2

I have two Raspbery PI 3 which I have installed (almost) identical. The configuration of /etc/mysql/mariadb.conf.d/50-server.cnf is identical for both Raspberrys.

Problem: I can only connect to the mysql database of one of these Raspberrys (using MySQL Workbench). So I looked for the problem and found a more "low level" problem: even telnet is not working on one of these Raspberrys.

telnet raspberry1 3306

works perfect, while

telnet raspberry2 3306

tells me that a connection cannot be established.

A ping works from my windows pc to both raspberrys.
A local connection to the MySQL server also works on both Raspberrys.

I even tried to disable any firewall on raspberry2 using sudo /sbin/iptables --flush

When using a port scanner like sudo nmap -sS -O raspberry1 raspberry2 I see that port 3306 is open on raspberry1 but not on raspberry2.

sudo netstat -ln gives me a slightly different output on both RPi's: 

raspberry1:
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN
raspberry2:
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN

Edit:
As mentioned above the file 50-server.cnf is identical on both raspberries - especially the line bind-address = 0.0.0.0 is set in both files.
(I also restarted raspberry2 using sudo /etc/init.d/mysql restart. I even restarted Raspbian.)
I still have no clue where the Local Address 127.0.0.1 comes from.

Where could be differences in the configuration of the second Raspberry Pi?

Michael Hutter
  • 169
  • 2
  • 10

1 Answers1

2

By default, the MariaDB server listens for TCP/IP connections on a network socket bound to a single address [...] In Debian [...] the default bind_address is 127.0.0.1, which binds the server to listen on localhost only.

source: Server System Variables - MariaDB Knowledge Base

sudo netstat -ln shows in the column "Local Address" for your raspberry1 "0.0.0.0:3306" (all IPv4s are allowed to access this device on port 3306) and for your raspberry2 "127.0.0.1:3306" (only localhost is allowed):

raspberry1:
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN
raspberry2:
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN

This is the reason why you can connect to raspberry1 on port 3306, but not to raspberry2 on the same port. To make your raspberry2 accessible just set the correct bind_address in mycnf.

Security advice: If your RPis are not behind a well managed firewall, please read why it is a bad idea to allow direct connections to your databases and how you can configure MariaDB in a safe way for remote client access.

Fabian
  • 1,288
  • 1
  • 10
  • 19