Open Firewall for MySQL Server on CentOS

Provides a tutorial example on how to setup MySQL server and firewall to client computers to use TCP/IP connections on CentOS 8 systems.

If you want client programs from other computers to use the TCP/IP connection of the MySQL server on CentOS systems, you can follow what I did on my CentOS 8 computer.

1. Make sure that MySQL server is listening on an IP address with a given port number. I see that the server is listening on 192.168.1.100:3306 using these commands on server. Remember that "bind_address=*" supports any IP address used by the server.

herong$ ifconfig
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
      inet 192.168.1.100  netmask 255.255.255.0  broadcast 192.168.1.255
      ...

herong$ mysql -u root -p

mysql> show variables like 'bind_address';
+---------------------+-------+
| Variable_name       | Value |
+---------------------+-------+
| bind_address        | *     |
+---------------------+-------+

mysql> show variables like 'port';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| port          | 3306  |
+---------------+-------+

2. Make sure that my MySQL user accounts covers my computer IP address. I see that my computer IP address 192.168.1.11 is covered:

(On the server)
herong$ mysql -u root -p

mysql> select user, host from mysql.user;
+------------------+--------------+
| user             | host         |
+------------------+--------------+
| herong           | localhost    |
| herong           | 127.0.0.1    |
| herong           | 192.168.1.%  |
+------------------+--------------+

(On my computer)
herong$ ifconfig
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  inet 192.168.1.11 netmask 0xffffff00 broadcast 192.168.1.255

3. Checking IP address and port connection from my computer to the server. I see that my computer can reach the server, but not the port 3306.

(On my computer)
herong$ ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100): 56 data bytes
64 bytes from 192.168.1.100: icmp_seq=0 ttl=64 time=4.548 ms
64 bytes from 192.168.1.100: icmp_seq=1 ttl=64 time=2.308 ms
...

herong$ telnet 192.168.1.100 3306
Trying 192.168.1.100...
telnet: connect to address 192.168.1.100: Connection refused
telnet: Unable to connect to remote host

4. Open the firewall on the MySQL server for port 3306. These commands opens port 3306 for all computers on the Internet. I need to add more restrictions later.

(On the server)
herong$ sudo firewall-cmd --zone=public --add-port=3306/tcp
herong$ sudo firewall-cmd --runtime-to-permanent

5. Checking IP address and port connection from my computer to the server again. I see that the TCP/IP connection is open.

herong$ telnet 192.168.1.100 3306
Trying 192.168.1.100...
Connected to 192.168.1.100.
Escape character is '^]'.
J
8.0.17/1TZi76?l...

6. Finally, connect to MySQL server from my client computer:

herong$ /usr/local/mysql/bin/mysql -u herong -h 192.168.1.100 -p
Enter password: TopSecret<Enter>

mysql>

Cool! I was able to setup MySQL server and firewall to for TCP/IP connection from my client computer.

Table of Contents

 About This Book

 Introduction to Linux Systems

 Cockpit - Web Portal for Administrator

 Process Management

 Files and Directories

 Users and Groups

 File Systems

 Installing CentOS

 SELinux - Security-Enhanced Linux

 Network Connection on CentOS

 Software Package Manager on CentOS - DNF and YUM

 Running Apache Web Server (httpd) on Linux Systems

 Running PHP Scripts on Linux Systems

Running MySQL Database Server on Linux Systems

 Install MySQL Database Server on CentOS

 Manage MySQL Server 'mysqld' on CentOS

 Set MySQL Server "root" Password on CentOS

 MySQL Server File Locations on CentOS

 MySQL Server Data Backups on CentOS

 MySQL Server Log Files on CentOS

 MySQL Server Socket Connection on CentOS

 MySQL Server TCP/IP Connection on CentOS

Open Firewall for MySQL Server on CentOS

 "Server sent charset unknown to the client" Error

 Performance of Inserting Integers to MySQL Database

 Performance Comparison of Inserting Integers vs. Strings

 Running Python Scripts on Linux Systems

 vsftpd - Very Secure FTP Daemon

 Postfix - Mail Transport Agent (MTA)

 Dovecot - IMAP and POP3 Server

 Email Client Tools - Mail User Agents (MUA)

 GCC - C/C++ Compiler

 Conda - Environment and Package Manager

 Tools and Utilities

 References

 Full Version in PDF/EPUB