REstricting MySQL access to port 3306
Some months a back I had to firewall port 3306 due to DDoS. I cannot do this now as a client needs 3306 outside the LAN. What can I do to prevent DDoS on my MySQL server? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! For the latest World News go to http://www.cuttingedge.org/ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
RE: REstricting MySQL access to port 3306
I don't think there's anything specific to MySQL but for any system you should ensure you have a good well configured firewall set up, make sure antivirus software is installed and kept up to date, ensure programs only run with essential permissions and keep your system up to date with all the latest security patches. This applies to windows AND Linux systems. You can reduce your exposure to SYN attacks by blocking all incoming packets from bad external IP addresses 10.0.0.0 to 10.255.255.255, 127.0.0.0 to 127.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255 as well as all internal addresses. Brute force attack exposure can be reduced by setting your router to ignore broadcast addressing and setting your firewall to ignore ICMP requests, how you do this will depend on your router/firewall. You should also block all non-service UDP service requests for your network. Programs that need UDP will still work. It's also worth making regular visits to a site such as http://staff.washington.edu/dittrich/misc/ddos/ to find out what's new in DDOS. Being well informed is half the battle! Regards John Daisley MySQL Cognos Contractor Certified MySQL 5 Database Administrator (CMDBA) Certified MySQL 5 Developer (CMDEV) IBM Cognos BI Developer Telephone +44 (0)7812 451238 Email j...@butterflysystems.co.uk -Original Message- From: The Doctor [mailto:doc...@doctor.nl2k.ab.ca] Sent: 24 September 2009 07:38 To: mysql@lists.mysql.com Subject: REstricting MySQL access to port 3306 Some months a back I had to firewall port 3306 due to DDoS. I cannot do this now as a client needs 3306 outside the LAN. What can I do to prevent DDoS on my MySQL server? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! For the latest World News go to http://www.cuttingedge.org/ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql?unsub=john.dais...@butterflysystems.co.uk No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.409 / Virus Database: 270.13.112/2390 - Release Date: 09/23/09 05:52:00 -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: REstricting MySQL access to port 3306
If just view people can access MySQL in port 3306 you can set in firewall to not accessible from all host except the host which you list. If very wide people need the MySQL, like in hosting provider, I think you can use application which make people can manage MySQL via server such as PHPMyAdmin, and you can close MySQL to access from outside the LAN. cmiiw. On Thu, Sep 24, 2009 at 3:07 PM, John j...@butterflysystems.co.uk wrote: I don't think there's anything specific to MySQL but for any system you should ensure you have a good well configured firewall set up, make sure antivirus software is installed and kept up to date, ensure programs only run with essential permissions and keep your system up to date with all the latest security patches. This applies to windows AND Linux systems. You can reduce your exposure to SYN attacks by blocking all incoming packets from bad external IP addresses 10.0.0.0 to 10.255.255.255, 127.0.0.0 to 127.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255 as well as all internal addresses. Brute force attack exposure can be reduced by setting your router to ignore broadcast addressing and setting your firewall to ignore ICMP requests, how you do this will depend on your router/firewall. You should also block all non-service UDP service requests for your network. Programs that need UDP will still work. It's also worth making regular visits to a site such as http://staff.washington.edu/dittrich/misc/ddos/ to find out what's new in DDOS. Being well informed is half the battle! Regards John Daisley MySQL Cognos Contractor Certified MySQL 5 Database Administrator (CMDBA) Certified MySQL 5 Developer (CMDEV) IBM Cognos BI Developer Telephone +44 (0)7812 451238 Email j...@butterflysystems.co.uk -Original Message- From: The Doctor [mailto:doc...@doctor.nl2k.ab.ca] Sent: 24 September 2009 07:38 To: mysql@lists.mysql.com Subject: REstricting MySQL access to port 3306 Some months a back I had to firewall port 3306 due to DDoS. I cannot do this now as a client needs 3306 outside the LAN. What can I do to prevent DDoS on my MySQL server? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! For the latest World News go to http://www.cuttingedge.org/ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql?unsub=john.dais...@butterflysystems.co.uk No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.409 / Virus Database: 270.13.112/2390 - Release Date: 09/23/09 05:52:00 -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=msub...@gmail.com -- Muhammad Subair
