Resolved Plesk Firewall port not opening

[Sysop]

I'm attempting to create an additional database server on port 3307, although because the port apparently doesn't open after creating another firewall rule specifically for it the database server cannot be created.

I checked the port via nmap and it appears the firewall rule does not open the port:

# nmap -p 3307 <ip>

Starting Nmap 6.40 ( Nmap: the Network Mapper - Free Security Scanner ) at 2017-03-31 09:14 CEST
Nmap scan report for domain.eu (<ip>)
Host is up (0.000046s latency).
PORT STATE SERVICE
3307/tcp closed opsession-prxy

Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds

I'm not sure how to fix this issue, so any advice is welcomed, thank you.

 

[IgorG]

If I correctly understood, this MySQL server is running on another server?
Why do you think that it is Plesk firewall issue? Are you sure that port is opened on this MySQL server? Check it on MySQL server with

# lsof -i tcp:3307

Then try to connect to this port from your Plesk server with

# telnet xxx.xxx.xxx.xxx 3307

 

[Sysop]

If I correctly understood, this MySQL server is running on another server?
Why do you think that it is Plesk firewall issue? Are you sure that port is opened on this MySQL server? Check it on MySQL server with

# lsof -i tcp:3307

Then try to connect to this port from your Plesk server with

# telnet xxx.xxx.xxx.xxx 3307

Those commands won't do much good without being able to create the database server — Plesk won't allow the database server to be created because the port is not open.

lsof -i tcp:3307 returns nothing...

 

[IgorG]

Plesk won't allow the database server to be created because the port is not open.

lsof -i tcp:3307 returns nothing...

Make sure that MySQL instance which uses port 3307 is up and running.

 

[Sysop]

Igor, Plesk won't allow the database server to be created though... ( see screenshot #3 in the original post ).

The original database server on port 3306 works, the problem is I can't create another one because it apparently stems from not being able to access the new port 3307.

 

[IgorG]

not being able to access the new port 3307.

It is because port 3307 is not initiated by started MySQL instance, but not because it is firewalled. When you start MySQL instance configured for port 3307 and it is correctly started, you should see with mentioned lsof command that port is ready for connections. But you have empty output, that means that MySQL was not started correctly for some reasons. Port can be firewalled for incoming/outgoing connections, right, but is should be ready for connections.

 

[Sysop]

Igor, Shouldn't the port be reachable even without MySQL if there's a Firewall rule that allows it? How am I supposed to configure the port for MySQL if the database server can't be created? I have a MySQL database server running on port 3306, although I'm not able to create another one due to this issue.

 

[IgorG]

Shouldn't the port be reachable even without MySQL if there's a Firewall rule that allows it?

There must be a process that opens port 3307. This process is the MySQL process. If the MySQL is not running, then the port will not be available for connection. The command lsof does not depend on whether the firewall rules works or not. It simply shows that the port is open for connection. If it is not there, then there is no process that initiates it.
Once again - are you sure that MySQL server, configured for port 3307 is up and running?

 

[Sysop]

Igor, How do I configure the port for an instance of MySQL that is not able to be created? It seems that it's a case of the cart coming before the horse. I am sure there is no instance running on port 3307, because it does not allow me to do that.

 

[IgorG]

Well. Here is example.

1. Default MySQL is running:

# lsof -i tcp:3306
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
mysqld 3763 mysql 10u IPv4 64664837 0t0 TCP *:mysql (LISTEN)

2. I change port for this MySQL:

# vi /etc/my.cnf

add line

port = 3307

in [mysqld] section and save changes.

