Remote access to port 3306
A client and I are trying to figure out why he can connect from his house using a Windows 8 computer to his company server using Navicat to manage MySQL through port 3306 he just opened and I can't using my Windows 7 computer from my house.
He is also able to open a remote desktop session, and I can't.
He can also establish a VPN connection, and I can't using the exact same settings.
He can also ping his server IP address, and I can't.
However, I am able to do all these things with other customer's as well as a data center I use, but I'm blocked from connecting to his company server. (The data center will open ports to specific IP addresses on request, which I've done to connect from my house.)
My client also has other employees who connect remotely to his company network/server as well.
The symptoms all seem to suggest a compatibility issue, as if there is some characteristic in my IT landscape that doesn't work with something in his landscape.
Does this sound like anything anyone is familiar with, or has a suggestion where to look next?
Thanks,
David
He is also able to open a remote desktop session, and I can't.
He can also establish a VPN connection, and I can't using the exact same settings.
He can also ping his server IP address, and I can't.
However, I am able to do all these things with other customer's as well as a data center I use, but I'm blocked from connecting to his company server. (The data center will open ports to specific IP addresses on request, which I've done to connect from my house.)
My client also has other employees who connect remotely to his company network/server as well.
The symptoms all seem to suggest a compatibility issue, as if there is some characteristic in my IT landscape that doesn't work with something in his landscape.
Does this sound like anything anyone is familiar with, or has a suggestion where to look next?
Thanks,
David
Need a little more information.
Are you connecting from a house line or business line?
What is your gateway device?
Do you have Windows firewall on? (it can hurt ping efforts sometimes depending on the configuration)
Can you traceroute to the database IP?
Who is your provider? Do they do any type of filtering? (sometimes ISP's filter common ports that are known to be misused a lot though usually its on the server end, still worth considering)
What kind of VPN are you using? If IPSec, is it configured to use NAT-T?
Are you connecting from a house line or business line?
What is your gateway device?
Do you have Windows firewall on? (it can hurt ping efforts sometimes depending on the configuration)
Can you traceroute to the database IP?
Who is your provider? Do they do any type of filtering? (sometimes ISP's filter common ports that are known to be misused a lot though usually its on the server end, still worth considering)
What kind of VPN are you using? If IPSec, is it configured to use NAT-T?
ASKER
-House line through a D-Link router
-Windows Firewall is off
-Traceroute will trace the route to the Database IP address
-Comcast cable is my provider, but if they were filtering this port I wouldn't be able to connect to anyone, right? and I can connect to multiple other remote databases both in and outside of California.
-VPN is set to automatic to match the clients settings that work for him, but this is not my primary issue. I don't really want to set up a VPN connection, I just want them to open port 3306 to my IP address so I can use Navicat to manage their MySQL database that supports my software application. Instead they simply opened the port, but even so I can't connect to it while the client was able to download a Navicat trail version and connect just fine.
Is it possible to have a compatibility issue that is specific to the interaction between my router and theirs? That's the only thing I can think of that fits the symptoms.
-Windows Firewall is off
-Traceroute will trace the route to the Database IP address
-Comcast cable is my provider, but if they were filtering this port I wouldn't be able to connect to anyone, right? and I can connect to multiple other remote databases both in and outside of California.
-VPN is set to automatic to match the clients settings that work for him, but this is not my primary issue. I don't really want to set up a VPN connection, I just want them to open port 3306 to my IP address so I can use Navicat to manage their MySQL database that supports my software application. Instead they simply opened the port, but even so I can't connect to it while the client was able to download a Navicat trail version and connect just fine.
Is it possible to have a compatibility issue that is specific to the interaction between my router and theirs? That's the only thing I can think of that fits the symptoms.
What is the specific error reported in MySQL (with logging)?
