Question

Port 3306 Block (Even with ufw allow 3306 and mysql bind-address=*)

I’ve reproduced step by step this guide : https://www.digitalocean.com/community/tutorials/how-to-allow-remote-access-to-mysql

But even after that, my port 3306 is still said as closed.

I’ve did the same thing on a second droplet, and that worked like a charm, whereas they both have really similars environements.

I already know that ssh tunnel is a better solution (in terms of security) but I need to use multiple databases in php files so it’s way too complicated to use multiple tunnels with different db in native language without extensions ect.

I’ve checked my mysql log, no errors. Both conf of mysql in each vps are the exact same. I’m completely lost guys 😭

---
UFW STATUS:

OpenSSH                    ALLOW       Anywhere
Apache Full                ALLOW       Anywhere
Apache                     ALLOW       Anywhere
Postfix                    ALLOW       Anywhere
Dovecot IMAP               ALLOW       Anywhere
Dovecot POP3               ALLOW       Anywhere
Dovecot Secure POP3        ALLOW       Anywhere
Dovecot Secure IMAP        ALLOW       Anywhere
3306/tcp                   ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
Apache Full (v6)           ALLOW       Anywhere (v6)
Postfix (v6)               ALLOW       Anywhere (v6)
Dovecot IMAP (v6)          ALLOW       Anywhere (v6)
Dovecot POP3 (v6)          ALLOW       Anywhere (v6)
Dovecot Secure POP3 (v6)   ALLOW       Anywhere (v6)
Dovecot Secure IMAP (v6)   ALLOW       Anywhere (v6)
3306/tcp (v6)              ALLOW       Anywhere (v6)

---

I’ve tried :

iptables -A INPUT -i enp1s0 -p tcp --destination-port 3306 -j ACCEPT

---

My mysql conf :

#
# The MySQL database server configuration file.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html

# Here is entries for some specific programs
# The following values assume you have at least 32M ram

[mysqld]
#
# * Basic Settings
#
user        = mysql
# pid-file  = /var/run/mysqld/mysqld.pid
# socket    = /var/run/mysqld/mysqld.sock
# port       = 3306
# datadir   = /var/lib/mysql


# If MySQL is running as a replication slave, this should be
# changed. Ref https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_tmpdir
# tmpdir        = /tmp
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = *
mysqlx-bind-address    = *
#
# * Fine Tuning
#
key_buffer_size     = 16M
# max_allowed_packet    = 64M
# thread_stack      = 256K

# thread_cache_size       = -1

# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
myisam-recover-options  = BACKUP

# max_connections        = 151

# table_open_cache       = 4000

#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
#
# Log all queries
# Be aware that this log type is a performance killer.
# general_log_file        = /var/log/mysql/query.log
# general_log             = 1
#
# Error log - should be very few entries.
#
log_error = /var/log/mysql/error.log
#
# Here you can see queries with especially long duration
# slow_query_log        = 1
# slow_query_log_file   = /var/log/mysql/mysql-slow.log
# long_query_time = 2
# log-queries-not-using-indexes
#
# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replication slave, see README.Debian about
#       other settings you may need to change.
# server-id     = 1
# log_bin           = /var/log/mysql/mysql-bin.log
# binlog_expire_logs_seconds    = 2592000
max_binlog_size   = 100M
# binlog_do_db      = include_database_name
# binlog_ignore_db  = include_database_name

-----

Netstat:

netstat -plant | grep 3306

tcp6       0      0 :::33060                :::*                    LISTEN      33071/mysqld
tcp6       0      0 :::3306                 :::*                    LISTEN      33071/mysql

Submit an answer
Answer a question...

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
December 15, 2022

Hi there,

I could suggest chaning the bind-address = * to 0.0.0.0 instead as described in the tutorial:

bind-address            = 0.0.0.0

After the change, restart the MySQL service and give it another try.

If this still does not work, do you by any chance have any other firewalls that might be causing the problem? If you were to try and run telnet your_server_ip 3306 are you able to connect or is it only the PHP script that is failing?

Best,

Bobby