RE: REstricting MySQL access to port 3306
Limit connection from trusted host will reduce it. And its better handled by firewall . Willy Sent from my Sony Ericsson XPERIA X1. -Original Message- From: John j...@butterflysystems.co.uk Sent: 24 September 2009 15:07 To: 'The Doctor' doc...@doctor.nl2k.ab.ca; mysql@lists.mysql.com Subject: RE: REstricting MySQL access to port 3306 I don't think there's anything specific to MySQL but for any system you should ensure you have a good well configured firewall set up, make sure antivirus software is installed and kept up to date, ensure programs only run with essential permissions and keep your system up to date with all the latest security patches. This applies to windows AND Linux systems. You can reduce your exposure to SYN attacks by blocking all incoming packets from bad external IP addresses 10.0.0.0 to 10.255.255.255, 127.0.0.0 to 127.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255 as well as all internal addresses. Brute force attack exposure can be reduced by setting your router to ignore broadcast addressing and setting your firewall to ignore ICMP requests, how you do this will depend on your router/firewall. You should also block all non-service UDP service requests for your network. Programs that need UDP will still work. It's also worth making regular visits to a site such as http://staff.washington.edu/dittrich/misc/ddos/ to find out what's new in DDOS. Being well informed is half the battle! Regards John Daisley MySQL Cognos Contractor Certified MySQL 5 Database Administrator (CMDBA) Certified MySQL 5 Developer (CMDEV) IBM Cognos BI Developer Telephone +44 (0)7812 451238 Email j...@butterflysystems.co.uk -Original Message- From: The Doctor [mailto:doc...@doctor.nl2k.ab.ca] Sent: 24 September 2009 07:38 To: mysql@lists.mysql.com Subject: REstricting MySQL access to port 3306 Some months a back I had to firewall port 3306 due to DDoS. I cannot do this now as a client needs 3306 outside the LAN. What can I do to prevent DDoS on my MySQL server? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! For the latest World News go to http://www.cuttingedge.org/ -- MySQL General Mailing List For list archives: http:/ [The entire original message is not included] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: REstricting MySQL access to port 3306
and in case it is feasible use a custom port to prevent specific attacks to mysql. All clients and application servers will need to connect to the new port. Claudio 2009/9/24 Willy sangpr...@gmail.com Limit connection from trusted host will reduce it. And its better handled by firewall . Willy Sent from my Sony Ericsson XPERIA™ X1. -Original Message- From: John j...@butterflysystems.co.uk Sent: 24 September 2009 15:07 To: 'The Doctor' doc...@doctor.nl2k.ab.ca; mysql@lists.mysql.com Subject: RE: REstricting MySQL access to port 3306 I don't think there's anything specific to MySQL but for any system you should ensure you have a good well configured firewall set up, make sure antivirus software is installed and kept up to date, ensure programs only run with essential permissions and keep your system up to date with all the latest security patches. This applies to windows AND Linux systems. You can reduce your exposure to SYN attacks by blocking all incoming packets from bad external IP addresses 10.0.0.0 to 10.255.255.255, 127.0.0.0 to 127.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255 as well as all internal addresses. Brute force attack exposure can be reduced by setting your router to ignore broadcast addressing and setting your firewall to ignore ICMP requests, how you do this will depend on your router/firewall. You should also block all non-service UDP service requests for your network. Programs that need UDP will still work. It's also worth making regular visits to a site such as http://staff.washington.edu/dittrich/misc/ddos/ to find out what's new in DDOS. Being well informed is half the battle! Regards John Daisley MySQL Cognos Contractor Certified MySQL 5 Database Administrator (CMDBA) Certified MySQL 5 Developer (CMDEV) IBM Cognos BI Developer Telephone +44 (0)7812 451238 Email j...@butterflysystems.co.uk -Original Message- From: The Doctor [mailto:doc...@doctor.nl2k.ab.ca] Sent: 24 September 2009 07:38 To: mysql@lists.mysql.com Subject: REstricting MySQL access to port 3306 Some months a back I had to firewall port 3306 due to DDoS. I cannot do this now as a client needs 3306 outside the LAN. What can I do to prevent DDoS on my MySQL server? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! For the latest World News go to http://www.cuttingedge.org/ -- MySQL General Mailing List For list archives: http:/ [The entire original message is not included] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql?unsub=claudio.na...@gmail.com -- Claudio