3. Restart mysql:

# /etc/init.d/mysqld restart
Stopping mysqld: [ OK ]
Starting mysqld: [ OK ]

4. Check, that MySQL server works with 3307 port instead of default 3306:

# lsof -i tcp:3306

# lsof -i tcp:3307
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
mysqld 8052 mysql 10u IPv4 69219804 0t0 TCP *psession-prxy (LISTEN)

 

[Sysop]

1. Default MySQL is running:

# lsof -i tcp:3306
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
mysqld 7548 mysql 14u IPv6 434689 0t0 TCP *:mysql (LISTEN)

2. vi /etc/my.cnf

[mysqld]
port = 3307

3. /etc/init.d/mysqld restart

-bash: /etc/init.d/mysqld: No such file or directory

instead did: systemctl restart mariadb

Job for mariadb.service failed because the control process exited with error code. See "systemctl status mariadb.service" and "journalctl -xe" for details.

journalctl -xe reports:

Mar 31 12:20:09 domain.com systemd[1]: Stopping MariaDB database server...
-- Subject: Unit mariadb.service has begun shutting down
-- Defined-By: systemd

-- Unit mariadb.service has begun shutting down.
Mar 31 12:20:10 domain.com mysqld_safe[7365]: 170331 12:20:10 mysqld_safe mysqld from pid file /var/run/mariadb/mariadb.pid ended
Mar 31 12:20:10 domain.com systemd[1]: Starting MariaDB database server...
-- Subject: Unit mariadb.service has begun start-up
-- Defined-By: systemd

-- Unit mariadb.service has begun starting up.
Mar 31 12:20:10 domain.com mysqld_safe[10533]: 170331 12:20:10 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
Mar 31 12:20:10 domain.com mysqld_safe[10533]: 170331 12:20:10 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Mar 31 12:20:12 domain.com mysqld_safe[10533]: 170331 12:20:12 mysqld_safe mysqld from pid file /var/run/mariadb/mariadb.pid ended
Mar 31 12:20:13 domain.com systemd[1]: mariadb.service: control process exited, code=exited status=1
Mar 31 12:20:13 domain.com systemd[1]: Failed to start MariaDB database server.
-- Subject: Unit mariadb.service has failed
-- Defined-By: systemd
-- Support: systemd-devel Info Page
--
-- Unit mariadb.service has failed.

 

[IgorG]

Add port = 3307 to /etc/my.cnf.d/server.cnf and then

# systemctl restart mariadb

 

[Sysop]

Tried including "port = 3307" in each section (separate times) [server],[mysqld],[embedded],[mariadb],[mariadb-5.5]

# systemctl restart mariadb
# systemctl status mariadb.service

● mariadb.service - MariaDB database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2017-03-31 12:31:38 CEST; 1min 14s ago
Process: 11916 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=1/FAILURE)
Process: 11915 ExecStart=/usr/bin/mysqld_safe --basedir=/usr (code=exited, status=0/SUCCESS)
Process: 11887 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS)
Main PID: 11915 (code=exited, status=0/SUCCESS)

Mar 31 12:31:35 domain.com systemd[1]: Starting MariaDB database server...
Mar 31 12:31:35 domain.com mysqld_safe[11915]: 170331 12:31:35 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
Mar 31 12:31:35 domain.com mysqld_safe[11915]: 170331 12:31:35 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Mar 31 12:31:38 domain.com mysqld_safe[11915]: 170331 12:31:38 mysqld_safe mysqld from pid file /var/run/mariadb/mariadb.pid ended
Mar 31 12:31:38 domain.com systemd[1]: mariadb.service: control process exited, code=exited status=1
Mar 31 12:31:38 domain.com systemd[1]: Failed to start MariaDB database server.
Mar 31 12:31:38 domain.com systemd[1]: Unit mariadb.service entered failed state.
Mar 31 12:31:38 domain.com systemd[1]: mariadb.service failed.

