Solved

Remote access to port 3306

Posted on 2013-06-24
13
1,833 Views
Last Modified: 2013-07-19
A client and I are trying to figure out why he can connect from his house using a Windows 8 computer to his company server using Navicat to manage MySQL through port 3306 he just opened and I can't using my Windows 7 computer from my house.

He is also able to open a remote desktop session, and I can't.

He can also establish a VPN connection, and I can't using the exact same settings.

He can also ping his server IP address, and I can't.

However, I am able to do all these things with other customer's as well as a data center I use, but I'm blocked from connecting to his company server. (The data center will open ports to specific IP addresses on request, which I've done to connect from my house.)

My client also has other employees who connect remotely to his company network/server as well.

The symptoms all seem to suggest a compatibility issue, as if there is some characteristic in my IT landscape that doesn't work with something in his landscape.

Does this sound like anything anyone is familiar with, or has a suggestion where to look next?

Thanks,
David
0
Comment
Question by:DavidSmithstein
  • 6
  • 6
13 Comments
 
LVL 61

Expert Comment

by:btan
Comment Utility
Specific to 3306 MySQL, this link has few hints for quick troubleshooting - might be easier if you search through based on error message. It help to isolate.

http://dev.mysql.com/doc/refman/5.5/en/access-denied.html
0
 
LVL 25

Expert Comment

by:Cyclops3590
Comment Utility
Need a little more information.

Are you connecting from a house line or business line?
What is your gateway device?
Do you have Windows firewall on? (it can hurt ping efforts sometimes depending on the configuration)
Can  you traceroute to the database IP?
Who is your provider?  Do they do any type of filtering? (sometimes ISP's filter common ports that are known to be misused a lot though usually its on the server end, still worth considering)
What kind of VPN are  you using?  If IPSec, is it configured to use NAT-T?
0
 

Author Comment

by:DavidSmithstein
Comment Utility
-House line through a D-Link router

-Windows Firewall is off

-Traceroute will trace the route to the Database IP address

-Comcast cable is my provider, but if they were filtering this port I wouldn't be able to connect to anyone, right?  and I can connect to multiple other remote databases both in and outside of California.

-VPN is set to automatic to match the clients settings that work for him, but this is not my primary issue.  I don't really want to set up a VPN connection, I just want them to open port 3306 to my IP address so I can use Navicat to manage their MySQL database that supports my software application.  Instead they simply opened the port, but even so I can't connect to it while the client was able to download a Navicat trail version and connect just fine.

Is it possible to have a compatibility issue that is specific to the interaction between my router and theirs?  That's the only thing I can think of that fits the symptoms.
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
What is the specific error reported in MySQL (with logging)?
Have tried configured SSH tunnel connection and then try connecting to thru Navicat again?

http://wiki.navicat.com/wiki/index.php/Why_I_cannot_connect_to_my_server%3F
http://wiki.navicat.com/wiki/index.php/Connection

Another means is trying to connect to other just to see if really any issue
http://wiki.navicat.com/wiki/index.php/Why_I_cannot_connect_to_testing_server%3F

The latest Navicat download - system req also state OS supported
http://www.navicat.com/products/navicat-for-mysql-release-note
http://www.navicat.com/products/navicat-for-mysql

There is also Navicat Essentials support of MySQL versions from 3.21 or above.
http://www.navicat.com/products/navicat-essentials
0
 

Author Comment

by:DavidSmithstein
Comment Utility
The error is "2005 - Unknown MySQL server host - " then the IP address used for the connection.

I would love to build in SSH tunneling into the products connection routine, but haven't found a decent resource to work off of yet in terms of how that might work.

It's going to take me a while to look at all of these links.

David
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
This is usually the case when name resolving doesn't work on the host. If your connect destination is always the same, you might want to use its IP address for connecting instead. Provided they allow from your IP address... I was even thinking of telnet (if allow) into the port 3306 to see it allows your machine specifically...to see any errors from your access

I was even thinking if your machine goes through proxy and get translated to certain allowed source IP, will it still passed but this is even more non-trivial and going a bit of penetrating too certain extend. If you used another new machine - also the same problem from home..
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:DavidSmithstein
Comment Utility
I am using their IP address for the connection.

I asked them to open port 3306 for my fixed IP address, but they just opened the port to all IP addresses, which is why everything worked from my clients house when he tried to connect.

If I was going through a proxy that was preventing the connection, is there anything I can do about it?
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
Can it even telnet 3306 using your ip assuming the firewall allows that? trying to see that also is also dropped. Possible to see client server running netstat -lp | grep 3306 (you should see PID/Program name in last column) to see any other program using that port ....rightfully not....hopefully there is no listening of 3306 in your local host as well as different NIC and IP address assigned ...

SSH tunneling is another mean using PuTTY port forwarding  - at least it seems to

http://sudarmuthu.com/blog/accessing-mysql-safely-using-port-forwarding-with-putty

http://www.eaktion.com/blog/2011/12/25/connecting-access-to-mysql-through-a-ssh-tunnel-using-putty-and-port-forwarding/
0
 

Author Comment

by:DavidSmithstein
Comment Utility
The telnet connection times out with "connect failed" message
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
If try in other areas and same error likely is firewall dropping but it passed then really there is something of an issue. Tunneling will be good try since you can assume 'local' to access but subjected to client call..
0
 

Author Comment

by:DavidSmithstein
Comment Utility
So I tried to connect from two different internet access points this weekend that eliminated my router from the connection attempt.  I was still denied access.

When you say the firewall dropped the connection, are you referring to the client's firewall?  Why would it drop my connection attempt and not my client's remote access attempt if there are no specific settings on the client's router designed to do that?
0
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
Comment Utility
Looks like there is certain machine specific that is disallowing your access as a whole. I am wondering if there is any http port 80/443 mgmt service at the client end that you can try to access instead of port specific to see if blocking is due to machine IP or MAC filter etc. SSH remote access is also good but depends on client end to allow for your testing.

I am alluding to firewall as a whole including endpoint and network. But not specific to your machine as I suspect client side instead ... it is quite tough to see unless we know the client perimeter defences and where it is specifically block - or simply by the MySQL
0
 

Author Closing Comment

by:DavidSmithstein
Comment Utility
I'm accepting this as a solution to recognize the work that went into establishing that we are more suspicious of the client's network/firewall settings than anything I can do to my system to allow the connection.  

Unfortunately the client's IT environment is this regards is not easily accessible for troubleshooting, so a successful resolution does not seem possible at this time.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now