Re: Port 3306 restricted to IP addresses
On Thu, 4 Apr 2002 16:23:09 +0600 Tshering Norbu [EMAIL PROTECTED] wrote: For the inbound connection on port 3306 of MySQL Server, how do I restrict the connection to some IP addresses something like 1.2.3.* What do I need to do in my.cnf file? Thanks in advance. you are playing with database name mysql ... for standard access you can only use table user, or if you want to go further ... use table db, host, etc ... -- How should I know if it works? That's what beta testers are for. I only coded it. -- Attributed to Linus Torvalds, somewhere in a posting - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Port 3306 restricted to IP addresses
* Tshering Norbu For the inbound connection on port 3306 of MySQL Server, how do I restrict the connection to some IP addresses something like 1.2.3.* What do I need to do in my.cnf file? Nothing, this is done from the client. URL: http://www.mysql.com/doc/G/R/GRANT.html -- Roger - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Port 3306 restricted to IP addresses
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At Donnerstag, 4. April 2002 12:23 Tshering Norbu wrote: For the inbound connection on port 3306 of MySQL Server, how do I restrict the connection to some IP addresses something like 1.2.3.* What do I need to do in my.cnf file? I let the firewall do that kind of restrictions. - -- Michael Zimmermann (Vegaa Safety and Security for Internet Services) [EMAIL PROTECTED] phone +49 89 6283 7632hotline +49 163 823 1195 Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8rFZH72vu22ltWBERAnojAKCFZMYbUGcp/0dQz3gJbsoHKc9xeACdFoAZ GGT4fn5G1hD+qmaEZx1+Mf4= =pmYD -END PGP SIGNATURE- - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Port 3306 restricted to IP addresses
Firewall isn't good enough (who else is inside your firewall, likely the entire hosting company or internal corporate network). The user table has a host column that I use. Also, you can enable ipfw or some other local firewall on the host itself if you are very serious. -Original Message- From: Michael Zimmermann [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 04, 2002 8:34 AM To: Tshering Norbu; [EMAIL PROTECTED] Subject: Re: Port 3306 restricted to IP addresses -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At Donnerstag, 4. April 2002 12:23 Tshering Norbu wrote: For the inbound connection on port 3306 of MySQL Server, how do I restrict the connection to some IP addresses something like 1.2.3.* What do I need to do in my.cnf file? I let the firewall do that kind of restrictions. - -- Michael Zimmermann (Vegaa Safety and Security for Internet Services) [EMAIL PROTECTED] phone +49 89 6283 7632hotline +49 163 823 1195 Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8rFZH72vu22ltWBERAnojAKCFZMYbUGcp/0dQz3gJbsoHKc9xeACdFoAZ GGT4fn5G1hD+qmaEZx1+Mf4= =pmYD -END PGP SIGNATURE- - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Port 3306 restricted to IP addresses
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At Donnerstag, 4. April 2002 21:24 adam nelson wrote: Firewall isn't good enough (who else is inside your firewall, likely the entire hosting company or internal corporate network). The user table has a host column that I use. Also, you can enable ipfw or some other local firewall on the host itself if you are very serious. Yes, I was sloppy in my language. I meant local packet filters to allow the mysql-port for certain IPs only, sure. Greetings - -- Michael Zimmermann (Vegaa Safety and Security for Internet Services) [EMAIL PROTECTED] phone +49 89 6283 7632hotline +49 163 823 1195 Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8rOI872vu22ltWBERAt09AJ9blFizh+Z2Vxz+DKcJjK+Flb3T/wCfdmGQ bqef47cdtlaw28l00iDflGc= =uxwr -END PGP SIGNATURE- - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Port 3306
On Mon, 5 Feb 2001 [EMAIL PROTECTED] wrote: Date: Mon, 5 Feb 2001 13:11:51 -0800 From: [EMAIL PROTECTED] To: Gus Constan [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Port 3306 Add --skip-networking to your my.cnf file or pass it on the command line to safe_mysqld. This will stop ALL TCP connections to mySQL, so you'll have to use the server name "localhost" in your connection strings to force use of the unix socket. If your installation requires MIT-threads, this is not an option. Is there a speed advantage to unix socket vs. TCP/IP (I think the answer is yes, but have been wrong before). Sincerely, William Mussatto, Senior Systems Engineer CyberStrategies, Inc ph. 909-920-9154 ext. 27 - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Port 3306
