MySQL has an ugly design fault preventing it to listen more than one interface in its bind_address my.conf directive. Thus, you usually cannot connect to the same MySQL instance using localhost and external IP sources.
Here is a workaround based on xinetd daemon. These are sample commands for Ubuntu/Debian.
Go to root
sudo -i
Install xinetd
apt-get install xinetd
Add a new xinetd mapping
pico /etc/xinetd.d/mysql service mysql { only_from = localhost mansikki.redinnovation.com 80.75.108.108 server213-171-218-5.livedns.org.uk 213.171.218.5 flags = REUSE socket_type = stream wait = no user = root redirect = 127.0.0.1 3306 log_on_failure += USERID interface = 84.34.147.68 }
Restart xinetd
/etc/init.d/xinetd restart
To debug xinetd:
/etc/init.d/xinetd stop
xinetd -d
xinetd only_from directive also gives an access control by allowed source IP addresses. This protects your MySQL against bots and brute force attacks.
Note that iptables DNAT translation doesn’t work (easily). Localhost packets don’t travel PREROUTING and POSTROUTING chains.