Squid not allowing connection to MySQL on port 3306

I can not connect to MySQL database using VB.Net application, over a remote user connection. I am to browse http and https without any issue but none of the other safe ports are available for communication. Though I am able to connect without the proxy server. MySQL remote connections are established on port number 3306.

Below is the squid.config file; ( I have given an extra space in 'c:' and '\' )


#Modified by Hazee Dec 04 2012
http_port 8080
cache_mgr the_email_id
visible_hostname the_host_name
hierarchy_stoplist cgi-bin ?
cache_mem 64 MB

cache_dir ufs c: /Squid/cache01 1000 16 256
cache_dir ufs c: /Squid/cache02 1000 16 256
cache_dir ufs c: /Squid/cache03 1000 16 256

cache_access_log c: /Squid/var/logs/access.log
cache_log c: /Squid/var/logs/cache.log
cache_store_log c: /Squid/var/logs/store.log
mime_table c: /Squid/etc/mime.conf
pid_filename c: /Squid/var/logs/squid.pid
ftp_user the_ftp_user
diskd_program c: /Squid/libexec/diskd.exe
unlinkd_program c: /Squid/libexec/unlinkd.exe
logfile_daemon c: /squid/libexec/logfile-daemon.exe
cache_store_log none
forwarded_for off
via off
httpd_suppress_version_string on
uri_whitespace strip

maximum_object_size 4194240 KB
maximum_object_size_in_memory 1024 KB

#redirect_program c: /usr/local/squidGuard/squidGuard.exe

#authenication with Windows server
auth_param ntlm program c: /squid/libexec/mswin_ntlm_auth.exe
auth_param ntlm children 5

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl allowed_hosts src 201.1.1.0/255.255.255.0
#acl localnet proxy_auth REQUIRED src 200.1.1.0/255.255.255.0
#acl localnet proxy_auth REQUIRED src 192.168.0.0/255.255.0.0


#Limit upload to 2M and download to 3M
request_body_max_size 2048 KB
reply_body_max_size 5000000 allow all

# default refresh patterns
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

#ACL to define ports allowed to pass through Squid
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 3306
acl Safe_ports port 443
acl Safe_ports port 9003
acl Safe_ports port 9005
acl Safe_ports port 9006
acl Safe_ports port 9999
acl Safe_ports port 1080
acl SSL_ports port 443

acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access allow Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow gud_sites
http_access allow localhost
http_access allow allowed_hosts
#http_access deny all

always_direct allow all

icon_directory c: /Squid/share/icons
error_directory c: /Squid/share/errors/English
coredump_dir c: Squid

Not a squid person, but from reading your message you are able to get through firewall and proxy server on ports 80 and 443. Have the other ports been opened up on the hardware firewall?

I am not using Hardware Firewall.

Its a server with 2 network cards where squid is configured. One network adapter is connected to modem/router and other to the rest of the network where 40 computers are connected. The IP class of modem/router is A and the rest of the network is C. Server works in the middle for internet sharing purpose.

A new application is developed and that requires remote access on the web server (over internet) and I cant figure out how to open the communication on port 3306 of MySql on server(that is squid as proxy).

Can I use some other way instead of squid cache? I can't let the users send requests to router/modem directly as the router doesnt repond as quick as squid does.

What is your system config as you have not mentioned that.

Are you using squid v 1.4? This version has a patch to support your problem "Added mysql support for authentication based on a patch from Chris Fletcher (thank you). Tested with MySQL 5.0. (bug 19)"

I am using Squid 2.7 on a Windows server 2003 dell power edge 2900.

I have found MySql proxy documentation on mysql web and trying to figure out.

Still blank.

Any help !!!

Not sure if you will get a quick reply, the forums are pretty quiet these days and as I said in an earlier post I am not a squid person. Keep posting what you have tried and what has changed and maybe someone will chime in.

I have tried tcp_outgoing_address with no help ..

I have also tried to use
acl serverip dst 178.x.x.x/255.255.0.0 and no use.

Pls help any one.

OK .. some one told me that squid can not proxy Mysql at all and I will have to use direct connect or nat.

Any idea how do I use nat or direct connect?

I have a very basic setup of forward proxy connected to my local Lan on a windows server 2003.

Nat (network address translation) is setup on you router. You need to map the external IP address and port number used on the internet to the internal intranet IP address and port for your machine.

Most routers vary for setup, if you are not sure let us know the model number.

Along with what JohnFrank is saying, NAT is not something you typically set up. It's more like a by product of the type of networking you use.

That being said, I hate to push away a thread but you may be better off asking this question on our sister site at ASP Free where they specialize in Windows technologies. I can help you with the Windows part, but I have little experience using Squid.

My question relates to or now changed to MySql and proxy servers. I dont think ASP Free community will welcome me with MySql. I have posted this question on official forum of MYSql as well but guess there is no one to response or understand my question. That's what happens when there is more than 1 father of a child and still people keep adopting; open source.

ISA works as a charm.




OK. But the request of connecting to the remote server still has to pass through the proxy server. If proxy is not letting the request reach the router how will NAT work any thing for the request.

I have tried Polipo as a proxy as well but with no luck.

So the question is that how do I do web caching(for better speed to web clients) for my LAN when I have to connect to a remote MySql database from the same LAN?

Nat is usually located between WAN and LAN before proxy or machine.

I do not understand your config, you will need to explain it more.

For proxy on MySQL, is this something you want cached anyway (in case DB data changes).

My setup is very simple LAN connected with a ADSL router. Thats it. To explain more refer to below image;
My setup


No. If you look at the image above you will understand that all the web requests has to go though the proxy server to reach the ADSL router and then to internet(for http/https). So the client machine(computer(s) in my LAN) should also be able to reach a remote MySql database which it can not because of the proxy server blocking connection requests other than http/https.

Hope its clear now.