Karsten Schell wrote:
Since I am running mysqld on my server the port 3306 is open though its not inlcuded in EXTERNAL_TCP services
Did you run nmap on the external side of your packetfilter ?
services I allow: FW_SERVICES_EXT_TCP="ssh smtp www pop3 https domain"
So you intend to provide all those services to the Internet ? Even if mysqld could be reached from outside, there should be easy ways to limit the usability of it by applying suitable rules within the mysql system. To go one step further, you could add al line in /etc/my.cnf that tells mysqld only to listen on one interface, say the LAN side of your server. ---- /etc/my.cnf ---- # The MySQL server [mysqld] port = 3306 bind-address = 192.168.0.254 socket = /var/lib/mysql/mysql.sock ---------------------
any clue why this port is open ?
Maybe the server is there but can't be reached from outside ? netstat or nmap would still report an open port. Obviously you need this open port to connect from inside your LAN to use the mysql server.