Change Default Mysql Port and restrict to IP ?

[fuzioneer]

I have a requirement to connect two servers that are in different Data centres together using MySql

I obviously want to harden down this situation.

My thoughts so far are to do the following if possible:

1. Change MySQL Default port away from 3306
2. Lock down incoming connections on this new port to MySQL to a single IP of the other server
3. Encrypt the information transferred between them

Firstly what impact if any will Cpanel have on any of the above, i.e. does Cpanel require a hard coded 3306 for instance and if i change it will Cpanel updates change it back ?

Anyone else done anything similar who can give advice ?

[cPanelDavidG]

Specifying the MySQL port to use on a remote SQL server is not native functionality to WHM at this time. However, the following slides from a presentation at our 2008 cPanel Conference may be of assistance with regards to how to set this up manually so that you have more fine-grained control over the process, possibly letting you be able to do what you desire:

http://www.cpanel.net/conference/08/...YSQLServer.pdf

[fuzioneer]

thx for the info David

but that looks like a complete integration of two servers

I have some php code on one server that needs to connect to the other mysql server to do a query I dont need any cpanel integration

I do need to know though that if i change the default port that mysql runs on to tighten down security whether or not cpanel will overwrite my changes and if so how can i prevent this ?

[cpanelkenneth]

If you are making your changes to /etc/my.cnf, we won't touch those.

cPanel itself won't be able to access a MySQL server running on a non-standard port, however it sounds from your post that is not the issue.

[brianoz]

I've used CSF in the past for similar restriction. We run with port 3306 as standard but only allow connections from a very small list of manually allowed IPs. Gives me a good sleep at night, knowing we're safe, and hardly anyone needs to connect remotely. Of course, moving the port is also good except that I think MySQL can be readily identified from an exhaustive port scan, if the varmints get really interested.