Hero Image
- Mihai Surdeanu

Firewall exception for establishing database remote connection

Do you have a web application deployed on a server and a database solution deployed on another server? Did you managed to start your database remotely, but you encounter issues (Connection refused errors) when you are trying to connect from web application? Are you using DirectAdmin as web control panel for the server where the web app is deployed?

Perfect. Today, I’m going to show you how you can fix the issue. What’s the problem? Most probably the firewall. DirectAdmin is coming with an embedded firewall. The name of the firewall is csf – Config Server Firewall. If your database solution is MySQL, to connect to the server, usually, port 3306 is required. Of course, it depends on how you configured the server part. In other words, a TCP connection is required to establish a communication channel between the server and the client (on port 3306). Since web app is initializing the connection, we need to ensure that port 3306 is open for OUT traffic. On the server side, to be able to connect remotely, we need to have port 3306 open for IN traffic.

How we can achieve this using DirectAdmin?

First step is to login in your DirectAdmin administration panel. As admin, in Extra Features tab we will see a menu item called – ConfigServer Security & Firewall. Under this page, you have a section named – csf – ConfigServer Firewall, with a button – Firewall Configuration. Click on this button. From the new configuration page, we can change two properties: TCP_IN and TCP_OUT. Both of them contains a list of ports, separated by comma. If you want to allow a new port for TCP_IN or TCP_OUT, you need to append your port at the end of the property value.


To save all changes done, you have to click on “Change” button. In order to apply all changed done, you have to restart both csf and lfd.

Happy blocking!

Other Related Posts: