Contact Us

If you are interested in our services leave your contact details below and our sales representatives will contact you.

The organization which you represent
Email address we will use to contact you
Longer contact form…
 

  • About

    mFabrik Blog is about mobile and web software development, open source and Linux. We tell exciting tales where business, technology, web and mobile convergence.

    Creative Commons License
    This work is licensed under a Creative Commons Attribution 3.0 Unported License.

MySQL bind_address workaround

Posted on September 25, 2008  by Mikko Ohtamaa
Filed Under linux
Tags: , , , , , , , , ,

MySQL has an ugly design fault preventing it to listen more than one interface in its bind_address my.conf directive. Thus, you usually cannot connect to the same MySQL instance using localhost and external IP sources.

Here is a workaround based on xinetd daemon. These are sample commands for Ubuntu/Debian.

Go to root

sudo -i

Install xinetd

apt-get install xinetd

Add a new xinetd mapping

pico /etc/xinetd.d/mysql

service mysql
{
    only_from	   = localhost mansikki.redinnovation.com 80.75.108.108 server213-171-218-5.livedns.org.uk 213.171.218.5
    flags          = REUSE
    socket_type    = stream
    wait           = no
    user           = root
    redirect       = 127.0.0.1 3306
    log_on_failure += USERID
    interface 	   = 84.34.147.68
}

Restart xinetd

/etc/init.d/xinetd restart

To debug xinetd:

/etc/init.d/xinetd stop
xinetd -d

xinetd only_from directive also gives an access control by allowed source IP addresses. This protects your MySQL against bots and brute force attacks.

Note that iptables DNAT translation doesn’t work (easily). Localhost packets don’t travel PREROUTING and POSTROUTING chains.

 

Other posts by Mikko Ohtamaa

 

Comments

Leave a Reply