# journalctl -xe
--
-- Unit mariadb.service has failed.
--
-- The result is failed.
Mar 31 12:30:14 domain.com systemd[1]: Unit mariadb.service entered failed state.
Mar 31 12:30:14 domain.com systemd[1]: mariadb.service failed.
Mar 31 12:30:42 domain.com systemd[1]: Starting MariaDB database server...
-- Subject: Unit mariadb.service has begun start-up
-- Defined-By: systemd
--
-- Unit mariadb.service has begun starting up.
Mar 31 12:30:43 domain.com mysqld_safe[11371]: 170331 12:30:43 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
Mar 31 12:30:43 domain.com mysqld_safe[11371]: 170331 12:30:43 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Mar 31 12:30:45 domain.com mysqld_safe[11371]: 170331 12:30:45 mysqld_safe mysqld from pid file /var/run/mariadb/mariadb.pid ended
Mar 31 12:30:45 domain.com systemd[1]: mariadb.service: control process exited, code=exited status=1
Mar 31 12:30:45 domain.com systemd[1]: Failed to start MariaDB database server.
-- Subject: Unit mariadb.service has failed
-- Defined-By: systemd
--
-- Unit mariadb.service has failed.
--
-- The result is failed.
Mar 31 12:30:45 domain.com systemd[1]: Unit mariadb.service entered failed state.
Mar 31 12:30:45 domain.com systemd[1]: mariadb.service failed.
Mar 31 12:31:05 domain.com systemd[1]: Starting MariaDB database server...
-- Subject: Unit mariadb.service has begun start-up
-- Defined-By: systemd
--
-- Unit mariadb.service has begun starting up.
Mar 31 12:31:05 domain.com mysqld_safe[11642]: 170331 12:31:05 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
Mar 31 12:31:05 domain.com mysqld_safe[11642]: 170331 12:31:05 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Mar 31 12:31:07 domain.com mysqld_safe[11642]: 170331 12:31:07 mysqld_safe mysqld from pid file /var/run/mariadb/mariadb.pid ended
Mar 31 12:31:08 domain.com systemd[1]: mariadb.service: control process exited, code=exited status=1
Mar 31 12:31:08 domain.com systemd[1]: Failed to start MariaDB database server.
-- Subject: Unit mariadb.service has failed
-- Defined-By: systemd
--
-- Unit mariadb.service has failed.
--
-- The result is failed.
Mar 31 12:31:08 domain.com systemd[1]: Unit mariadb.service entered failed state.
Mar 31 12:31:08 domain.com systemd[1]: mariadb.service failed.
Mar 31 12:31:35 domain.com systemd[1]: Starting MariaDB database server...
-- Subject: Unit mariadb.service has begun start-up
-- Defined-By: systemd
--
-- Unit mariadb.service has begun starting up.
Mar 31 12:31:35 domain.com mysqld_safe[11915]: 170331 12:31:35 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
Mar 31 12:31:35 domain.com mysqld_safe[11915]: 170331 12:31:35 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Mar 31 12:31:38 domain.com mysqld_safe[11915]: 170331 12:31:38 mysqld_safe mysqld from pid file /var/run/mariadb/mariadb.pid ended
Mar 31 12:31:38 domain.com systemd[1]: mariadb.service: control process exited, code=exited status=1
Mar 31 12:31:38 domain.com systemd[1]: Failed to start MariaDB database server.
-- Subject: Unit mariadb.service has failed
-- Defined-By: systemd
--
-- Unit mariadb.service has failed.
--
-- The result is failed.

# cat /var/log/mariadb/mariadb.log

170331 12:20:12 mysqld_safe mysqld from pid file /var/run/mariadb/mariadb.pid ended
170331 12:27:11 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
170331 12:27:11 [Note] /usr/libexec/mysqld (mysqld 5.5.52-MariaDB) starting as process 11010 ...
170331 12:27:11 InnoDB: The InnoDB memory heap is disabled
170331 12:27:11 InnoDB: Mutexes and rw_locks use GCC atomic builtins
170331 12:27:11 InnoDB: Compressed tables use zlib 1.2.7
170331 12:27:11 InnoDB: Using Linux native AIO
170331 12:27:11 InnoDB: Initializing buffer pool, size = 128.0M
170331 12:27:11 InnoDB: Completed initialization of buffer pool
170331 12:27:11 InnoDB: highest supported file format is Barracuda.
170331 12:27:11 InnoDB: Waiting for the background threads to start
170331 12:27:12 Percona XtraDB (Experts in Database Performance Management) 5.5.49-MariaDB-38.0 started; log sequence number 14283283
170331 12:27:12 [Note] Plugin 'FEEDBACK' is disabled.
170331 12:27:12 [Note] Server socket created on IP: '::'.
170331 12:27:12 [Note] Event Scheduler: Loaded 0 events
170331 12:27:12 [Note] /usr/libexec/mysqld: ready for connections.
Version: '5.5.52-MariaDB' socket: '/var/lib/mysql/mysql.sock' port: 3306 MariaDB Server
170331 12:30:10 [Note] /usr/libexec/mysqld: Normal shutdown

