mFabrik - mobile sites, apps, HTML5 and CMS software development » prerouting http://blog.mfabrik.com Freedom delivered. Wed, 03 Aug 2011 09:47:41 +0000 en hourly 1 http://wordpress.org/?v=3.2.1 MySQL bind_address workaround http://blog.mfabrik.com/2008/09/25/mysql-bind_address-workaround/ http://blog.mfabrik.com/2008/09/25/mysql-bind_address-workaround/#comments Thu, 25 Sep 2008 10:34:44 +0000 Mikko Ohtamaa http://blog.redinnovation.com/?p=121 MySQL has an ugly design fault preventing it to listen more than one interface in its bind_address my.conf directive. Thus, you usually cannot connect to the same MySQL instance using localhost and external IP sources.

Here is a workaround based on xinetd daemon. These are sample commands for Ubuntu/Debian.

Go to root

sudo -i

Install xinetd

apt-get install xinetd

Add a new xinetd mapping

pico /etc/xinetd.d/mysql

service mysql
{
    only_from	   = localhost mansikki.redinnovation.com 80.75.108.108 server213-171-218-5.livedns.org.uk 213.171.218.5
    flags          = REUSE
    socket_type    = stream
    wait           = no
    user           = root
    redirect       = 127.0.0.1 3306
    log_on_failure += USERID
    interface 	   = 84.34.147.68
}

Restart xinetd

/etc/init.d/xinetd restart

To debug xinetd:

/etc/init.d/xinetd stop
xinetd -d

xinetd only_from directive also gives an access control by allowed source IP addresses. This protects your MySQL against bots and brute force attacks.

Note that iptables DNAT translation doesn’t work (easily). Localhost packets don’t travel PREROUTING and POSTROUTING chains.

]]> http://blog.mfabrik.com/2008/09/25/mysql-bind_address-workaround/feed/ 0