Professional Web Applications Themes

Firewall preventing MySQL access??? - MySQL

I've recently add features to a system by making use of some simple MySQL access routines. It works fine at most test locations, correctly accessing a MySQL database on an internet server. However, at certain test sites, I cannot access the database. We're online, and I can access web files from the program, for example. But when trying to say hello to that MySQL database, the program fails at the "mysql_real_connect" call. The message is "Can't connect to MySQL server", with code "10060" and error "2003". The port is 3306, which is the default for MySQL access. (The problem does ...

  1. #1

    Default Firewall preventing MySQL access???


    I've recently add features to a system by making use of some simple
    MySQL access routines. It works fine at most test locations, correctly
    accessing a MySQL database on an internet server.

    However, at certain test sites, I cannot access the database. We're
    online, and I can access web files from the program, for example. But
    when trying to say hello to that MySQL database, the program fails at
    the "mysql_real_connect" call. The message is "Can't connect to MySQL
    server", with code "10060" and error "2003". The port is 3306, which is
    the default for MySQL access.

    (The problem does not seem unique to MySQL: we're having the same
    problem with PostgreSQL.)

    I've been told by an IT guy at one of these test sites, a very large
    corporation, that their company firewall is probably what is keeping the
    system from accessing that remote database. Sounds plausible, but I
    haven't found much while web searching that explicitly confirms that.
    More to the point, I don't have ANY clues or ideas from anywhere on how
    to resolve this problem at client sites that seem to prohibit MySQL
    access of a remote database.

    Suggestions?

    Confirmation that it's a firewall problem?

    Ideas?

    Encouragement?

    *** THANKS! ***

    Kevin Killion
    Kevin Guest

  2. #2

    Default Re: Firewall preventing MySQL access???

    Kevin Killion wrote: 

    It's difficult to distinguish between "can't connect because firewall is
    blocking port 3306" and "can't connect because MySQL is not running on
    that server, or is running but using a port other than 3306."

    But it is ordinary and appropriate IT policy to block port 3306. So I
    would guess that this is the most likely.

    Have you talked to the IT staff at the site to which you are trying to
    connect? They can confirm the firewall settings on their site with
    greater knowledge than anyone on a newsgroup.

    Regards,
    Bill K.
    Bill Guest

  3. #3

    Default Re: Firewall preventing MySQL access???


     
    >[/ref]

    Bill Karwin said, 


    The MySQL database is on a server on my hosting service.
    The test program *is* able to reach and connect to it from most of my
    test sites -- but NOT from others. So, it looks like the server's
    running fine, and the trouble in on the client end?

    -- Kevin
    Kevin Guest

  4. #4

    Default Re: Firewall preventing MySQL access???

    Kevin Killion wrote: 

    Check for client firewalls on your client hosts. Some firewalls can
    block _outgoing_ connection attempts. This is meant to defeat trojan
    horses and spambots, but it ends up complicating legitimate use of
    networked applications.

    Regards,
    Bill K.
    Bill Guest

  5. #5

    Default Re: Firewall preventing MySQL access???

    >I've recently add features to a system by making use of some simple 

    If you cannot telnet to port 3306 on the server from the client
    machine, you have a problem. If you *CAN* telnet to port 3306 on
    the server (you'll probably get some binary gibberish which is OK,
    but error messages about not being able to connect are not) from
    some other machine (say, the server itself, or a machine on the
    same ethernet cable as the server), then the server is really up.
    At this point, what's different between the two machines? One thing
    is probably the firewall.
     

    More evidence it's a firewall.
     

    Any IT guy who publishes his company firewall rules on the net is just
    begging to get hacked, so he won't do it.
     

    Telnet is your friend.

    Gordon Guest

  6. #6

    Default Re: Firewall preventing MySQL access???

    >The MySQL database is on a server on my hosting service. 

    It's perfectly reasonable to block OUTGOING connections to MySQL
    (port 3306) if there is no reason justified to the IT staff for them.


    Gordon Guest

  7. #7

    Default Re: Firewall preventing MySQL access???

    Gordon Burditt wrote: 

    I agree that telnet is our friend, but I don't think it will give any
    additional information in this case. Telnet to port 3306 will fail to
    connect, which can have any of the same causes as the mysql client
    failing to connect.

    E.g. firewall on server blocking connection, firewall on client blocking
    outgoing connection, MySQL not running on server, MySQL not running on
    port 3306, etc. Could even be firewall port-forwarding at the
    destination site redirecting port 3306 connections to a different server.

    As far as I know, telnet won't give any additional clues to tell which
    of these causes is present.

    Regards,
    Bill K.
    Bill Guest

  8. #8

    Default Re: Firewall preventing MySQL access???

     
    >[/ref]

    Bill Karwin <com> wrote: 


    *** Thanks, Gordon and Bill, for your help!!! ***

    In this case, we know that things seem to be just peachy on the server
    side, since the test program works reliably at several test client
    locations. However, the test fails when trying to connect to the MySQL
    database but only from specific other client test sites. So, it sure
    looks like whatever the problem is, it's at the client side.

    From what you guys are saying, it sounds like blocking of outgoing
    connections is the problem. Given that, are there any tricks I can use
    as workarounds?

    Thanks,
    Kevin
    Kevin Guest

  9. #9

    Default Re: Firewall preventing MySQL access???

    Kevin Killion wrote: 

    It seems likely that you need to configure your client-side firewall to
    permit outgoing connections to port 3306. Most firewall systems have
    some facility for configuring exceptions to the blocking, either on a
    per-port basis or a per-application basis.

    I have no way of guessing what firewall software might be in effect in
    your case. You haven't even said what operating system you're using on
    these clients.

    Anyway, we still haven't _proven_ that it's a client-side firewall
    issue. That's just our best guess given the information you've
    provided. There are certainly network configurations possible that
    would disallow certain hosts from contacting the server.

    I think you need to get IT to help you. It's not a good use of
    newsgroups to troubleshoot your network config, when you have IT staff
    whose job it is to do that.

    Regards,
    Bill K.
    Bill Guest

  10. #10

    Default Re: Firewall preventing MySQL access???

    >> Telnet is your friend. 

    True, but using telnet eliminates such problems as changing the
    default MySQL port on the client side without realizing it, improper
    installation of the MySQL client software, and actually connecting
    to the server socket but the server rejects the connection for some
    reason (such as privilege tables, although MySQL usually gives
    understandable error messages for this), and client vs. server version
    mismatches.
     

    It completely eliminates the MySQL client software (installation
    and/or configuration) from the picture if you get the same failure.
    Also, and I'm sure this is OS-specific, but telnet often seems to
    give better error messages.


    Gordon Guest

  11. #11

    Default Re: Firewall preventing MySQL access???

    Gordon Burditt wrote: 

    Ah, good points! I agree with all that.

    Regards,
    Bill K.
    Bill Guest

Similar Threads

  1. Windows Firewall preventing Contribute from Connecting
    By brownadvertisingdesign in forum Macromedia Contribute General Discussion
    Replies: 1
    Last Post: May 8th, 08:11 PM
  2. Replies: 2
    Last Post: February 10th, 03:14 PM
  3. How to Access Web Service from behind firewall
    By Shaun Miller in forum ASP.NET Web Services
    Replies: 0
    Last Post: September 2nd, 06:34 PM
  4. preventing USB hdd access
    By Geoff C in forum Windows Setup, Administration & Security
    Replies: 0
    Last Post: July 9th, 02:06 AM
  5. Replies: 0
    Last Post: July 8th, 05:07 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139