Issue
I am running mysql in a debian linux system that runs on a vm over Windows 7. I have modified iptables to accept connections from anywhere over port 3306 - but I can't do a telnet to it from Windows. Although I can ping the vm and make sure its accessible.
Here's the iptables details:
# sudo iptables -L
CHAIN INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
CHAIN FORWARD (policy ACCEPT)
target prot opt source destination
CHAIN OUTPUT (policy ACCEPT)
target prot opt source destination
#
Here's what I enetered to add the rule:
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
I can successfully ping to the debian vm, but when I try to do a telnet from the windows host I get:
Could not open connection to the host, on port 3306: Connect failed
I also tried doing a telnet from within debian. Here's what I got:
$ telnet localhost 3306
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
6
5.1.73-1*?MH]~"* wG;2(oz9JJrConnection closed by foreign host.
$
The debian system waits for a while before closing the connection by itself. Or I could do a ^] and close it.
Solution
The Problem - tight security permissions
If you are running a default Debian wheezy installation, out of the box the file /etc/mysql/my.cnf is configured so that mysql only binds to 127.0.0.1 - this would explain why you can telnet from inside the box but not from outside.
If you run:
sudo netstat -lntp
and you see
tcp 0 0 127.0.0.1:3306 0.0.0.0.* LISTEN 1234/mysqld
and no other mysqld entries, this is indeed the case.
One Solution
Edit the file /etc/mysql/my.cnf and change the following line:
bind-address = 127.0.0.1
to
bind-address = 0.0.0.0
or, instead, the following line, where 192.168.1.2 is the static IP address of your Debian VM guest:
bind-address = 192.168.1.2
The above will vary if you are using ipv6 or other configurations.
See also: http://dev.mysql.com/doc/refman/5.5/en/server-options.html#option_mysqld_bind-address
Note
The zero payload length TCP packets going back are (roughly speaking) the RST, ACK packets that tell your Windows machine that there is nothing listening on that port on that interface. That does prove that your Windows firewall is not the problem.
Answered By - 6EQUJ5