Unix sockets are about 30% faster than TCP connections on the local machine -- at least according to TCX's tests and some of my own. "William R. Mussatto" [EMAIL PROTECTED] wrote: On Mon, 5 Feb 2001 [EMAIL PROTECTED] wrote: Date: Mon, 5 Feb 2001 13:11:51 -0800 From: [EMAIL PROTECTED] To: Gus Constan [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Port 3306 Add --skip-networking to your my.cnf file or pass it on the command line to safe_mysqld. This will stop ALL TCP connections to mySQL, so you'll have to use the server name "localhost" in your connection strings to force use of the unix socket. If your installation requires MIT-threads, this is not an option. Is there a speed advantage to unix socket vs. TCP/IP (I think the answer is yes, but have been wrong before). Sincerely, William Mussatto, Senior Systems Engineer CyberStrategies, Inc ph. 909-920-9154 ext. 27 - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Port 3306
Yes, sockets are much faster. Best regards, -Eran "William R. Mussatto" wrote: On Mon, 5 Feb 2001 [EMAIL PROTECTED] wrote: Date: Mon, 5 Feb 2001 13:11:51 -0800 From: [EMAIL PROTECTED] To: Gus Constan [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Port 3306 Add --skip-networking to your my.cnf file or pass it on the command line to safe_mysqld. This will stop ALL TCP connections to mySQL, so you'll have to use the server name "localhost" in your connection strings to force use of the unix socket. If your installation requires MIT-threads, this is not an option. Is there a speed advantage to unix socket vs. TCP/IP (I think the answer is yes, but have been wrong before). Sincerely, William Mussatto, Senior Systems Engineer CyberStrategies, Inc ph. 909-920-9154 ext. 27 - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Port 3306
What OS? If Linux or *BSD, they have firewall software (ipchains on linux, don't recall what it is on BSD) I'm new to MySQL, this may be a simple question; How do I turn off listen on port 3306?, I don't want to serve MySQL on the net, I only need it for local (server side) access. Can someone point to docs or notes dealing with this issue. - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Port 3306
fwcmd=/sbin/ipfw... on BSD usage like so ${FWCMD} add deny all from any to any via ${oif} Have to make a new kernel to support ipfw though cheers, mikel [EMAIL PROTECTED] wrote: What OS? If Linux or *BSD, they have firewall software (ipchains on linux, don't recall what it is on BSD) I'm new to MySQL, this may be a simple question; How do I turn off listen on port 3306?, I don't want to serve MySQL on the net, I only need it for local (server side) access. Can someone point to docs or notes dealing with this issue. - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Port 3306
Anyone know a good ipchains rule to close this port to the outside world? I haven't dabbled in forewalling yet... i use Immunix, a RedHat 6.2 derivative. I recommend it if you like RedHat: www.immunix.org. Has stack overflow protection so those pesky overflow bugs in wu-ftp no longer affect your system... johnny p. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, February 05, 2001 2:46 PM To: Gus Constan Cc: [EMAIL PROTECTED] Subject: Re: Port 3306 What OS? If Linux or *BSD, they have firewall software (ipchains on linux, don't recall what it is on BSD) I'm new to MySQL, this may be a simple question; How do I turn off listen on port 3306?, I don't want to serve MySQL on the net, I only need it for local (server side) access. Can someone point to docs or notes dealing with this issue. - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Port 3306
Would be easier to play with the grant tables and allow access from localhost only... Best regards, -Eran "johnny p." wrote: Anyone know a good ipchains rule to close this port to the outside world? I haven't dabbled in forewalling yet... i use Immunix, a RedHat 6.2 derivative. I recommend it if you like RedHat: www.immunix.org. Has stack overflow protection so those pesky overflow bugs in wu-ftp no longer affect your system... johnny p. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, February 05, 2001 2:46 PM To: Gus Constan Cc: [EMAIL PROTECTED] Subject: Re: Port 3306 What OS? If Linux or *BSD, they have firewall software (ipchains on linux, don't recall what it is on BSD) I'm new to MySQL, this may be a simple question; How do I turn off listen on port 3306?, I don't want to serve MySQL on the net, I only need it for local (server side) access. Can someone point to docs or notes dealing with this issue. - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php