Can't connect to MySQL server on host
Production Risk
HIGH — complete connection failure from all remote clients.
Client error 2003 is returned when the client cannot establish a TCP connection to the MySQL/MariaDB server on the specified host and port. Unlike 2002 (socket), this error is for TCP connections — usually to a remote host or explicit port.
- 1MariaDB/MySQL server is not running on the remote host
- 2Server is bound to 127.0.0.1 only (bind-address) and a remote client is trying to connect
- 3Firewall (iptables, ufw, cloud security group) is blocking port 3306
- 4Wrong hostname or port specified in the connection string
- 5Server has not been configured to accept remote connections
Connecting to a remote DB host that is not accepting connections.
mysql -h db.example.com -P 3306 -u appuser -p
expected output
ERROR 2003 (HY000): Can't connect to MySQL server on 'db.example.com' (111)
Fix 1
Change bind-address to allow remote connections
WHEN When the server is bound to localhost only.
-- In my.cnf / server.cnf under [mysqld]: -- bind-address = 0.0.0.0 -- or comment out bind-address entirely. -- Then restart MariaDB.
Why this works
By default MariaDB listens on 127.0.0.1 only. Setting bind-address = 0.0.0.0 (or the server's specific IP) allows external connections.
Fix 2
Open port 3306 in the firewall
WHEN When the server is running but the port is blocked.
-- UFW: sudo ufw allow from 203.0.113.0/24 to any port 3306 -- iptables: sudo iptables -A INPUT -p tcp --dport 3306 -s 203.0.113.0/24 -j ACCEPT
Why this works
Restrict firewall access to known client IP ranges rather than opening port 3306 to the world.
✕ Open port 3306 to 0.0.0.0/0 in production
Exposes the database directly to the internet — a primary attack vector for credential brute-force and exploit attempts.
MySQL Client error 2003 / CR_CONN_HOST_ERROR
MariaDB Remote Client Access ↗MariaDB bind-address ↗Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev