1 min read

If you get error 13 trying to connect to an IPv6 MySQL server for example:
ERROR 2003 (HY000): Can’t connect to MySQL server on ‘node2’ (13)
It could be a Permission Denied error trying to open the socket:

 # telnet node2 3306
 Trying 2a01:4f8:161:xxxx::2b72…
 telnet: connect to address 2a01:4f8:161:xxxx::2b72: Permission denied

Check if it’s SELinux first. If so there will be an entry in /var/log/audit/audit.log/ or /var/log/messages/, or if SELinux is running in Permissive mode you can be sure it’s not responsible:

# sestatusSELinux status    enabled
SELinuxfs mount:            /sys/fs/selinux
SELinux root directory:     /etc/selinux
Loaded policy name:         targeted
Current mode:               permissive

If SELinux isn't responsible, you can connect outbound, and the destination server is running RHEL/CentOS 7, check the ip6table outbound rules next as there’s a good chance the default rules are rejecting connections with icmp6-adm-prohibited:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target   prot opt in   out   source        destination
72800 146M ACCEPT   all   *   *    ::/0         ::/0         ctstate RELATED,ESTABLISHED
0   0 ACCEPT   all   lo   *    ::/0         ::/0
148K  10M INPUT_direct all   *   *    ::/0         ::/0
148K  10M INPUT_ZONES_SOURCE all   *   *    ::/0         ::/0
148K  10M INPUT_ZONES all   *   *    ::/0         ::/0
21 1260 DROP    all   *   *    ::/0         ::/0         ctstate INVALID
3  240 REJECT   all   *   *    ::/0         ::/0         reject-with icmp6-adm-prohibited

This gives a really confusing Permission Denied error instead of Connection Refused.

Add the required firewall rules and you’ll be able to connect.

James Lawrie

James Lawrie

James has over a decade of experience working for companies such as Percona, UKFast, and Bytemark. In his spare time he rides his motorbike, lifts weights, and learns Polish.