Re: REstricting MySQL access to port 3306
The 'recent' module in iptables allows you to automatically block IPs that open more than x connections in y seconds. As long as the ddos doesn't saturate your line, that'll help a lot. On Thu, Sep 24, 2009 at 10:56 AM, Claudio Nanni claudio.na...@gmail.comwrote: and in case it is feasible use a custom port to prevent specific attacks to mysql. All clients and application servers will need to connect to the new port. Claudio 2009/9/24 Willy sangpr...@gmail.com Limit connection from trusted host will reduce it. And its better handled by firewall . Willy Sent from my Sony Ericsson XPERIA™ X1. -Original Message- From: John j...@butterflysystems.co.uk Sent: 24 September 2009 15:07 To: 'The Doctor' doc...@doctor.nl2k.ab.ca; mysql@lists.mysql.com Subject: RE: REstricting MySQL access to port 3306 I don't think there's anything specific to MySQL but for any system you should ensure you have a good well configured firewall set up, make sure antivirus software is installed and kept up to date, ensure programs only run with essential permissions and keep your system up to date with all the latest security patches. This applies to windows AND Linux systems. You can reduce your exposure to SYN attacks by blocking all incoming packets from bad external IP addresses 10.0.0.0 to 10.255.255.255, 127.0.0.0 to 127.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255 as well as all internal addresses. Brute force attack exposure can be reduced by setting your router to ignore broadcast addressing and setting your firewall to ignore ICMP requests, how you do this will depend on your router/firewall. You should also block all non-service UDP service requests for your network. Programs that need UDP will still work. It's also worth making regular visits to a site such as http://staff.washington.edu/dittrich/misc/ddos/ to find out what's new in DDOS. Being well informed is half the battle! Regards John Daisley MySQL Cognos Contractor Certified MySQL 5 Database Administrator (CMDBA) Certified MySQL 5 Developer (CMDEV) IBM Cognos BI Developer Telephone +44 (0)7812 451238 Email j...@butterflysystems.co.uk -Original Message- From: The Doctor [mailto:doc...@doctor.nl2k.ab.ca] Sent: 24 September 2009 07:38 To: mysql@lists.mysql.com Subject: REstricting MySQL access to port 3306 Some months a back I had to firewall port 3306 due to DDoS. I cannot do this now as a client needs 3306 outside the LAN. What can I do to prevent DDoS on my MySQL server? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! For the latest World News go to http://www.cuttingedge.org/ -- MySQL General Mailing List For list archives: http:/ [The entire original message is not included] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql?unsub=claudio.na...@gmail.com -- Claudio -- That which does not kill you was simply not permitted to do so for the purposes of the plot.
Re: MySQL give me the following error:Do you already have another mysqld server running on port: 3306 ?
try this command to shutdown mysql mysqladmin --host=abc --password shutdown On 12/9/07, peri [EMAIL PROTECTED] wrote: Hi, I installed MysqL 4.1.22 on windows vista. When I try to run any command in Mysql/MySQL server 4.1/bin path it gives me the following error : C:\Program Files\MySQL\MySQL Server 4.1\binmysqld-max-nt --standalone Can't start server: Bind on TCP/IP port: Invalid argument 071207 22:50:57 [ERROR] Do you already have another mysqld server running on port: 3306 ? 071207 22:50:57 [ERROR] Aborting 071207 22:50:57 [Note] mysqld-max-nt: Shutdown complete Also when I try to run mysqladmin shutdown command it gives me the following error C:\Program Files\MySQL\MySQL Server 4.1\binmysqladmin shutdown mysqladmin: connect to server at 'localhost' failed error: 'Access denied for user 'ODBC'@'localhost' (using password: NO)' I cannot run any command on mysql. Can anyone help me on this issue? How can I solve this problem Thank you Perihan -- View this message in context: http://www.nabble.com/MySQL-give-me-the-following-error%3ADo-you-already-have-another-mysqld-server-running-on-port%3A-3306---tp14236918p14236918.html Sent from the MySQL - General mailing list archive at Nabble.com. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
MySQL give me the following error:Do you already have another mysqld server running on port: 3306 ?
