Unanswered Question
Jul 20th, 2010


I have a system with LAN IP where an application is running which will connect to a public server and download some files.

But I need to open a port 3306 for this.

The local LAN IP is

The public IP is

Port is 3306.

Can someone help me to open a port in the firewall ?

To connect to the B2G database you (your computer settings, your personal firewall) and your institute (institutes firewall, providers network settings) has to permit outgoing tcp connections on port 3306.

Please help me with routing table.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
west33637 Tue, 07/20/2010 - 12:57

Hello Tonio. What kind of firewall is it? Or what kind of device are you going through to get to this outside server?

Also, can you ping that outside server from your system? If yes, can you trace to the outside server from your system. If yes, can you telnet to port 3306 from your system. Thanks

telnet 3306



George K John Tue, 07/20/2010 - 16:57

Yes, I am able to PING. I use cisco ASA5500


Without firewall I am able to connect and work.

Need to know how to create an access list.

Thank you


Nagaraja Thanthry Tue, 07/20/2010 - 17:10


Typically (unless you have configured exclusively), the firewall allows all outbound connections from the internal network. Please issue the following command to see if there is any rule configured on the inside interface:

show run access-group

If you do not find any access-group attached to the inside interface, then everything is allowed from inside to outside. If you did find an access-group attached to the inside interface, then please add a line to allow the port:

access-list line 1 permit tcp any host eq 3306

Hope this helps.



George K John Tue, 07/20/2010 - 20:47

Thank you for the reply. Here is the group I have it in my router

access-group acl_out in interface outside
access-group acl_in in interface inside



Nagaraja Thanthry Tue, 07/20/2010 - 20:57


Can you please post the output of "show run access-list acl_in" command here?



Nagaraja Thanthry Tue, 07/20/2010 - 21:12


Please try this command:

access-list acl_in line 1 permit tcp any host eq 3306

Hope this helps.



George K John Tue, 07/20/2010 - 22:09

Seems to be it is working.

Thank you so much.

Can you help me in one more thing?

I need to open a port 4444 in the firewall to access something on a public server.

Can you please give me the command?

Also I have my web server in DMZ.

But when users connect to VPN they will not be able to browse the site. Always they need to disconnect VPN and access the server.

Is there any NATing I need to do for accessing web server without disconnecting VPN.

When I connect to VPN I get an IP range of

My server IP is

Thank you so much


Nagaraja Thanthry Tue, 07/20/2010 - 22:17


In order for you to access the public server on port 4444, please try the

following command:

Access-list acl_in line 2 permit ip any host eq


With regard to VPN clients not able to access the webserver issue, please

try the following:

Access-list nonat_dmz permit ip

Nat (dmz) 0 access-list nonat_dmz

Hope this helps.



Note: Please do not forget to rate the useful posts.


This Discussion