How to Fix MariaDB Remote Connection Refused Error – Complete Troubleshooting Guide


2 views

When your MariaDB instance only listens on localhost (127.0.0.1) as shown in your netstat output:

tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      16884/mysqld

This indicates MariaDB is explicitly configured to only accept local connections, regardless of your user permissions.

You'll need to modify the bind-address parameter in MariaDB's configuration. On Ubuntu 16.04, this is typically found in:

sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf

Look for and modify these lines:

[mysqld]
bind-address = 0.0.0.0
skip-networking = OFF

After making configuration changes, verify MariaDB is listening on all interfaces:

sudo netstat -tulnp | grep mysql
# Should show:
tcp6       0      0 :::3306                 :::*                    LISTEN      pid/mysqld

While you mentioned firewalld isn't installed, Ubuntu 16.04 uses ufw by default. Ensure the port is open:

sudo ufw allow 3306/tcp
sudo ufw enable
sudo ufw status

Your user creation was correct, but ensure proper privileges:

GRANT ALL PRIVILEGES ON *.* TO 'anon'@'%' IDENTIFIED BY '';
FLUSH PRIVILEGES;

From your local machine, test with:

mysql -h your_server_ip -u anon -p

If still failing, check these diagnostic commands:

# Check if port is open remotely
nc -zv your_server_ip 3306

# Check MariaDB error logs
sudo tail -f /var/log/mysql/error.log

# Check system logs for firewall blocks
sudo journalctl -xe

For temporary access or debugging, you can use SSH tunneling:

ssh -L 3306:localhost:3306 your_user@your_server_ip

Then connect locally to 127.0.0.1:3306

When MariaDB refuses remote connections despite proper user permissions and firewall settings, we're typically looking at one of three fundamental configuration issues:

# Diagnostic command to check listening interface
sudo netstat -ntlup | grep mysql

# Expected output for remote access:
# tcp6       0      0 :::3306      :::*      LISTEN      12345/mysqld

While you've checked the main my.cnf, MariaDB 10.x on Ubuntu uses a split configuration:

# Check all active configuration files
grep -r "bind-address" /etc/mysql/

# Create/edit the specific override file
sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf

Add or modify these critical directives:

[mysqld]
bind-address = 0.0.0.0
skip-networking = OFF

Even with '%' host, specific grants might be missing:

-- For the specific troubleshooting case mentioned
GRANT USAGE ON *.* TO 'anon'@'%';
FLUSH PRIVILEGES;

-- Verify with:
SHOW GRANTS FOR 'anon'@'%';

Modern Ubuntu systems often use both iptables and ufw. A comprehensive check:

# Check all filtering rules
sudo iptables -L -n -v | grep 3306
sudo ufw status numbered

# Temporary allow if testing
sudo ufw allow 3306/tcp

Ubuntu's mandatory access control might interfere:

# Check AppArmor status
sudo aa-status | grep mysql

# Edit the profile if needed
sudo nano /etc/apparmor.d/usr.sbin.mysqld

Add these lines if missing:

/var/run/mysqld/mysqld.sock rw,
/var/run/mysqld/mysqld.pid rw,

Beyond simple telnet, use these diagnostic tools:

# Check if port is actually open
nc -zv your_server_ip 3306

# Test from another machine
mysql -h your_server_ip -u anon -p -e "SELECT @@version;"

# Network route check
traceroute -T -p 3306 your_server_ip

When enabling remote access, monitor these metrics:

# Check connection threads
SHOW STATUS LIKE 'Threads_connected';

# Monitor connection rate
SHOW STATUS LIKE 'Connections';
SHOW STATUS LIKE 'Aborted_connects';