How to build an exception in firewall for mysql to run

Hi,

I previously raised this question: http://www.experts-exchange.com/Databases/Mysql/Q_21734009.html

I was basically having trouble getting php to login to mysql server. The answer was to turn off the firewall.

So now I need to know how I can allow mysql + apache/php to run with the firewall going?

I am running windows xp pro 2003 with all the latest security patches etc..
I've tried allowing port 3306 for inbound and outbound traffic but I don't really understand what I am doing.

Thanks for your help,
:Ant
antumAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

campbelcCommented:
Basically you just need to open the 3306/tcp

You can run this from the command prompt:

netsh firewall add portopening TCP 3306 MySQL ENABLE ALL

To interpret: add this to the firewall config opening TCP, port 3306 name it MySQL, enable it, all profiles.


Article on security best practices:
http://www.microsoft.com/smallbusiness/support/security-toolkit-pdf.mspx

TCPView: TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.

http://www.sysinternals.com/Utilities/TcpView.html
antumAuthor Commented:
Hi,

Thanks for your reply.. I ran the command and it said "Ok." but it still didn't fix my problem..
I still can't get php to connect to mysql unless I turn the firewall off...

I can c:\telnet localhost 3306 and it tells me the version of the mysql server, so that should mean that I'm working with the right port..

Oh.. I just got it working with the firewall..
I changed the Apache.exe to be allowed to access the internet.... and it worked.. so how do I get it to work without apache accessing the internet?

I'm reading that security best practices report.. thanks..

campbelcCommented:
Ok, great that this piece is now working.

Apache will need to send requests back to the Internet when a client requests data, think you will need to keep that enabled. No harm at all in doing so.

Might want to run a "netsh firewall show config" and display the results of that query. Will be able to better help you after that.

If you WANT to enable apache to only answer requests from clients that are within you IP network, you can change the scope to "SUBNET".

Let me know what else you might need. =)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
antumAuthor Commented:
Thanks you've answered my question but I'm now having this really annoying problem of Apache crashing.

If you want some more points go here:
http://www.experts-exchange.com/Web/Web_Languages/PHP/PHP_Windows/Q_21735390.html
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.