170331 12:31:06 InnoDB: Starting shutdown...
170331 12:31:07 InnoDB: Shutdown completed; log sequence number 14283293
170331 12:31:07 [Note] /usr/libexec/mysqld: Shutdown complete

170331 12:31:07 mysqld_safe mysqld from pid file /var/run/mariadb/mariadb.pid ended
170331 12:31:35 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
170331 12:31:35 [Note] /usr/libexec/mysqld (mysqld 5.5.52-MariaDB) starting as process 12112 ...
170331 12:31:36 InnoDB: The InnoDB memory heap is disabled
170331 12:31:36 InnoDB: Mutexes and rw_locks use GCC atomic builtins
170331 12:31:36 InnoDB: Compressed tables use zlib 1.2.7
170331 12:31:36 InnoDB: Using Linux native AIO
170331 12:31:36 InnoDB: Initializing buffer pool, size = 128.0M
170331 12:31:36 InnoDB: Completed initialization of buffer pool
170331 12:31:36 InnoDB: highest supported file format is Barracuda.
170331 12:31:36 InnoDB: Waiting for the background threads to start
170331 12:31:37 Percona XtraDB (Experts in Database Performance Management) 5.5.49-MariaDB-38.0 started; log sequence number 14283293
170331 12:31:37 [Note] Plugin 'FEEDBACK' is disabled.
170331 12:31:37 [Note] Server socket created on IP: '::'.
170331 12:31:37 [ERROR] Can't start server: Bind on TCP/IP port. Got error: 13: Permission denied
170331 12:31:37 [ERROR] Do you already have another mysqld server running on port: 3307 ?
170331 12:31:37 [ERROR] Aborting

170331 12:31:37 InnoDB: Starting shutdown...
170331 12:31:37 InnoDB: Shutdown completed; log sequence number 14283293
170331 12:31:37 [Note] /usr/libexec/mysqld: Shutdown complete

170331 12:31:38 mysqld_safe mysqld from pid file /var/run/mariadb/mariadb.pid ended

 

[IgorG]

Tried including "port = 3307" in each section ([server],[mysqld],[embedded],[mariadb],[mariadb-5.5])

It should be ONLY in [mysql] section:

[mysqld]
port = 3307

 

[Sysop]

Yes, I tried it only in that section — same result.

 

[IgorG]

It works fine for my configuration:

# mysql -V
mysql Ver 15.1 Distrib 5.5.52-MariaDB, for Linux (x86_64) using readline 5.1

# plesk version
Product version: Plesk Onyx 17.0.17 Update #22
Update date: 2017/03/31 04:42
Build date: 2017/03/22 17:00
OS version: CentOS 7.2.1511
Revision: ab6766191d3ba26e7b21255ab007fc7fc56d84c6
Architecture: 64-bit
Wrapper version: 1.2

 

[Sysop]

# mysql -V
mysql Ver 15.1 Distrib 5.5.52-MariaDB, for Linux (x86_64) using readline 5.1

# plesk version
Product version: Plesk Onyx 17.5.3 Update #1
Update date: 2017/03/30 19:55
Build date: 2017/03/17 16:00
OS version: CentOS 7
Revision: 55d1b49a272f44666e1920eca8b6e4da449a38cd
Architecture: 64-bit
Wrapper version: 1.2

This is what stands out to me:

170331 12:31:37 [ERROR] Can't start server: Bind on TCP/IP port. Got error: 13: Permission denied

 

[Sysop]

Igor: It was SELinux causing the issue with the port. Thanks for your help!

Resolved.

# setenforce 0
# getenforce
Permissive

To set permanently (persist on reboot):

# vi /etc/sysconfig/selinux

Change: SELINUX=enforcing:

SELINUX=permissive

...Now the database server can connect to the specified port.