How to open MySQL default port for remote connections on RHEL/CentOS (iptables/CFS)

Reading Time: < 1 minutes

In some situations you might need to open MySQL port for remote connection. That might be the case, for example if you need to manage database remotely.

Enable MySQL external connections by editing the config file

For security reasons, by default MySQL is not listening external connections. You need to edit the configuration file /etc/my.cnf to allow external connections. You can find out where teh cofiguration file is located at your system using the following command:

mysql --help | grep "Default options" -A 1

Locate the line that contains [mysqld] and add the following code below it, and save the file. (Replace MY.IP.ADDRESS with your actual IP-address.)


You need to restart the MySQL to changes to take effect:

systemctl restart mysqld

Open the MySQL port editing firewall config file

The default MySQL port for external connections is TCP 3306. You need to open that port by editing firewall configuration. In the following example we are editing iptables firewall configuration. If you are using CSF, please read instructions how to add custom iptables rules with CSF.

Use the following command to open the default MySQL port for all connections. Not recommended as allowing connections from all IPs makes your system very vulnerable.

iptables -A INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT

Use the following command to open the default MySQL port for the specific IP. This is recommended, limiting external connections to the specific IP increases system security compared to allowing connections from all IPs. (Replace MY.IP.ADDRESS with your actual IP-address.)

iptables -A INPUT -i eth0 -s MY.IP.ADDRESS -p tcp --destination-port 3306 -j ACCEPT

Save the iptables configuration.

service iptables save
5/5 - (1 vote)
See also  How to add custom iptables rules with CSF

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.