Hi, I installed MysqL 4.1.22 on windows vista. When I try to run any command in Mysql/MySQL server 4.1/bin path it gives me the following error : C:\Program Files\MySQL\MySQL Server 4.1\binmysqld-max-nt --standalone Can't start server: Bind on TCP/IP port: Invalid argument 071207 22:50:57 [ERROR] Do you already have another mysqld server running on port: 3306 ? 071207 22:50:57 [ERROR] Aborting 071207 22:50:57 [Note] mysqld-max-nt: Shutdown complete Also when I try to run mysqladmin shutdown command it gives me the following error C:\Program Files\MySQL\MySQL Server 4.1\binmysqladmin shutdown mysqladmin: connect to server at 'localhost' failed error: 'Access denied for user 'ODBC'@'localhost' (using password: NO)' I cannot run any command on mysql. Can anyone help me on this issue? How can I solve this problem Thank you Perihan -- View this message in context: http://www.nabble.com/MySQL-give-me-the-following-error%3ADo-you-already-have-another-mysqld-server-running-on-port%3A-3306---tp14236918p14236918.html Sent from the MySQL - General mailing list archive at Nabble.com. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
RE: secure port 3306
Thank You so much. I will have to try this later today. I have never done a port forward in iptables before. I knew that I could, but just never had a need or tried so it slipped my mind about this. The thing is...I need to securely do this. Here would be the setup Desktop - Secure connection to Server 1 - Secure connection to Server 2. So I am assuming that what I need to do is to have the Desktop SSH into Server 1 which will have the iptables setup to tunnel to Server 2 and then use a tunnel from Secure CRT (or putty) to tunnel all the way to Server 2 through Server 1? Server one can only be accessed with SSH from Server 1. Again, Thank You. Steve On linux, one could do a port forward: EXTIF=eth0 # Or whatever the interface that faces internet is called. iptables -A FORWARD -i $EXTIF -p tcp -s client-ip --dport 3306 -j ACCEPT iptables -A PREROUTING -t nat -p tcp -s client-ip \ -d linux-fw-ip --dport 3306 -j DNAT --to internal-ip:3306 On Wed, May 2, 2007 17:03, Steven Buehler wrote: I have a client that needs to be able to remotely connect to port 3306 securely. I have tried to suggest an SSH Tunnel, but they do not want their clients to have SSH access. Another problem is that even if we do tunnel, it needs to go thru one server that is connected to the Internet and into the MySQL server which is NOT accessible from the Internet. Any suggestions? Thanks Steve -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=1 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: secure port 3306
On 5/7/07, Steven Buehler [EMAIL PROTECTED] wrote: Thank You so much. I will have to try this later today. I have never done a port forward in iptables before. I knew that I could, but just never had a need or tried so it slipped my mind about this. The thing is...I need to securely do this. Here would be the setup Desktop - Secure connection to Server 1 - Secure connection to Server 2. So I am assuming that what I need to do is to have the Desktop SSH into Server 1 which will have the iptables setup to tunnel to Server 2 and then use a tunnel from Secure CRT (or putty) to tunnel all the way to Server 2 through Server 1? Server one can only be accessed with SSH from Server 1. Again, Thank You. Steve You can forward a port on your local computer, through server1 to server2 using ssh tunnelling. ssh -L 3306:server2_ip_address:3306 [EMAIL PROTECTED] now you can point your sql client to localhost 3306 and it will then be transported across your ssh session to server1. Once it gets to server1 then server1 will forward that traffic to server2 on port 3306. putty, a well known windows based ssh client can do this under Connection SSH Tunnels. Source Port is the Port on the local machine that will be forwarded across the ssh connection. Destination is the IP:Port to where the tunneled traffic is delivered. Choose Local as the type of tunnel and do not forget to click the Add button to add the tunnel to the ssh connection you are configuring.
