Practical MySQL & MariaDB

What Is the Default MySQL Port? How to Check, Change, and Secure It (3306 Explained)

Server Management
目次

1. What Is the Default MySQL Port?

MySQL Port Number and Its Role

MySQL uses port 3306 by default for communication. A port number is used to distinguish multiple services on a network and is an essential element of the TCP/IP protocol. By assigning different port numbers to each service, multiple processes can run simultaneously on the same server.

In the case of MySQL, clients connect to the server through port 3306 to perform database operations. For example, MySQL Workbench and other database tools use this port to access the database.

Why Is Port 3306 Used?

Port 3306 is the standard port for MySQL and is used in many default configurations. By using this port, application developers can access the database without special configuration, making setup simple and convenient. However, because it may pose security risks, proper management is required.

2. How to Check the MySQL Port

Checking via Command

To check the port currently used by the MySQL server, run the following command:

SHOW VARIABLES LIKE 'port';

This command displays which port the server is using. In many cases, it is the default port 3306, but it may have been changed depending on the configuration.

Checking in the Configuration File

You can also verify the port number by checking the settings in the my.cnf file (or my.ini on Windows). This configuration file is typically located in the following paths:

  • Linux: /etc/mysql/my.cnf
  • Windows: C:\ProgramData\MySQL\MySQL Server\my.ini

The port setting in this file defines the port number in use.

[mysqld]
port=3306

By checking this file, you can identify the currently configured port number.

3. How to Change the MySQL Port

Reasons for Changing the Port

There are several reasons to change the default MySQL port. First, as a security measure, attackers often target the default port 3306, so changing it to another port can help reduce risk. Additionally, if you run multiple MySQL instances on the same server, each instance must use a different port.

Steps to Change the Port

To change the MySQL port, edit the configuration file my.cnf. For example, if you want to change the port number to 3307, modify the setting as follows:

[mysqld]
port=3307

After saving the configuration, restart the MySQL server. On Linux, you can restart it with the following command:

sudo systemctl restart mysql

On Windows, you need to restart the MySQL service. Also, do not forget to update your firewall settings to allow traffic on the new port number.

4. Security Measures

Risks of Opening the Port

Opening the MySQL port to external access introduces security risks. Attackers may perform port scans and attempt unauthorized access by targeting the default port 3306. Therefore, implementing security measures is essential to protect your server.

Firewall Configuration and Access Restrictions

By configuring a firewall and allowing connections only from specific IP addresses, you can prevent unauthorized access. For example, using iptables on Linux, you can configure the server so that only a specified IP address can access port 3306.

sudo iptables -A INPUT -p tcp -s <allowed_ip_address> --dport 3306 -j ACCEPT

Additionally, it is recommended to use an SSH tunnel to encrypt access to MySQL. This ensures that external connections do not directly access the port but instead pass through a secure, encrypted channel.

Implementing SSL/TLS

It is also recommended to implement SSL/TLS to encrypt communication between the MySQL server and clients. This protects data transmitted over the network and reduces the risk of eavesdropping or tampering.

5. Troubleshooting MySQL Port Issues

Port Conflicts

If the port used by MySQL conflicts with another service, you will need to change the port. For example, if another application is using the same port, MySQL may fail to start or function properly. In this case, follow the previously described steps to change the port number.

External Connection Issues

If you cannot connect to MySQL from an external host, the issue may be related to firewall settings or the MySQL configuration file. To allow external connections, set bind-address to 0.0.0.0 in the MySQL configuration file to accept connections from all addresses.

[mysqld]
bind-address = 0.0.0.0

In addition, make sure the appropriate port is opened in your firewall settings.

6. Best Practices for MySQL Ports

Using a Custom Port

If you choose not to use the default port 3306, setting a random high port number is considered a security best practice. This approach helps reduce exposure to automated port scanning attacks, especially when allowing external access.

Monitoring Logs

Regularly monitoring MySQL connection logs and error logs helps you detect security incidents at an early stage. If abnormal access is identified, it is important to respond immediately. Log monitoring should be part of your overall security management strategy.

7. Conclusion

In this article, we covered the fundamentals of MySQL ports and essential security measures. While the default port 3306 is commonly used, it is important to change the port when necessary and implement security measures such as firewall configuration and SSH tunneling. We also discussed common troubleshooting steps for external connection issues. By performing regular log monitoring and security checks, you can operate your MySQL server safely and securely.