Solved

Remote access to port 3306

Posted on 2013-06-24
13
1,941 Views
Last Modified: 2013-07-19
A client and I are trying to figure out why he can connect from his house using a Windows 8 computer to his company server using Navicat to manage MySQL through port 3306 he just opened and I can't using my Windows 7 computer from my house.

He is also able to open a remote desktop session, and I can't.

He can also establish a VPN connection, and I can't using the exact same settings.

He can also ping his server IP address, and I can't.

However, I am able to do all these things with other customer's as well as a data center I use, but I'm blocked from connecting to his company server. (The data center will open ports to specific IP addresses on request, which I've done to connect from my house.)

My client also has other employees who connect remotely to his company network/server as well.

The symptoms all seem to suggest a compatibility issue, as if there is some characteristic in my IT landscape that doesn't work with something in his landscape.

Does this sound like anything anyone is familiar with, or has a suggestion where to look next?

Thanks,
David
0
Comment
Question by:David Smithstein
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
13 Comments
 
LVL 63

Expert Comment

by:btan
ID: 39274711
Specific to 3306 MySQL, this link has few hints for quick troubleshooting - might be easier if you search through based on error message. It help to isolate.

http://dev.mysql.com/doc/refman/5.5/en/access-denied.html
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 39274787
Need a little more information.

Are you connecting from a house line or business line?
What is your gateway device?
Do you have Windows firewall on? (it can hurt ping efforts sometimes depending on the configuration)
Can  you traceroute to the database IP?
Who is your provider?  Do they do any type of filtering? (sometimes ISP's filter common ports that are known to be misused a lot though usually its on the server end, still worth considering)
What kind of VPN are  you using?  If IPSec, is it configured to use NAT-T?
0
 

Author Comment

by:David Smithstein
ID: 39275359
-House line through a D-Link router

-Windows Firewall is off

-Traceroute will trace the route to the Database IP address

-Comcast cable is my provider, but if they were filtering this port I wouldn't be able to connect to anyone, right?  and I can connect to multiple other remote databases both in and outside of California.

-VPN is set to automatic to match the clients settings that work for him, but this is not my primary issue.  I don't really want to set up a VPN connection, I just want them to open port 3306 to my IP address so I can use Navicat to manage their MySQL database that supports my software application.  Instead they simply opened the port, but even so I can't connect to it while the client was able to download a Navicat trail version and connect just fine.

Is it possible to have a compatibility issue that is specific to the interaction between my router and theirs?  That's the only thing I can think of that fits the symptoms.
0
SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

 
LVL 63

Expert Comment

by:btan
ID: 39276652
What is the specific error reported in MySQL (with logging)?
Have tried configured SSH tunnel connection and then try connecting to thru Navicat again?

http://wiki.navicat.com/wiki/index.php/Why_I_cannot_connect_to_my_server%3F
http://wiki.navicat.com/wiki/index.php/Connection

Another means is trying to connect to other just to see if really any issue
http://wiki.navicat.com/wiki/index.php/Why_I_cannot_connect_to_testing_server%3F

The latest Navicat download - system req also state OS supported
http://www.navicat.com/products/navicat-for-mysql-release-note
http://www.navicat.com/products/navicat-for-mysql

There is also Navicat Essentials support of MySQL versions from 3.21 or above.
http://www.navicat.com/products/navicat-essentials
0
 

Author Comment

by:David Smithstein
ID: 39290092
The error is "2005 - Unknown MySQL server host - " then the IP address used for the connection.

I would love to build in SSH tunneling into the products connection routine, but haven't found a decent resource to work off of yet in terms of how that might work.

It's going to take me a while to look at all of these links.

David
0
 
LVL 63

Expert Comment

by:btan
ID: 39290287
This is usually the case when name resolving doesn't work on the host. If your connect destination is always the same, you might want to use its IP address for connecting instead. Provided they allow from your IP address... I was even thinking of telnet (if allow) into the port 3306 to see it allows your machine specifically...to see any errors from your access

I was even thinking if your machine goes through proxy and get translated to certain allowed source IP, will it still passed but this is even more non-trivial and going a bit of penetrating too certain extend. If you used another new machine - also the same problem from home..
0
 

Author Comment

by:David Smithstein
ID: 39290412
I am using their IP address for the connection.

I asked them to open port 3306 for my fixed IP address, but they just opened the port to all IP addresses, which is why everything worked from my clients house when he tried to connect.

If I was going through a proxy that was preventing the connection, is there anything I can do about it?
0
 
LVL 63

Expert Comment

by:btan
ID: 39291961
Can it even telnet 3306 using your ip assuming the firewall allows that? trying to see that also is also dropped. Possible to see client server running netstat -lp | grep 3306 (you should see PID/Program name in last column) to see any other program using that port ....rightfully not....hopefully there is no listening of 3306 in your local host as well as different NIC and IP address assigned ...

SSH tunneling is another mean using PuTTY port forwarding  - at least it seems to

http://sudarmuthu.com/blog/accessing-mysql-safely-using-port-forwarding-with-putty

http://www.eaktion.com/blog/2011/12/25/connecting-access-to-mysql-through-a-ssh-tunnel-using-putty-and-port-forwarding/
0
 

Author Comment

by:David Smithstein
ID: 39292191
The telnet connection times out with "connect failed" message
0
 
LVL 63

Expert Comment

by:btan
ID: 39292200
If try in other areas and same error likely is firewall dropping but it passed then really there is something of an issue. Tunneling will be good try since you can assume 'local' to access but subjected to client call..
0
 

Author Comment

by:David Smithstein
ID: 39330972
So I tried to connect from two different internet access points this weekend that eliminated my router from the connection attempt.  I was still denied access.

When you say the firewall dropped the connection, are you referring to the client's firewall?  Why would it drop my connection attempt and not my client's remote access attempt if there are no specific settings on the client's router designed to do that?
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39331977
Looks like there is certain machine specific that is disallowing your access as a whole. I am wondering if there is any http port 80/443 mgmt service at the client end that you can try to access instead of port specific to see if blocking is due to machine IP or MAC filter etc. SSH remote access is also good but depends on client end to allow for your testing.

I am alluding to firewall as a whole including endpoint and network. But not specific to your machine as I suspect client side instead ... it is quite tough to see unless we know the client perimeter defences and where it is specifically block - or simply by the MySQL
0
 

Author Closing Comment

by:David Smithstein
ID: 39340667
I'm accepting this as a solution to recognize the work that went into establishing that we are more suspicious of the client's network/firewall settings than anything I can do to my system to allow the connection.  

Unfortunately the client's IT environment is this regards is not easily accessible for troubleshooting, so a successful resolution does not seem possible at this time.
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question