Results 1 to 10 of 10
  1. #1
    Join Date
    Feb 2004
    Location
    Dubai
    Posts
    192

    Question How to connect to mysql even if its internal !?

    Hello,

    I have a Dual Quad Core server, used to host a gaming server. The server OS is windows 2003 64bit.

    MySQL is setup for internal connections due to recent hack attempts. Port 3306 is closed since we do not accept any external connections.

    Now, I dont want to open port 3306 or even make mysql external, but also need mysql server to accept connections from ONE external ip. Can this be done !??

    In other words, I want our site "external ip" to connect to our mysql database and poll some data, to be displayed in public.

    Any advice is appreciated.

  2. #2
    Join Date
    Apr 2005
    Location
    Cochin
    Posts
    2,446
    This is in fact an easy process. All you have to do is block port 3306 using the windows firewall . The internal connections would still work properly
    Sam
    Supportlobby.com - Expertise in Windows/Linux server support, IaaS and PaaS Management
    Spiralbean.com - Custom Software Development
    Email: exec @ activelobby.net | Skype: unni_active

  3. #3
    Join Date
    Feb 2004
    Location
    Dubai
    Posts
    192
    I already have it blocked by windows firewall & MySQL server is set to accept internal connections only.

    So, even if you have the root username and password, you wont be able to connect !

    So mysql server is secured but the problem is, I want it to accept external connections from ONE ip, without opening port 3306 or to resetup mysql to accept external connections.

    I know its a little confusing but when we got hacked and lost the database, it took 2 months to get back on our feets.

  4. #4
    Join Date
    Apr 2005
    Location
    Cochin
    Posts
    2,446
    You can add excpetions to the windows firewall by editing the configuration. Once done, you can also grand privilege to single user from that Ip using your mysql console
    Sam
    Supportlobby.com - Expertise in Windows/Linux server support, IaaS and PaaS Management
    Spiralbean.com - Custom Software Development
    Email: exec @ activelobby.net | Skype: unni_active

  5. #5
    Join Date
    May 2007
    Location
    Chicago
    Posts
    322
    In order to accept a connection from even one outside IP, you'll need to make some opening. If you're really concerned about security, you could setup a VPN connection between your server and the external IP, and use that to tunnel the MySQL connection so that it is connecting on the internal IP address.

    Or alternatively, open up access to just the external IP but use a port other than 3306 - this isn't terribly more secure than using port 3306 but does make it a bit less obvious what you're doing.

  6. #6
    Join Date
    Mar 2004
    Location
    Singapore
    Posts
    6,984
    Just open the Windows Firewall port 3306, you can configure what IP to allow for the port. Open the firewall, click on the Port, Edit->Change Scope.

  7. #7
    Join Date
    Nov 2005
    Location
    Palma de Mallorca, Spain
    Posts
    259
    Use the privilege system in MySQL:

    - Re-Allow external connections to MySQL.
    - Create a privileged mysql user that only works from localhost (so use it from your scripts, etc)
    - Create another privileged mysql user that only works from an external IP... And use it to remotely connect your mysql server.
    - Don't care about attacks since they cannot connect through your external IP...

  8. #8
    Join Date
    Feb 2004
    Location
    Dubai
    Posts
    192
    Thank you all for your help. Now its working and mysql is accepting connections only from our website ip.

    I did not allow mysql to accept external connections. What I did is open port 3306 and configured it to allow our "external" ip only. Then I had to create a new mysql username with our external ip as the "host". Now the all the scripts on my site are working.

    Mysql is still closed to external connections, port 3306 is secured through windows firewall, the new mysql user is for "Read" only

  9. #9
    Join Date
    Nov 2005
    Location
    Palma de Mallorca, Spain
    Posts
    259
    I'm a little confused I thought you were talking about "external" not "local". So you mean that you completely disabled tcp/ip networking on MySQL when saying "closed to external connections"?

  10. #10
    Join Date
    Feb 2004
    Location
    Dubai
    Posts
    192
    Sorry I did not make it clear but yes

    MySQL TCP/IP networking is disabled since I dont need it

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •