1 Introduction
The number of ports used by MySQL depends on features that are enabled, the components used, how applications connect, and other aspects of your environment.
From a security perspective, ports should only be opened as required to permit system components to communicate. Always practice the principle of least privilege when managing ports, which requires that users, processes, programs, and other system components only have access to information and resources that are required for their legitimate purpose.
How port access is managed depends on different aspects of your environment such as operating system capabilities, firewalls, security tools, use of virtual private networking (VPN), and so on. Some MySQL installation packages assist with port access configuration for core MySQL ports. For example, the MySQL Installer Server package for Windows adds access rules to the Windows firewall, and MySQL for Linux packages add access rules to SELinux or AppArmor. However, MySQL does not assist with less common, optional, or non-MySQL product ports. In these cases, ports must be opened manually with commands such as this one for SELinux:
$> semanage port -a -t mysqld_port_t -p tcp <port_open_to_mysqld>
For more information about setting the SELinux port context for MySQL, see SELinux TCP Port Context.
Some MySQL features use TCP ports that fall within the allowed
local port range on Linux systems (32768 - 61000). For example,
the default MySQL X Protocol port is 33060, and the default MySQL
Administrative Connection Port is 33062. To avoid port conflicts
with other applications, consider configuring the
ip_local_port_range
parameter to limit the
range of ports available for automatic port assignment, or
configure the ip_local_reserved_ports
parameter
to reserve ports used by MySQL. To check your current
ip_local_port_range
and
ip_local_reserved_ports
configurations:
$ cat /proc/sys/net/ipv4/ip_local_port_range
$ cat /proc/sys/net/ipv4/ip_local_reserved_ports
For ip_local_port_range
and
ip_local_reserved_ports
configuration
instructions, refer to your distribution documentation.