How to Fix MySQL Remote Connection Error 10060: Firewall, User Privileges and Port Configuration


2 views

The MySQL error 10060 typically indicates a network-level connection failure. This differs from authentication errors (like 1045) because the client can't even establish a TCP connection to the MySQL server. Common triggers include:

  • Firewall blocking port 3306 (or custom port)
  • MySQL server not listening on public interfaces
  • Network routing issues
  • Incorrect bind-address configuration

First, verify MySQL is configured to accept remote connections:

# Check MySQL bind address
SHOW VARIABLES LIKE 'bind_address';

# For modern MySQL/MariaDB (8.0+)
SELECT * FROM performance_schema.host_cache;

If bind_address is set to 127.0.0.1, remote connections won't work. Edit my.cnf/my.ini:

[mysqld]
bind-address = 0.0.0.0
skip-networking = OFF

Creating a user with remote access requires specific host specification:

-- Bad (localhost only)
CREATE USER 'appuser'@'localhost' IDENTIFIED BY 'password';

-- Good (specific IP)
CREATE USER 'appuser'@'192.168.1.100' IDENTIFIED BY 'password';

-- Better (CIDR notation)
CREATE USER 'appuser'@'192.168.1.%' IDENTIFIED BY 'password';

-- Risky (any host)
CREATE USER 'appuser'@'%' IDENTIFIED BY 'password';

-- Grant privileges
GRANT ALL PRIVILEGES ON dbname.* TO 'appuser'@'192.168.1.100';
FLUSH PRIVILEGES;

For Windows Firewall:

# PowerShell command
New-NetFirewallRule -DisplayName "MySQL 3306" -Direction Inbound -LocalPort 3306 -Protocol TCP -Action Allow

For Linux (UFW):

sudo ufw allow from 192.168.1.100 to any port 3306
sudo ufw enable

Use these commands to test connectivity:

# Basic port test (replace with your server IP)
telnet 203.0.113.45 3306

# For Linux servers
sudo netstat -tulnp | grep mysql
sudo ss -tulnp | grep 3306

# For Windows
Test-NetConnection -ComputerName dbserver -Port 3306

When testing with various programming languages:

// Python example
import mysql.connector
try:
    conn = mysql.connector.connect(
        host="203.0.113.45",
        user="remoteuser",
        password="securepass",
        database="appdb",
        connect_timeout=5
    )
except mysql.connector.Error as err:
    print(f"Connection error: {err}")

For JDBC connections, add these parameters:

jdbc:mysql://203.0.113.45:3306/dbname?connectTimeout=5000&socketTimeout=30000

For AWS RDS/Google Cloud SQL:

  • Verify security group inbound rules
  • Check VPC peering/network configurations
  • Ensure public accessibility is enabled (if needed)
  • Review IAM database authentication settings

When direct connection isn't possible:

# SSH tunneling example
ssh -L 3306:localhost:3306 user@dbserver

# Then connect to localhost:3306 from client apps

For production systems, consider:

  • Database connection pooling
  • Read replicas for reporting
  • VPN connections for security

The "Can't connect to MySQL server (10060)" error typically indicates a network-level blockage when attempting remote MySQL connections. This differs from authentication errors (1045) which occur after establishing network connectivity.

1. MySQL Server Configuration:
Verify bind-address in my.cnf/my.ini isn't restricted to localhost:


# For Linux usually in /etc/mysql/my.cnf
[mysqld]
bind-address = 0.0.0.0  # Allows all remote connections
# bind-address = 192.168.1.100  # Specific IP restriction

2. Granting Remote Privileges:
Common mistake is creating users with localhost-only access:


-- Incorrect (localhost-only):
CREATE USER 'remoteuser'@'localhost' IDENTIFIED BY 'password';

-- Correct approach:
CREATE USER 'remoteuser'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'remoteuser'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;

Windows Firewall often requires explicit inbound/outbound rules:


# PowerShell command to verify port status:
Test-NetConnection -ComputerName mysql.server.com -Port 3306

# If using AWS/GCP, security groups need:
- Inbound rule: TCP 3306 from your public IP or 0.0.0.0/0 (not recommended)

Essential commands for connection testing:


# Test basic connectivity:
telnet mysql.server.com 3306

# Linux alternative:
nc -zv mysql.server.com 3306

# Check MySQL port listening:
netstat -tuln | grep 3306  # Linux
netstat -ano | findstr 3306  # Windows

For AWS RDS/Google Cloud SQL:

  • Verify VPC security groups allow your IP
  • Check if public accessibility is enabled
  • For Azure: Enable "Allow access to Azure services"

Common connection patterns with error handling:


# Python example
import mysql.connector
from mysql.connector import errorcode

try:
    cnx = mysql.connector.connect(
        user='remoteuser',
        password='password',
        host='mysql.server.com',
        database='app_db',
        connect_timeout=10  # Prevents indefinite hanging
    )
except mysql.connector.Error as err:
    if err.errno == errorcode.ER_ACCESS_DENIED_ERROR:
        print("Authentication failed")
    elif err.errno == errorcode.ER_BAD_DB_ERROR:
        print("Database doesn't exist")
    elif isinstance(err, mysql.connector.errors.InterfaceError):
        print("Network error (10060): Check firewall/network")
    else:
        print(err)