Connecting to a mysql database on a truenas core jail

I have a jail dedicated to a mysql database on TrueNAS Core (I have always been steered away from plugins, but if there is one, let me know!)
This database should be available from any host behind my router.
I have created the jail and installed mysql. I am able to login from the jail, but not any other local host.

I am unable to acces the host/port via telnet:

telnet databasae 3306
telnet: Unable to connect to remote host: Connection refused

I haved tried creating a ssh tunnel (ssh is working fine from any local host), but this hangs:

ssh -L 3306:localhost:3306 database -N

This works fine:

ssh database

I have removed both server and client socket references in /usr/local/etc/mysql/my.cnf

I am using ~/.my.cnf:

password=“my password”

and am using it like this:


I have looked at what mysql thinks it is doing:

mysql --print-defaults
mysql --print-defaults
mysql would have been started with the following arguments:
–user=propman_admin --password=mypassword --host=database --user=propman_admin --password=mypassword --host=database
(Not sure why some entries are duplicated)

I think this is really a port issue. I need to open 3306 or at lease be able to tunnel over port 22 (which is hanging for some reason)

Why does “host=database”? Just curious.

the hostname of the jail hosting the database is “database”

OK, this was a pain… I changed my .my.cnf file:


and created the tunnel like this:

ssh -f database -L 3306:database:3306 -N

then I could run


OK, so this does work, but I would rather connect using mysql directly as it removes a potential attack from that server (it is outward facing.) I don’t mind someone hacking my database if they get the credentials from my flas config file, and yes, I could gen up another set of credentials for that user to limit what they can do, but honestly, if I can get mysql client to connect directly, that is a better solution (IMHO.)

The solution that I was after was this (on the database server):

bind-address =

Its been one of those days :wink:

Thought so…
Good fix.