RE: secure port 3306
On Mon, May 7, 2007 17:40, Steven Buehler wrote: The thing is...I need to securely do this. Here would be the setup Desktop - Secure connection to Server 1 - Secure connection to Server 2. So I am assuming that what I need to do is to have the Desktop SSH into Server 1 which will have the iptables setup to tunnel to Server 2 and then use a tunnel from Secure CRT (or putty) to tunnel all the way to Server 2 through Server 1? Server one can only be accessed with SSH from Server 1. The only reason for the need for ssh-tunnel would be to eliminate the risk of somebody sniffing between desktop - server-1. This iptables rule allow only access from one ip-address (desktop). On linux, one could do a port forward: EXTIF=eth0 # Or whatever the interface that faces internet is called. iptables -A FORWARD -i $EXTIF -p tcp -s client-ip --dport 3306 -j ACCEPT iptables -A PREROUTING -t nat -p tcp -s client-ip \ -d linux-fw-ip --dport 3306 -j DNAT --to internal-ip:3306 On Wed, May 2, 2007 17:03, Steven Buehler wrote: I have a client that needs to be able to remotely connect to port 3306 securely. I have tried to suggest an SSH Tunnel, but they do not want their clients to have SSH access. Another problem is that even if we do tunnel, it needs to go thru one server that is connected to the Internet and into the MySQL server which is NOT accessible from the Internet. Any suggestions? Thanks Steve -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=1 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
RE: secure port 3306
But I also need to make sure that nobody is sniffing between Server-1 and Server-2. Steve -Original Message- From: Mogens Melander [mailto:[EMAIL PROTECTED] Sent: Monday, May 07, 2007 1:35 PM To: Steven Buehler Cc: mysql@lists.mysql.com Subject: RE: secure port 3306 On Mon, May 7, 2007 17:40, Steven Buehler wrote: The thing is...I need to securely do this. Here would be the setup Desktop - Secure connection to Server 1 - Secure connection to Server 2. So I am assuming that what I need to do is to have the Desktop SSH into Server 1 which will have the iptables setup to tunnel to Server 2 and then use a tunnel from Secure CRT (or putty) to tunnel all the way to Server 2 through Server 1? Server one can only be accessed with SSH from Server 1. The only reason for the need for ssh-tunnel would be to eliminate the risk of somebody sniffing between desktop - server-1. This iptables rule allow only access from one ip-address (desktop). On linux, one could do a port forward: EXTIF=eth0 # Or whatever the interface that faces internet is called. iptables -A FORWARD -i $EXTIF -p tcp -s client-ip --dport 3306 -j ACCEPT iptables -A PREROUTING -t nat -p tcp -s client-ip \ -d linux-fw-ip --dport 3306 -j DNAT --to internal-ip:3306 On Wed, May 2, 2007 17:03, Steven Buehler wrote: I have a client that needs to be able to remotely connect to port 3306 securely. I have tried to suggest an SSH Tunnel, but they do not want their clients to have SSH access. Another problem is that even if we do tunnel, it needs to go thru one server that is connected to the Internet and into the MySQL server which is NOT accessible from the Internet. Any suggestions? Thanks Steve -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=1 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
RE: secure port 3306
Well, i that case you can forward the tunnel (port 22) directly from server-1 to server-2, so when you tunnel from client to server-1, you get forwarded to server-2. On Mon, May 7, 2007 21:41, Steven Buehler wrote: But I also need to make sure that nobody is sniffing between Server-1 and Server-2. Steve -Original Message- From: Mogens Melander [mailto:[EMAIL PROTECTED] Sent: Monday, May 07, 2007 1:35 PM To: Steven Buehler Cc: mysql@lists.mysql.com Subject: RE: secure port 3306 On Mon, May 7, 2007 17:40, Steven Buehler wrote: The thing is...I need to securely do this. Here would be the setup Desktop - Secure connection to Server 1 - Secure connection to Server 2. So I am assuming that what I need to do is to have the Desktop SSH into Server 1 which will have the iptables setup to tunnel to Server 2 and then use a tunnel from Secure CRT (or putty) to tunnel all the way to Server 2 through Server 1? Server one can only be accessed with SSH from Server 1. The only reason for the need for ssh-tunnel would be to eliminate the risk of somebody sniffing between desktop - server-1. This iptables rule allow only access from one ip-address (desktop). On linux, one could do a port forward: EXTIF=eth0 # Or whatever the interface that faces internet is called. iptables -A FORWARD -i $EXTIF -p tcp -s client-ip --dport 3306 -j ACCEPT iptables -A PREROUTING -t nat -p tcp -s client-ip \ -d linux-fw-ip --dport 3306 -j DNAT --to internal-ip:3306 On Wed, May 2, 2007 17:03, Steven Buehler wrote: I have a client that needs to be able to remotely connect to port 3306 securely. I have tried to suggest an SSH Tunnel, but they do not want their clients to have SSH access. Another problem is that even if we do tunnel, it needs to go thru one server that is connected to the Internet and into the MySQL server which is NOT accessible from the Internet. Any suggestions? Thanks Steve -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=1 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
