008 08:29AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.