3

want to access the MYSQL database remotely but when checking on yougetsignal(dot) com I get a message that port 3306 is closed.

Configuration: Fresh Server (Centos 6.4 64 bit with Zpanel installed)

Steps Already Taken:

  1. Removed bind address from my.cnf

  2. Tried adding bind address as server IP

  3. Have edited the IPTABLES to keep the port open.

  4. Forwarded the port from router

  5. added port=3306 in /etc/my.cnf

  6. Stopped IPTABLES

  7. several restarts of mysqld after every change

  8. restarts of IPTABLES after change

Nothing has worked so far.

IP Tables:

# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT

Diagnostic Results: netstat result:

# netstat -na | grep 3306 tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN

netstat Results (netstat -lnp | grep mysql)

# netstat -lnp | grep mysql tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 6684/mysqld unix 2 [ ACC ] STREAM LISTENING 33101 6684/mysqld /var/lib/mysql/mysql.sock

iptables -L Results:

Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination

can run nc on server from localhost / SSH connection but not from remote systems

Improve this question
10
  • 2
    What happens when from another system on the same LAN you do telnet server.ip.address 3306? Or is this, by any chance, a virtual server? Commented Jul 9, 2014 at 11:12
  • It is a VPS so cannot do telnet from LAN Commented Jul 9, 2014 at 11:15
  • Have you checked that the VPS host is not filtering traffic? Many do, and the fact that your firewall opens up port 22 yet I can't reach port 22 on your server makes me very suspicious that there's another firewall involved. (Congratulations on your investigations so far, it looks like you've been doing some thorough reading and digging.) Commented Jul 9, 2014 at 11:16
  • Yeah have verified with the host and traffic is open Commented Jul 9, 2014 at 11:18
  • 1
    Well, someone is filtering traffic to it; see my comment above about port 22. It still seems extremely likely to me that they are filtering somewhere in their network. You might want to ask them about port 22 traffic; if they say they're not filtering that, either, then you know they're not telling the truth. Commented Jul 9, 2014 at 11:18

2 Answers 2

Reset to default
3

The traffic is likely being filtered.

Because you supplied your domain name (assuming here, that despite having two A records with two different addresses 141.101.117.86 is accurate..

Tracerouting to port 80, which we can demonstrably prove is open..

$ sudo traceroute -T -O info 141.101.117.86 -p 80 traceroute to 141.101.117.86 (141.101.117.86), 30 hops max, 60 byte packets 1 192.168.1.1 (192.168.1.1) 0.332 ms 0.460 ms 0.574 ms 2 host-92-25-242-1.as13285.net (92.25.242.1) 13.745 ms 13.807 ms 13.902 ms 3 host-78-151-225-189.static.as13285.net (78.151.225.189) 15.058 ms 15.086 ms 15.118 ms 4 host-78-151-225-196.static.as13285.net (78.151.225.196) 16.120 ms host-78-151-225-232.static.as13285.net (78.151.225.232) 15.748 ms host-78-151-225-184.static.as13285.net (78.151.225.184) 16.069 ms 5 host-78-144-11-115.as13285.net (78.144.11.115) 16.630 ms 16.579 ms host-78-144-11-109.as13285.net (78.144.11.109) 16.798 ms 6 195.66.225.179 (195.66.225.179) 16.728 ms 14.735 ms 14.707 ms 7 141.101.117.86 (141.101.117.86) <syn,ack> 14.713 ms 14.907 ms 14.887 ms

If we try 3306..

$ sudo traceroute -T -O info 141.101.117.86 -p 3306 traceroute to 141.101.117.86 (141.101.117.86), 30 hops max, 60 byte packets 1 192.168.1.1 (192.168.1.1) 0.343 ms 0.444 ms 0.624 ms 2 host-92-25-242-1.as13285.net (92.25.242.1) 13.225 ms 13.226 ms 13.233 ms 3 host-78-151-225-189.static.as13285.net (78.151.225.189) 14.736 ms 15.352 ms 15.347 ms 4 host-78-151-225-220.static.as13285.net (78.151.225.220) 15.492 ms host-78-151-228-37.as13285.net (78.151.228.37) 15.441 ms host-78-151-225-232.static.as13285.net (78.151.225.232) 15.350 ms 5 host-78-144-11-95.as13285.net (78.144.11.95) 16.140 ms host-78-144-11-119.as13285.net (78.144.11.119) 16.551 ms host-78-144-11-95.as13285.net (78.144.11.95) 16.463 ms 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * ...

Traffic stops at this host: 195.66.225.179 which is probably a firewall and is blocking the traffic.