RE: secure port 3306
Thank You so much. I will have to try this later today. I have never done a port forward in iptables before. I knew that I could, but just never had a need or tried so it slipped my mind about this. Again, Thank You. Steve On linux, one could do a port forward: EXTIF=eth0 # Or whatever the interface that faces internet is called. iptables -A FORWARD -i $EXTIF -p tcp -s client-ip --dport 3306 -j ACCEPT iptables -A PREROUTING -t nat -p tcp -s client-ip \ -d linux-fw-ip --dport 3306 -j DNAT --to internal-ip:3306 On Wed, May 2, 2007 17:03, Steven Buehler wrote: I have a client that needs to be able to remotely connect to port 3306 securely. I have tried to suggest an SSH Tunnel, but they do not want their clients to have SSH access. Another problem is that even if we do tunnel, it needs to go thru one server that is connected to the Internet and into the MySQL server which is NOT accessible from the Internet. Any suggestions? Thanks Steve -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=1 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
secure port 3306
I have a client that needs to be able to remotely connect to port 3306 securely. I have tried to suggest an SSH Tunnel, but they do not want their clients to have SSH access. Another problem is that even if we do tunnel, it needs to go thru one server that is connected to the Internet and into the MySQL server which is NOT accessible from the Internet. Any suggestions? Thanks Steve -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
RE: secure port 3306
[snip] I have a client that needs to be able to remotely connect to port 3306 securely. I have tried to suggest an SSH Tunnel, but they do not want their clients to have SSH access. Another problem is that even if we do tunnel, it needs to go thru one server that is connected to the Internet and into the MySQL server which is NOT accessible from the Internet. Any suggestions? [/snip] IPSec tunnel -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: secure port 3306
On linux, one could do a port forward: EXTIF=eth0 # Or whatever the interface that faces internet is called. iptables -A FORWARD -i $EXTIF -p tcp -s client-ip --dport 3306 -j ACCEPT iptables -A PREROUTING -t nat -p tcp -s client-ip \ -d linux-fw-ip --dport 3306 -j DNAT --to internal-ip:3306 On Wed, May 2, 2007 17:03, Steven Buehler wrote: I have a client that needs to be able to remotely connect to port 3306 securely. I have tried to suggest an SSH Tunnel, but they do not want their clients to have SSH access. Another problem is that even if we do tunnel, it needs to go thru one server that is connected to the Internet and into the MySQL server which is NOT accessible from the Internet. Any suggestions? Thanks Steve -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: restricting port 3306 connections to localhost
Joseph Bueno wrote something about SQL: You can also restrict port 3306 to localhost with : bind-address = 127.0.0.1 in /etc/my.cnf Or even: iptables -A INPUT -s 127.0.0.1 --dport 3306 -j ACCEPT iptables -A INPUT --dport 3306 -j DROP -- Michael T. Babcock C.T.O., FibreSpeed Ltd. http://www.fibrespeed.net/~mbabcock - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: restricting port 3306 connections to localhost
Hello, Turns out that it is an issue that Red Hat has bugzilla 75128. I included my remote windows 2k into the etc/hosts of the red hat 8.0 and all is working now. Thanks, Tom Morgan -Original Message- From: Michael T. Babcock [mailto:mbabcock;fibrespeed.net] Sent: Friday, November 15, 2002 10:47 AM To: '[EMAIL PROTECTED]' Subject: Re: restricting port 3306 connections to localhost Joseph Bueno wrote something about SQL: You can also restrict port 3306 to localhost with : bind-address = 127.0.0.1 in /etc/my.cnf Or even: iptables -A INPUT -s 127.0.0.1 --dport 3306 -j ACCEPT iptables -A INPUT --dport 3306 -j DROP -- Michael T. Babcock C.T.O., FibreSpeed Ltd. http://www.fibrespeed.net/~mbabcock - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Port 3306 restricted to IP addresses
For the inbound connection on port 3306 of MySQL Server, how do I restrict the connection to some IP addresses something like 1.2.3.* What do I need to do in my.cnf file? Thanks in advance. NOBBY - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Port 3306 restricted to IP addresses
