Forum Discussion

Martin_Vlasko's avatar
Martin_Vlasko
Icon for Altocumulus rankAltocumulus
Jul 10, 2018

Access to F5's mysql from remote server

Hi there,

I need to export a lot of learning suggestions from the ASM together with request data which triggered these suggestions.

GUI does not allow to export learning suggestions.

I realized that ASM learning suggestions are stored in the local mysql database PRX, to which I have access from F5's CLI as the 'asm' user.

In order to work with these data efficiently and also because F5 does not allow me to install additional Python modules directly on the F5, I thought I could connect to this database from my remote server.

But it looks like the F5 is refusing TCP/3306 connections although the 'asm' user is granted required privileges:

GRANT USAGE ON *.* TO 'asm'@'%' IDENTIFIED BY PASSWORD '****'

I assume that mysql is only allowing local connections from localhost, but I cannot verify it because I am not able to find the my.cnf on the F5 system.

I tried connecting through management interface and also selfIP, but nothing worked. Port lock-down for my selfIP is allow any.

According to netstat, F5 should be listening to port 3306 on all interfaces:

tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      19397/mysqld

TCPDUMP on the last firewall in front of the F5 shows me SYN reaching the F5 and immediate RST sent back from the F5.

Any ideas how to connect to F5 mysql from remote server? What do I need to check further? Is it even allowed by the system?

thanks.

  • At the end I figured this out myself.

     

    Remote connections to mysql are rejected by iptables.

     

    Adding new ALLOW rule to INPUT chain allows me to connect from remote server now.