Port 3306 keeps closed even after being open on iptables

oscar_vb asked:

Due to the nature of my project, I need to open port 3306 on a cloud server running CentOS 6. Using this site: http://www.yougetsignal.com/tools/open-ports/ I can see whether a port is open or not. Port 3306 seems to be closed, therefore any attempt of remote connection fails.
I’ve already tried to open it via iptables like so:

iptables -I INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT
iptables -I FORWARD -i eth0 -p tcp --destination-port 3306 -j ACCEPT

Command iptables -L returns the following:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:mysql

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:mysql

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Command netstat -tlnp returns the following:

tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      2694/mysqld

So I assume the daemon is listening through that port. I have to mention that before trying this, I installed MySQL from yum repository, then updated it from remi-repo, and then updated again to the latest version via MySQL official repository, maybe that messep up something? Command mysql upgrade ran smoothly but I may be missing something.
Maybe it’s an issue from the service provider? Am I missing something?
Thanks in advance.

EDIT Is it normal that mysqld status is stopped?:

# service mysqld start
Starting mysqld:                                           [  OK  ]
# service mysqld status
mysqld is stopped

My answer:


Your host doesn’t have an active firewall blocking any connections, so the iptables rules you added effectively do nothing. Your system accepts all connections anyway.

If your connection is firewalled, then the firewall is outside the server (e.g. Amazon EC2 security groups, GCE firewall, etc.).


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.