I want to run MySQL on server but it only be accessible to programs on
localhost. I see that port 3306 is open on server so I need to close
it.
How do I do that while keeping it available to programs running on
localhost?
I think you can do this with your firewall. If you don't allow traffic
on port 3306 nobody from the outside will be able to connect to the
MySQL server, but apps running on localhost will still have access.
I am running MySQL on OS 10.4 and changing the firewall settings is
realy easy. I don't have much experience with other operating systems.
I hope this helps.
Paul wrote:
> I want to run MySQL on server but it only be accessible to programs on
> localhost. I see that port 3306 is open on server so I need to close
> it.
>
> How do I do that while keeping it available to programs running on
> localhost?
torpecool@yahoo.com wrote:
> I think you can do this with your firewall. If you don't allow traffic
> on port 3306 nobody from the outside will be able to connect to the
> MySQL server, but apps running on localhost will still have access.
>
> I am running MySQL on OS 10.4 and changing the firewall settings is
> realy easy. I don't have much experience with other operating systems.
>
>
> I hope this helps.
So it's a firewall issue rather than a MySQL setting issue, right? I
remember seeing in one MySQL table configuration where the % user was
not allowed any access and localhost was allowed all access or a subset
thereof.
Many thanks torpecool!
Paul wrote:
> I want to run MySQL on server but it only be accessible to programs on
> localhost. I see that port 3306 is open on server so I need to close
> it.
>
> How do I do that while keeping it available to programs running on
> localhost?
One solution is to enable the option in your my.cnf file:
bind-address=127.0.0.1
This means that only clients connecting from the specified IP address
are permitted to connect.
But this is not the same thing as closing port 3306 to the outside
world. A port-detection tool would still show the port as "open," even
though the application listening on the port (mysqld) will refuse all
connections unless they come from the local IP address.
So as torpedocool says, the better solution is to configure your
firewall rules in the way you want.
Regards,
Bill K.
Bill Karwin wrote:
> Paul wrote:
> > I want to run MySQL on server but it only be accessible to programs on
> > localhost. I see that port 3306 is open on server so I need to close
> > it.
> >
> > How do I do that while keeping it available to programs running on
> > localhost?
>
> One solution is to enable the option in your my.cnf file:
>
> bind-address=127.0.0.1
>
> This means that only clients connecting from the specified IP address
> are permitted to connect.
>
> But this is not the same thing as closing port 3306 to the outside
> world. A port-detection tool would still show the port as "open," even
> though the application listening on the port (mysqld) will refuse all
> connections unless they come from the local IP address.
>
> So as torpedocool says, the better solution is to configure your
> firewall rules in the way you want.
>
> Regards,
> Bill K.
I understand now and thanks for your reply. A day without learning
something is like a day without sunshine!