Accessing the DB server worked on the local machine, but, this was the message I received when attempting to access the it on a remote host.

“ERROR 2003 (HY000): Can’t connect to MySQL server on. . .”

I eliminated some other things as potential causes right away. My permissions for the user and host were set properly. The MySQL server was not started with the “skip-networking” option set, and the server was not restricting TCP access to localhost.

Narrowing this down to a firewall issue was pretty straightforward. First, I stopped the firewall.

/sbin/service iptables stop

Then I tried again to access the DB server remotely and succeeded. When I restarted the firewall, the problem returned.

Searching on the net, I came across this recommendation in many places. Basically, a command to add an entry to open port 3306.

iptables -A INPUT -i eth0 -p tcp -m tcp –dport 3306 -j ACCEPT

I entered this but it still didn’t help. Then, I began to look at the iptables configuration with this command.

ipatables-save

This just writes the iptables entries to STDOUT. What I noticed was that the entry for port 3306 was preceded another line. Here is how the two lines appeared.

-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A INPUT -i eth0 -p tcp -m tcp –dport 3306 -j ACCEPT

I sent the result of the ‘iptables-save’ to a file and then edited this file and switched the order of the two lines above. Then I restarted the firewall.

/sbin/services iptables restart

This worked and my databases have been accessible since.