SOLVED Open port 3306 (without CSF)

[PatrickVeenstra]

I'm trying to connect remotely to my MySQL database, but port 3306 is closed (telnet can't connect). I guess it has something to do with the fact that I used to have CSF, but that isn't installed anymore (since months/years). Obviously I can't modify its configuration / settings.
So installing the software did not undo everything it did.

How can I re-open the MySQL port (or all ports) without CSF?

 

[cPanelLauren]

Hello,

If the port was blocked on the server you'd be able to see it when listing the iptables rules in place. The following will show you the service and port number:

iptables -L -n

You could open the port but I wouldn't recommend opening it, just allowing the IP of the remote server to access. If you're just using iptables (no CSF) you'd need to add something like what is listed in the following:
Iptables. How to open a port to one ore more specific IP

Though you'd change the port number to 3306 and the IP to your remote server's IP address.

Thank you,

 

[PatrickVeenstra]

[email protected] [~]# iptables -I INPUT -p tcp -s <IP-REMOVED> --dport 3306 -j ACCEPT
[[email protected] ~]# telnet <IP-REMOVED> 3306
Trying <IP-REMOVED>...
telnet: connect to address <IP-REMOVED>: Connection refused

 

[cPanelLauren]

it seems as though there's still a block, if you temporarily flush the iptabes rules with:

iptables --flush

are you still unable to connect?

You can reinitialize the rules by restarting iptables without saving in the flushed state.


Thank you,

 

[PatrickVeenstra]

yes I am:

[email protected] [~]# iptables --flush

[[email protected] ~]# telnet <IP-REMOVED> 3306
Trying <IP-REMOVED>...
telnet: connect to address <IP-REMOVED>: Connection refused

 

[cPanelLauren]

This indicates that without any iptables rules in place the connection is still being blocked. That being said I would suggest that you check any hardware devices such as a router that may be connected to the server to ensure that the port is open in both as well. You may also want to contact your provider to ensure that they're not the source as well.


Thank you,

 

[PatrickVeenstra]

Here's the fix, I'm glad I contacted official support at the same time:

# egrep 'bind|port|#skip-ne' /etc/my.cnf
bind-address = 0.0.0.0
port = 3306
#skip-networking

 

[cPanelLauren]

Hello,


Glad they were able to help you find a solution, it's always best if you open a ticket to allow them to look into the issue as it's much easier to identify the issue when you have access to the server and it eliminates any confusion with more than one person attempting to make changes.