On Thu, 4 Apr 2002 16:23:09 +0600 Tshering Norbu [EMAIL PROTECTED] wrote: For the inbound connection on port 3306 of MySQL Server, how do I restrict the connection to some IP addresses something like 1.2.3.* What do I need to do in my.cnf file? Thanks in advance. you are playing with database name mysql ... for standard access you can only use table user, or if you want to go further ... use table db, host, etc ... -- How should I know if it works? That's what beta testers are for. I only coded it. -- Attributed to Linus Torvalds, somewhere in a posting - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Port 3306 restricted to IP addresses
* Tshering Norbu For the inbound connection on port 3306 of MySQL Server, how do I restrict the connection to some IP addresses something like 1.2.3.* What do I need to do in my.cnf file? Nothing, this is done from the client. URL: http://www.mysql.com/doc/G/R/GRANT.html -- Roger - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Port 3306 restricted to IP addresses
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At Donnerstag, 4. April 2002 12:23 Tshering Norbu wrote: For the inbound connection on port 3306 of MySQL Server, how do I restrict the connection to some IP addresses something like 1.2.3.* What do I need to do in my.cnf file? I let the firewall do that kind of restrictions. - -- Michael Zimmermann (Vegaa Safety and Security for Internet Services) [EMAIL PROTECTED] phone +49 89 6283 7632hotline +49 163 823 1195 Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8rFZH72vu22ltWBERAnojAKCFZMYbUGcp/0dQz3gJbsoHKc9xeACdFoAZ GGT4fn5G1hD+qmaEZx1+Mf4= =pmYD -END PGP SIGNATURE- - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Port 3306 restricted to IP addresses
Firewall isn't good enough (who else is inside your firewall, likely the entire hosting company or internal corporate network). The user table has a host column that I use. Also, you can enable ipfw or some other local firewall on the host itself if you are very serious. -Original Message- From: Michael Zimmermann [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 04, 2002 8:34 AM To: Tshering Norbu; [EMAIL PROTECTED] Subject: Re: Port 3306 restricted to IP addresses -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At Donnerstag, 4. April 2002 12:23 Tshering Norbu wrote: For the inbound connection on port 3306 of MySQL Server, how do I restrict the connection to some IP addresses something like 1.2.3.* What do I need to do in my.cnf file? I let the firewall do that kind of restrictions. - -- Michael Zimmermann (Vegaa Safety and Security for Internet Services) [EMAIL PROTECTED] phone +49 89 6283 7632hotline +49 163 823 1195 Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8rFZH72vu22ltWBERAnojAKCFZMYbUGcp/0dQz3gJbsoHKc9xeACdFoAZ GGT4fn5G1hD+qmaEZx1+Mf4= =pmYD -END PGP SIGNATURE- - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Port 3306 restricted to IP addresses
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At Donnerstag, 4. April 2002 21:24 adam nelson wrote: Firewall isn't good enough (who else is inside your firewall, likely the entire hosting company or internal corporate network). The user table has a host column that I use. Also, you can enable ipfw or some other local firewall on the host itself if you are very serious. Yes, I was sloppy in my language. I meant local packet filters to allow the mysql-port for certain IPs only, sure. Greetings - -- Michael Zimmermann (Vegaa Safety and Security for Internet Services) [EMAIL PROTECTED] phone +49 89 6283 7632hotline +49 163 823 1195 Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8rOI872vu22ltWBERAt09AJ9blFizh+Z2Vxz+DKcJjK+Flb3T/wCfdmGQ bqef47cdtlaw28l00iDflGc= =uxwr -END PGP SIGNATURE- - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Port 3306
On Mon, 5 Feb 2001 [EMAIL PROTECTED] wrote: Date: Mon, 5 Feb 2001 13:11:51 -0800 From: [EMAIL PROTECTED] To: Gus Constan [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Port 3306 Add --skip-networking to your my.cnf file or pass it on the command line to safe_mysqld. This will stop ALL TCP connections to mySQL, so you'll have to use the server name "localhost" in your connection strings to force use of the unix socket. If your installation requires MIT-threads, this is not an option. Is there a speed advantage to unix socket vs. TCP/IP (I think the answer is yes, but have been wrong before). Sincerely, William Mussatto, Senior Systems Engineer CyberStrategies, Inc ph. 909-920-9154 ext. 27 - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Port 3306
