≡ Menu

MySQL/MariaDB Server: Bind To Multiple IP Address

I have MySQL/MariaDB database system running on a FreeBSD/Linux server. The server has multiple ip address. The mysqld used by many websites hosted on two other CentOS Linux based servers. I would like to bind MySQL sever running on a Linux or Unix-like server to more than one IP address such as,, and How can I bind mysqld to multiple ips?

Short answer – No. You can not bind to multiple IP address under MySQL database server either running on FreeBSD or Linux/Unix-like operating systems.

Long answer

From the mysql documentation:

The MySQL server listens on a single network socket for TCP/IP connections. This socket is bound to a single address, but it is possible for an address to map onto multiple network interfaces. The default address is To specify an address explicitly, use the –bind-address=addr option at server startup, where addr is an IPv4 address or a host name. If addr is a host name, the server resolves the name to an IPv4 address and binds to that address. The server treats different types of addresses as follows:

  1. If the address is, the server accepts TCP/IP connections on all server host IPv4 interfaces.
  2. If the address is a “regular” IPv4 address (such as, the server accepts TCP/IP connections only for that particular IPv4 address.

Using a firewall

Consider the following setup:

|                   +==========Server_IP1       |
|  +--------+       |                                      |
|  | mysqld +-------+==========Server_IP2      +-------> LAN/WAN ---->
|  +--------+       |                                      |
|  Server_IP0       +==========Server_IP3 with |
|                                              |
           UNIX/Linux Box called db1.cyberciti.biz


  1. Mysqld server will bind to all IPs on all interfaces.
  2. Use the firewall to control access to the mysqld running on this server. Make sure you only allow connections to 202.54.1.{2,10,15} tcp port # 3306


You update db set Host='' where Db='foo';
mysql> update user set Host='' where user='bar';

Restart / reload the mysql server

Type the following command to restart the mysqld. If you are on Red Hat Enterprise Linux and friends:
# service mysqld restart
Debian Linux and friends use the following command:
# service mysql restart
FreeBSD unix user type the following command to restart the mysql server:
# /usr/local/etc/rc.d/mysql-server stop && /usr/local/etc/rc.d/mysql-server start

How do I test my settings?

Type the following command from client ( to connect to, enter:
[nixcraft@ ]$ mysql -u foo -h -P 3306 -p bar

  1. -u foo : The MySQL user name to use when connecting to the server.
  2. -h : Connect to the MySQL server on the given host/ip address.
  3. -P 3306 : The TCP/IP port number to use for the connection.
  4. bar : The database name.
Share this tutorial on:
{ 8 comments… add one }
  • John December 7, 2012, 11:50 am

    ## Block all connections to 3306 ##
    /sbin/iptables -A INPUT -p tcp –dport 3306 -j DROP
    ### Now, allow,, and ###
    /sbin/iptables -A INPUT -p tcp -d –dport 3306 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp -d –dport 3306 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp -d –dport 3306 -j ACCEPT

    This will not work. The first rule will block all incoming connections. The last three rules will never be checked. More specific rules must be put before more generic rules.

    • Tesra December 8, 2012, 5:16 am

      +1 this need to be fixed ASAP.

      ### Now, allow,, and ###
      /sbin/iptables -A INPUT -p tcp -d –dport 3306 -j ACCEPT
      /sbin/iptables -A INPUT -p tcp -d –dport 3306 -j ACCEPT
      /sbin/iptables -A INPUT -p tcp -d –dport 3306 -j ACCEPT
      ## Block all connections to 3306 ##
      /sbin/iptables -A INPUT -p tcp –dport 3306 -j DROP
    • David Gillies October 25, 2013, 2:58 pm

      Yes, the more specific rules must come first. In addition, the -d flag to iptables indicates the IP address the incoming connection is trying to bind to (i.e. the [d]estination). If you want to deny all incoming connections except those from a given IP address (surely the most common situation) then this must be specified using the -s (i.e. [s]source) flag. So a working ruleset looks more like this:

      iptables -A INPUT -p tcp -s source IP address –dport 3306 -j ACCEPT
      iptables -A INPUT -p tcp –dport 3306 -j DROP

  • John December 8, 2012, 5:35 am

    MySQL server can bind to one IP address or ALL IP addresses on a server. It cannot bind to a specific list of IPs. This article does not state this clearly. It says MySQL cannot bind to multiple IPs. Then it talks about binding to all IPs. Aren’t all IPs multiple?

  • astucee November 3, 2014, 4:16 pm

    Can you have multiple values in bind-address (my.cnf)

  • Mathieu February 17, 2015, 3:39 pm
  • André March 30, 2016, 8:20 pm

    my.cnf is to configure Mariadb (or Mysql), which only accepts one IP reference. (bind-address = x.x.x.x) If is (or missing) all addresses are accepted.
    iptables relates to the firewall, which blocks ports. Specific ports can be unblocked, as shown above. The blockage/unblockage is treated in order. So ports to unblock are listed/processed first. Other ports then are blocked with a single statement, last.

  • Wellington Torrejais da Silva May 19, 2016, 1:12 pm


Security: Are you a robot or human?

Leave a Comment

You can use these HTML tags and attributes: <strong> <em> <pre> <code> <a href="" title="">

   Tagged with: , , , , , , , ,