Allow Remote Connections to MySQL
Allowing connections to a remote MySQL server is set up in 3 steps:
Edit MySQL config file
Connect to remote MySQL server
Step 1: Edit MySQL Config File
1.1 Access mysqld.cnf File
Use your preferred text editor to open the mysqld.cnf file. This example uses the nano text editor in Ubuntu 18.04. Enter the following command in your command-line interface to access the MySQL server configuration file:
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
The location of the file may vary based on the distribution and version in use. If the MySQL configuration file is not it its default location try using the Linux find command to detect it.
1.2 Change Bind-Address IP
You now have access to the MySQL server configuration file. Scroll down to the bind-address
line and change the IP address. The current default IP is set to 127.0.0.1. This IP limits MySQL connections to the local machine.
The new IP should match the address of the machine that needs to access the MySQL server remotely. For example, if you bind MySQL to 0.0.0.0, then any machine that reaches the MySQL server can also connect with it. For this website to access it you need to use IP address 22.214.171.124
Once you make the necessary changes, save and exit the configuration file.
Note: Remote access is additionally verified by using the correct credentials and user parameters you have defined for your MySQL users.
1.3 Restart MySQL Service
Apply the changes made to the MySQL config file by restarting the MySQL service:
sudo systemctl restart mysql
Next, your current firewall settings need to be adjusted to allow traffic to the default MySQL port.
Step 2: Set up Firewall to Allow Remote MySQL Connection
While editing the configuration file, you probably observed that the default MySQL port is 3306. This is default MySQL port number but can be changed in the config file.
If you have already configured a firewall on your MySQL server, you need to open traffic for this specific port. Follow the instructions below that correspond to your firewall service in use.
Option 1: UFW (Uncomplicated Firewall)
UFW is the default firewall tool in Ubuntu. In a terminal window, type the following command, changing remote_ip_address
to the required IP address, to allow traffic top the IP and port:
sudo ufw allow from remote_ip_address to any port 3306
The system confirms that the rules were successfully updated.
Firewall rule added to firewall deamon.
Option 2: FirewallD
The firewalld management tool in CentOS uses zones to dictate what traffic is to be allowed.
Create a new zone to set the rules for the MySQL server traffic. The name of the zone in our example is mysqlrule, and we used the IP address from our previous example 126.96.36.199:
sudo firewall-cmd --new-zone=mysqlrule --permanent
sudo firewall-cmd --reload
sudo firewall-cmd --permanent --zone=mysqlrule --add-source=188.8.131.52
sudo firewall-cmd --permanent --zone=mysqlrule --add-port=3306/tcp
sudo firewall-cmd --reload
You have successfully opened port 3306 on your firewall.
Option 3: Open Port 3306 with iptables
The iptables utility is available on most Linux distributions by default. Type the following command to open MySQL port 3306 to unrestricted traffic:
sudo iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
To limit access to a specific IP address, use the following command instead:
sudo iptables -A INPUT -p tcp -s 184.108.40.206 --dport 3306 -j ACCEPT
This command grants access to 220.127.116.11. You would need to substitute it with the IP for your remote connection.
It is necessary to save the changes made to the iptables rules. In an Ubuntu-based distribution type the following commands:
sudo netfilter-persistent save
sudo netfilter-persistent reload
Type the ensuing command to save the new iptables rules in CentOS:
service iptables save
Step 3: Connect to Remote MySQL Server
Your remote server is now ready to accept connections. You can now use this site to connect to your MySQL databases, using your server IP, username and password.
How to Grant Remote Access to New MySQL Database?
If you do not have any databases yet, you can easily create a database by typing the following command in your MySQL shell:
CREATE DATABASE ‘yourDB’;
To grant remote user access to a specific database:
GRANT ALL PRIVILEGES ON yourDB.* TO user1@’18.104.22.168’ IDENTIFIED BY ‘password1’;
The name of the database, the username, remote IP, and password need to match the information you want to use for the remote connection.
How to Grant Remote Access to Existing MySQL Database
Granting remote access to a user for an existing database requires a set of two commands:
update db set Host=’22.214.171.124' where Db='yourDB';
update user set Host=’126.96.36.199' where user='user1';
User1 is now able to access yourDB from a remote location identified by the IP 188.8.131.52.