🔓 Opening Port 3306 on SME Server
+-----------------------------------------------------+
| Opening port 3306 on SME Server |
+-----------------------------------------------------+Overview
By default, SME Server restricts MySQL access to local connections only. This guide explains how to safely enable remote access for MySQL (port 3306) on SME Server, including both manual and e-smith recommended methods.
⚙️ Procedure
1. Check listening ports
netstat -antExample output (before opening port 3306):
[root@smeserver root]# netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:548 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN2. Recommended method for SME 6.x (e-smith)
expand-template /etc/hosts.allow
signal-event firewall-adjustThis ensures firewall rules are applied safely and persistently.
3. Manual MySQL configuration (if needed)
Edit /etc/my.cnf and comment out or remove:
bind-address = 127.0.0.1Restart MySQL:
service mysqld restartVerify:
netstat -ant | grep 3306Example output (after opening port 3306):
[root@smeserver root]# netstat -ant | grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN4. Manual firewall configuration (if not using e-smith)
iptables -I INPUT -p tcp --dport 3306 -j ACCEPT
service iptables save
service iptables restartConfirm again:
netstat -ant | grep 3306📝 Notes & Tips
- Always use e-smith commands where possible to prevent updates from overwriting manual changes.
- Only allow access from trusted hosts.
- Avoid granting full root-level MySQL access remotely.
- Check
/etc/my.cnfforbind-addresssettings before enabling remote access. - Retro-style ASCII headers are optional but keep the page familiar for long-time JACSoft users.