Have you used the IP address of hermes in the command line to 'mysql'? MySQL may be getting confused with the server name it is being handed. Just a guess. With ftp, have you forwarded ports 20 and 21? Have you tried setting your client to passive mode using just port 21? >>> blutgens at sistina.com 03/08/01 03:00PM >>> Hi all, we wanna secure the way our webserver talks to our database. We'd like for all mysql work to be done though an ssh tunnel. I found very little documentaion on this save a few mailing list posts. Essentially here's what I am doing. 1.)in one terminal from hermes.sistina.com ssh -L 13306:bender.sistina.com:3306 bender.sistina.com sleep 20 2.) then from a nother shell on the same machine mysql -h hermes.sistina.com -P 13306 -u$USERNAME --p$PASSWORD I have tried the tunnel with ftp, telnet, and I get my mail from my imap server this way with fetchmail but for some reason I get ERROR 2003: Can't connect to mysql server on 'hermes' (111) It's my understanding that with the ssh command above anything trying to connect to port 13306 on the local machine is tranparently pushed though the tunnel to the port on the other end (in this case 3306 the default mysql port) When I do this with ftp, I can connect, login and all is well. But I get illegal port command errors. My research has told me that wu-ftpd don't like when you tunnel to it. Has anyone done this before? Is there a better way to secure database transactions? -- Ben Lutgens cell: 612.670.4789 Sistina Software Inc. worl: 612.379.3951 Code Monkey Support (A.K.A. System Administrator) "It's hard to believe that's the same frail woman who once sprained her wrist from having too much dip on a cracker!" -- Frazier Crane