Unix sockets are about 30% faster than TCP connections on the local machine -- at least according to TCX's tests and some of my own. "William R. Mussatto" [EMAIL PROTECTED] wrote: On Mon, 5 Feb 2001 [EMAIL PROTECTED] wrote: Date: Mon, 5 Feb 2001 13:11:51 -0800 From: [EMAIL PROTECTED] To: Gus Constan [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Port 3306 Add --skip-networking to your my.cnf file or pass it on the command line to safe_mysqld. This will stop ALL TCP connections to mySQL, so you'll have to use the server name "localhost" in your connection strings to force use of the unix socket. If your installation requires MIT-threads, this is not an option. Is there a speed advantage to unix socket vs. TCP/IP (I think the answer is yes, but have been wrong before). Sincerely, William Mussatto, Senior Systems Engineer CyberStrategies, Inc ph. 909-920-9154 ext. 27 - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Port 3306
Yes, sockets are much faster. Best regards, -Eran "William R. Mussatto" wrote: On Mon, 5 Feb 2001 [EMAIL PROTECTED] wrote: Date: Mon, 5 Feb 2001 13:11:51 -0800 From: [EMAIL PROTECTED] To: Gus Constan [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Port 3306 Add --skip-networking to your my.cnf file or pass it on the command line to safe_mysqld. This will stop ALL TCP connections to mySQL, so you'll have to use the server name "localhost" in your connection strings to force use of the unix socket. If your installation requires MIT-threads, this is not an option. Is there a speed advantage to unix socket vs. TCP/IP (I think the answer is yes, but have been wrong before). Sincerely, William Mussatto, Senior Systems Engineer CyberStrategies, Inc ph. 909-920-9154 ext. 27 - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Port 3306
I'm new to MySQL, this may be a simple question; How do I turn off listen on port 3306?, I don't want to serve MySQL on the net, I only need it for local (server side) access. Can someone point to docs or notes dealing with this issue. thanks, Gus Constan - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Port 3306
What OS? If Linux or *BSD, they have firewall software (ipchains on linux, don't recall what it is on BSD) I'm new to MySQL, this may be a simple question; How do I turn off listen on port 3306?, I don't want to serve MySQL on the net, I only need it for local (server side) access. Can someone point to docs or notes dealing with this issue. - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Port 3306
fwcmd=/sbin/ipfw... on BSD usage like so ${FWCMD} add deny all from any to any via ${oif} Have to make a new kernel to support ipfw though cheers, mikel [EMAIL PROTECTED] wrote: What OS? If Linux or *BSD, they have firewall software (ipchains on linux, don't recall what it is on BSD) I'm new to MySQL, this may be a simple question; How do I turn off listen on port 3306?, I don't want to serve MySQL on the net, I only need it for local (server side) access. Can someone point to docs or notes dealing with this issue. - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Port 3306
Anyone know a good ipchains rule to close this port to the outside world? I haven't dabbled in forewalling yet... i use Immunix, a RedHat 6.2 derivative. I recommend it if you like RedHat: www.immunix.org. Has stack overflow protection so those pesky overflow bugs in wu-ftp no longer affect your system... johnny p. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, February 05, 2001 2:46 PM To: Gus Constan Cc: [EMAIL PROTECTED] Subject: Re: Port 3306 What OS? If Linux or *BSD, they have firewall software (ipchains on linux, don't recall what it is on BSD) I'm new to MySQL, this may be a simple question; How do I turn off listen on port 3306?, I don't want to serve MySQL on the net, I only need it for local (server side) access. Can someone point to docs or notes dealing with this issue. - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Port 3306
Would be easier to play with the grant tables and allow access from localhost only... Best regards, -Eran "johnny p." wrote: Anyone know a good ipchains rule to close this port to the outside world? I haven't dabbled in forewalling yet... i use Immunix, a RedHat 6.2 derivative. I recommend it if you like RedHat: www.immunix.org. Has stack overflow protection so those pesky overflow bugs in wu-ftp no longer affect your system... johnny p. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, February 05, 2001 2:46 PM To: Gus Constan Cc: [EMAIL PROTECTED] Subject: Re: Port 3306 What OS? If Linux or *BSD, they have firewall software (ipchains on linux, don't recall what it is on BSD) I'm new to MySQL, this may be a simple question; How do I turn off listen on port 3306?, I don't want to serve MySQL on the net, I only need it for local (server side) access. Can someone point to docs or notes dealing with this issue. - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php