I think I’m due another geek post. I haven’t indulged in one for a while and I want to press home what I learned today.
The challenge was to get an application running on a Windows box talking to a database server on a Linux box. Both were on the same network – in fact, both were virtual machines running under VirtualBox on the same host computer. However, while I could see the server from the client machine (ping, browsing a website it hosts) I couldn’t see the database.
A bit of digging back through my notes to a similar situation I encountered in the past prompted me to look at the MySQL configuration file, /etc/mysql/my.cnf under Ubuntu 14.04. It turned out I needed to comment out the bind-address parameter which was preventing the database from responding to requests from anywhere except the local machine. Unfortunately the two options in that file are ‘limit to one IP address’ or ‘open access to all IP addresses’ but at least (after restarting mysql: sudo service mysql restart) that got the client machine working.
That does of course create a potential security hole. Although the attack surface is limited by being on a virtual machine that is only for some of the time that the host is running and the host being a laptop that is only on some of the time itself, I wanted to pin it down a bit more so it was into iptables to create a few rules – go ahead and accept mysql connections from yourself and the client machine but ditch anything else.
A little more testing and I appear to be in business. Not that complicated and hopefully something I will remember next time I need it but an example of why I am very hesitant to estimate how long something will take or to rely on someone else’s estimate of their own ability to deliver; there are often a couple of tweaks needed to get something working and a couple more to ensure that the setup is still safe and secure.