Saturday, November 8, 2008

How Do I Enable Remote Access To MySQL Database Server?

How Do I Enable Remote Access To MySQL Database Server?

By default, MySQL database server remote access disabled for security reasons. However, some time you need to provide the remote access to database server from home or from web server.
MySQL Remote Access

You need type the following commands which will allow remote connections:
Step # 1: Login over ssh if server is outside your IDC

First, login over ssh to remote MySQL database server
Step # 2: Enable networking

Once connected you need edit the mysql configuration file my.cfg using text editor such as vi.

* If you are using Debian Linux file is located at /etc/mysql/my.cnf location
* If you are using Red Hat Linux/Fedora/Centos Linux file is located at /etc/my.cnf location
* If you are using FreeBSD you need to create a file /var/db/mysql/my.cnf

# vi /etc/my.cnf
Step # 3: Once file opened, locate line that read as follows


Make sure line skip-networking is commented (or remove line) and add following line


For example, if your MySQL server IP is then entire block should be look like as follows:
user = mysql
pid-file = /var/run/mysqld/
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
language = /usr/share/mysql/English
bind-address =
# skip-networking

* bind-address : IP address to bind to.
* skip-networking : Don’t listen for TCP/IP connections at all. All interaction with mysqld must be made via Unix sockets. This option is highly recommended for systems where only local requests are allowed. Since you need to allow remote connection this line should removed from file or put it in comment state.

Step# 4 Save and Close the file

Restart your mysql service to take change in effect:# /etc/init.d/mysql restart
Step # 5 Grant access to remote IP address

# mysql -u root -p mysqlGrant access to new database
If you want to add new database called foo for user bar and remote IP then you need to type following commands at mysql> prompt:mysql> CREATE DATABASE foo;
How Do I Grant access to existing database?

Let us assume that you are always making connection from remote IP called for database called webdb for user webadmin, To grant access to this IP address type the following command At mysql> prompt for existing database:mysql> update db set Host='' where Db='webdb';
mysql> update user set Host='' where user='webadmin';
Step # 5: Logout of MySQL

Type exit command to logout mysql:mysql> exit
Step # 6: Open port 3306

You need to open port 3306 using iptables or BSD pf firewall.
A sample iptables rule to open Linux iptables firewall

/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT

OR only allow remote connection from your web server located at

/sbin/iptables -A INPUT -i eth0 -s -p tcp --destination-port 3306 -j ACCEPT

OR only allow remote connection from your lan subnet

/sbin/iptables -A INPUT -i eth0 -s -p tcp --destination-port 3306 -j ACCEPT

A sample FreeBSD / OpenBSD pf rule ( /etc/pf.conf)

pass in on $ext_if proto tcp from any to any port 3306

OR allow only access from your web server located at

pass in on $ext_if proto tcp from to any port 3306 flags S/SA synproxy state

Step # 7: Test it

From remote system or your desktop type the command:
$ mysql -u webadmin –h –p

* -u webadmin: webadmin is MySQL username
* -h IP or hostname: is MySQL server IP address or hostname (FQDN)
* -p : Prompt for password

You can also use telnet to connect to port 3306 for testing purpose:$ telnet 3306


thiyagi said...
This comment has been removed by the author.
thiyagi said...

thanks, it was really helpful..

Gamer88liz said...

GNU nano 1.3.12

# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).

# Disabling symbolic-links is recommended to prevent assorted security risks;
# to do so, uncomment this line:
# symbolic-links=0


I have this as my current configuration, but I still cannot connect another machine to my computer. Any suggestions?