Have tried configured SSH tunnel connection and then try connecting to thru Navicat again?
http://wiki.navicat.com/wiki/index.php/Why_I_cannot_connect_to_my_server%3F
http://wiki.navicat.com/wiki/index.php/Connection
Another means is trying to connect to other just to see if really any issue
http://wiki.navicat.com/wiki/index.php/Why_I_cannot_connect_to_testing_server%3F
The latest Navicat download - system req also state OS supported
http://www.navicat.com/products/navicat-for-mysql-release-note
http://www.navicat.com/products/navicat-for-mysql
There is also Navicat Essentials support of MySQL versions from 3.21 or above.
http://www.navicat.com/products/navicat-essentials
Have tried configured SSH tunnel connection and then try connecting to thru Navicat again?
http://wiki.navicat.com/wiki/index.php/Why_I_cannot_connect_to_my_server%3F
http://wiki.navicat.com/wiki/index.php/Connection
Another means is trying to connect to other just to see if really any issue
http://wiki.navicat.com/wiki/index.php/Why_I_cannot_connect_to_testing_server%3F
The latest Navicat download - system req also state OS supported
http://www.navicat.com/products/navicat-for-mysql-release-note
http://www.navicat.com/products/navicat-for-mysql
There is also Navicat Essentials support of MySQL versions from 3.21 or above.
http://www.navicat.com/products/navicat-essentials
ASKER
The error is "2005 - Unknown MySQL server host - " then the IP address used for the connection.
I would love to build in SSH tunneling into the products connection routine, but haven't found a decent resource to work off of yet in terms of how that might work.
It's going to take me a while to look at all of these links.
David
I would love to build in SSH tunneling into the products connection routine, but haven't found a decent resource to work off of yet in terms of how that might work.
It's going to take me a while to look at all of these links.
David
This is usually the case when name resolving doesn't work on the host. If your connect destination is always the same, you might want to use its IP address for connecting instead. Provided they allow from your IP address... I was even thinking of telnet (if allow) into the port 3306 to see it allows your machine specifically...to see any errors from your access
I was even thinking if your machine goes through proxy and get translated to certain allowed source IP, will it still passed but this is even more non-trivial and going a bit of penetrating too certain extend. If you used another new machine - also the same problem from home..
I was even thinking if your machine goes through proxy and get translated to certain allowed source IP, will it still passed but this is even more non-trivial and going a bit of penetrating too certain extend. If you used another new machine - also the same problem from home..
ASKER
I am using their IP address for the connection.
I asked them to open port 3306 for my fixed IP address, but they just opened the port to all IP addresses, which is why everything worked from my clients house when he tried to connect.
If I was going through a proxy that was preventing the connection, is there anything I can do about it?
I asked them to open port 3306 for my fixed IP address, but they just opened the port to all IP addresses, which is why everything worked from my clients house when he tried to connect.
If I was going through a proxy that was preventing the connection, is there anything I can do about it?
Can it even telnet 3306 using your ip assuming the firewall allows that? trying to see that also is also dropped. Possible to see client server running netstat -lp | grep 3306 (you should see PID/Program name in last column) to see any other program using that port ....rightfully not....hopefully there is no listening of 3306 in your local host as well as different NIC and IP address assigned ...
SSH tunneling is another mean using PuTTY port forwarding - at least it seems to
http://sudarmuthu.com/blog/accessing-mysql-safely-using-port-forwarding-with-putty
http://www.eaktion.com/blog/2011/12/25/connecting-access-to-mysql-through-a-ssh-tunnel-using-putty-and-port-forwarding/
SSH tunneling is another mean using PuTTY port forwarding - at least it seems to
http://sudarmuthu.com/blog/accessing-mysql-safely-using-port-forwarding-with-putty
http://www.eaktion.com/blog/2011/12/25/connecting-access-to-mysql-through-a-ssh-tunnel-using-putty-and-port-forwarding/
ASKER
The telnet connection times out with "connect failed" message
If try in other areas and same error likely is firewall dropping but it passed then really there is something of an issue. Tunneling will be good try since you can assume 'local' to access but subjected to client call..
ASKER
So I tried to connect from two different internet access points this weekend that eliminated my router from the connection attempt. I was still denied access.
When you say the firewall dropped the connection, are you referring to the client's firewall? Why would it drop my connection attempt and not my client's remote access attempt if there are no specific settings on the client's router designed to do that?
When you say the firewall dropped the connection, are you referring to the client's firewall? Why would it drop my connection attempt and not my client's remote access attempt if there are no specific settings on the client's router designed to do that?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm accepting this as a solution to recognize the work that went into establishing that we are more suspicious of the client's network/firewall settings than anything I can do to my system to allow the connection.
Unfortunately the client's IT environment is this regards is not easily accessible for troubleshooting, so a successful resolution does not seem possible at this time.
Unfortunately the client's IT environment is this regards is not easily accessible for troubleshooting, so a successful resolution does not seem possible at this time.
http://dev.mysql.com/doc/refman/5.5/en/access-denied.html