There was a problem loading the comments.

How to Allow Remote MySQL Connections from a Specific IP

Support Portal  »  Knowledgebase  »  Viewing Article

  Print

Quick answer: Allow remote MySQL from one IP by setting bind-address to accept network connections, granting the user access from that specific IP (never the wildcard), and opening port 3306 in the firewall scoped to the same address. Test with mysql -h server-ip -u user -p.

MySQL on a Linux server listens only to the local machine by default. To let an external application or a desktop tool connect, you must bind MySQL to the network, grant the user remote access, and open the firewall - and do it without exposing the database to the whole internet.

1. Allow MySQL to listen on the network

Edit the MySQL config (/etc/my.cnf or /etc/mysql/mysql.conf.d/mysqld.cnf) and set the bind address so the server accepts external connections:

bind-address = 0.0.0.0

Restart MySQL afterwards: systemctl restart mysqld (or mysql).

2. Grant the user access from a specific IP

Create or update the user so it may connect from your application's IP only - never use the % wildcard for production:

CREATE USER 'appuser'@'203.0.113.10' IDENTIFIED BY 'strong-password';
GRANT ALL PRIVILEGES ON yourdb.* TO 'appuser'@'203.0.113.10';
FLUSH PRIVILEGES;

Replace 203.0.113.10 with the exact IP that will connect.

3. Open the firewall to that IP only

Scope port 3306 to the same address rather than opening it to everyone:

# firewalld
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=203.0.113.10 port port=3306 protocol=tcp accept'
firewall-cmd --reload

On a control panel, add the equivalent rule in its firewall section, and in cPanel also add the IP under Remote MySQL.

4. Test and keep it tight

Connect from the allowed machine with mysql -h your-server-ip -u appuser -p. If it fails, re-check the bind address, the user host, and the firewall scope in that order. Leave the access limited to known IPs; an open 3306 port is a frequent breach vector.

Frequently asked questions

Should I use the wildcard for the user host?
No - scope the user and firewall to the exact IP; an open 3306 is a common breach vector.

In cPanel, where do I add the IP?
Under Remote MySQL, add the connecting IP address.

On a SoftSys managed Linux VPS our team sets up scoped remote MySQL access for you, so your application connects securely without the database being reachable by the rest of the internet.


Share via
Did you find this article useful?  

Related Articles

Tags

© Softsys Hosting