Improve this answer
6
  • That is not my domain name. That is the service which checks port forwarding. Commented Jul 9, 2014 at 11:33
  • Yes, it is your domain name: dig yougetsignal.com returns yougetsignal.com. 300 IN A 141.101.117.86 (as well as 141.101.116.86). Commented Jul 9, 2014 at 11:41
  • @MadHatter I think AmreshSingh was using this website to check his own. If you visit the website it has a series of network tools on it. Commented Jul 9, 2014 at 11:42
  • Oh, blast. Yes, I can see how his first sentence can be read that way as well. That stuffs most of my analysis above, too. Commented Jul 9, 2014 at 11:43
  • English is not my first language so .. Oops Commented Jul 9, 2014 at 11:52
1

So, given the real IP address here is the traceroute; Note the routing appears to change regularly, but these two examples appear to take similar paths.

Port 80

traceroute to 103.231.8.238 (103.231.8.238), 30 hops max, 60 byte packets 1 192.168.1.1 0.290 ms 0.435 ms 0.520 ms 2 92.25.242.1 13.350 ms 13.348 ms 13.343 ms 3 78.151.225.189 15.084 ms 15.086 ms 15.099 ms 4 78.151.225.200 15.236 ms 15.873 ms 78.151.225.184 15.907 ms 5 78.144.11.123 16.353 ms 78.144.11.121 16.227 ms 78.144.11.135 16.243 ms 6 195.66.224.209 18.715 ms 78.144.11.2 16.502 ms 78.144.10.252 16.443 ms 7 206.126.236.88 96.076 ms 93.854 ms 145.253.33.238 14.138 ms 8 182.19.105.75 132.438 ms 182.19.105.73 131.902 ms 131.863 ms 9 * * * 10 103.1.112.13 140.948 ms 182.19.115.224 278.477 ms 278.436 ms 11 103.13.96.170 154.360 ms 153.584 ms 182.19.115.226 275.564 ms 12 103.241.180.132 137.192 ms 138.187 ms 182.19.115.100 276.826 ms 13 103.231.8.238 138.987 ms 138.867 ms 140.010 ms

And port 3306:

 1 192.168.1.1 0.380 ms 0.468 ms 0.574 ms 2 92.25.242.1 13.358 ms 13.366 ms 13.399 ms 3 78.151.225.189 14.904 ms 14.904 ms 14.931 ms 4 78.151.225.156 15.081 ms 15.676 ms 78.151.225.188 32.598 ms 5 78.144.11.111 16.741 ms 78.144.11.119 19.341 ms 78.144.11.125 16.725 ms 6 78.144.11.6 16.818 ms 78.144.10.254 17.168 ms 78.144.11.6 17.104 ms 7 206.126.236.88 96.258 ms 145.253.33.238 14.267 ms 206.126.236.88 94.096 ms 8 63.218.162.165 344.874 ms 182.19.105.75 132.858 ms 63.218.162.165 344.861 ms 9 63.218.163.170 284.351 ms 123.63.182.125 138.510 ms 63.218.163.170 283.633 ms 10 103.1.112.13 138.879 ms 140.004 ms 182.19.115.224 277.669 ms 11 103.13.96.170 154.360 ms 182.19.107.1 275.934 ms 103.13.96.170 152.461 ms 12 103.241.180.132 136.943 ms 138.046 ms 182.19.115.100 275.782 ms 13 182.19.105.75 274.382 ms 274.097 ms * 14 123.63.182.125 280.577 ms * 281.215 ms 15 * 103.1.112.13 281.433 ms * 16 103.13.96.170 297.287 ms * 296.211 ms 17 * * * 18 * * * 19 * * * ...

Of interest is hops 12 to 13. On the port 80 example the 13th hop is your server. On port 3306 the 13th hop is a 182.19.105.75 address, this also comes up in other traceroutes as being the next to last hop from the destionation. I assume that there is some DNAT happening which is redirecting the traffic back out from this network to a different destination, its not possible to tell what this destination might be from the output though.

Some traceroutes show some signs of looping though, such as this..

 8 182.19.105.75 148.637 ms 133.271 ms 63.218.162.165 345.590 ms 9 * * 123.63.182.125 137.830 ms 10 103.1.112.13 140.637 ms * 140.108 ms 11 182.19.107.1 275.851 ms 103.13.96.170 153.820 ms 182.19.107.1 275.465 ms 12 103.241.180.132 136.681 ms 182.19.115.100 275.113 ms 103.241.180.132 136.907 ms 13 182.19.105.75 274.357 ms 274.330 ms 274.211 ms 14 123.63.182.125 282.631 ms 282.339 ms * 15 * 103.1.112.13 283.497 ms 282.053 ms 16 * * 103.13.96.170 298.444 ms 17 103.241.180.132 279.360 ms * *

I never end up getting a TTL exceeded message however.

Check what you have setup in your router and port forwarding, something appears to be incorrectly configured.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.