[TriLUG] what could block port=3306?

[Tom Roche]

So I have a testbed for an application which essentially consists of 2
LAMP boxes (call one "lane" and the other "server") behind a
router/firewall. The latter forwards 22 (only) to one of the LAMP
boxes. The 2 MySQLs need to communicate, so each box has 2 MySQL
accounts={is4clane, is4cserver}, one to talk to itself, and the other
for the other.

Simple enough, but right now one box is blocking 3306. From either
inside or outside the private network, I can do

$ ssh user at lane
...
user at lane:~$ telnet server 3306
Trying server...
Connected to server.
...

but when I

$ ssh user at server
...
user at server:~$ telnet lane 3306
Trying lane...
telnet: Unable to connect to remote host: Connection refused

Things I've checked:

* I get the same behavior whether I SSH into the network from outside,
   or whether I connect physically inside the firewall.

* both boxes have the same connection to the firewall: both cable into
   the same hub, which cables to the firewall.

* there are no uncommented lines in any of
   {server,lane}:/etc/hosts.{allow,deny}

* both boxes are running the same 5.0.x version of MySQL installed by
   the same vanilla Ubuntu Server Edition.

* both {server,lane}:/etc/mysql/my.cnf have

 > # Instead of skip-networking the default is now to listen only on
 > # localhost which is more compatible and is not less secure.
 > bind-address            = <local IP#/>

   i.e. the IP# set in the box's /etc/network/interfaces

* {server,lane} can connect to {lane,server} via ssh

* mysqld is running on server and is locally connectable via
   {is4cserver, is4clane}

* mysqld is running on lane and is locally connectable via {is4clane,
   is4cserver}

+ mysql can connect from lane to server as is4clane

- mysql can't connect from server to lane as anything

- port=3306 appears to be blocked on lane (as noted initially)

How to fix? or what else to check?

TIA, Tom Roche <Tom_Roche at pobox.com>