Score:1

Server

Forward default mySQL port to a different port for outgoing traffic to a specific IP or Domain

blueionRich

6/20/24, 8:13 PM

We're using a hosted mySQL Database server which generates a port other than the default 3306, which we have no control over.

We'd like to not have to make changes to our existing connection scripts on all our Ubuntu 22 application servers since most typically use the default 3306 to connect to any mysql host.

Is there a way with Iptables or some other technique on our Ubuntu servers to automatically port forward the outgoing connection from port 3306 to (let's say) port 11728 for a specific domain or IP?

Meaning, if we try a mysql connection from our web server to mydatabase.somehost.com and port 3306, it will redirect the connection out automatically to port 11728?

We'd certainly like to specify that rule by the hostname/ip so that we don't then affect the possibility of some other connection meant for the default 3306 to also forward to that one port.

Is this possible?

2 + 2

mysql

ubuntu

debian

iptables

port-forwarding

Rick James

6/21/24, 7:40 PM

Might "ssh" provide the technique?

blueionRich

6/22/24, 11:12 AM

how would that be used for this?

Score:0

Server

symcbean

6/21/24, 9:02 AM

While you could fudge it with iptables, why bother? After all you need some abstraction between your DBMS and application to handle failover to a backup DBMS (and VIPs suck). Just configure whatever you are using (e.g. haproxy, sqlproxy) to connect to a different port.

+ 3

blueionRich

6/22/24, 11:06 AM

I'm not sure I'm following. On my web server, I'd like to essentially do the following: `mysql -u root -p -h mydbserver.com` and it'll attempt to connect by the default 3306 Instead I'd like that to route to mydbserver.com:16277 so as to not have to specify the different port for that particular DB server. Main thing being a bunch of websites on the webserver already have their applications (wordpress, laravel, etc) using the default 3306. Rather than having to change all the scripts to specify that unique port number, I won't have to touch anything.

symcbean

6/22/24, 11:35 AM

Yes - but unless you actually want downtime/noscalability you should be connecting a local proxy.

blueionRich

6/22/24, 2:47 PM

I'd need a bit more help on understanding what that does and how to implement as an example for my specific needs, please.

Score:0

Server

Riley Scott Jacob

6/22/24, 7:15 PM

Using iptables:

# iptables -t nat -A OUTPUT --destination x.x.x.x -p tcp --dport 3306 -j DNAT --to-destination x.x.x.x:11728

Where x.x.x.x is the address for your database server. Of course, swap 11728 for whatever port the machine is actually listening on.

+ 4

blueionRich

6/23/24, 2:01 PM

Thanks Riley.. this is exactly what I needed. It worked correctly based on using the resolved IP address of the DB server. However, is it possible to use this method using a FQDN since that IP may change at times (if master DB failsover)? Also, I couldn't find the rule I added doing an "iptables -L" Where can I see it so I can also remove it as needed? Thanks

Riley Scott Jacob

6/23/24, 2:19 PM

`iptables` only works with IPs. Do you have access to the DB server itself? You could use a rule on the DB server to forward 3306 -> 11728 for incoming traffic

Riley Scott Jacob

6/23/24, 2:24 PM

You need to specify the table: `iptables -t nat -L --line-numbers`

blueionRich

6/23/24, 3:16 PM

Thanks.. I did find it with that nat specification. I don't have access to the DB server to do that otherwise I would change the port to 3306 myself. It's a managed DB server, thus why I am trying to work with the random port assignments. I am going to check with the hosting company on if the IP does infact change on a promotion to master. If not, IP will work. Otherwise, I could write cron script to check the IP of the fqdn regularly and update IP tables if it differs. Thanks for your suggestion, although I can't upvote your answer (new reputation). Hopefully others will.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Forward default mySQL port to a different port for outgoing traffic to a specific IP or Domain

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.