Is it safe to open port 3306 in Firewall for external MySQL Connection

Generally restricting MySQL access to an ip address is a good idea. There can be some security concerns but a good firewall should mitigate some of them. They would have to create an additional MySQL user for you since MySQL does not allow multiple hosts (unless there's a wildcard) per user. You could request multiple users, one for each host that you are connecting from or even do partial hosts (eg. %.google.com).

An alternative solution is to create a ssh tunnel from your machine so that you can connect locally.

Here's a good article on how you can create a ssh tunnel with MySQL.

http://www.howtogeek.com/howto/ubuntu/access-your-mysql-server-remotely-over-ssh/


DO NOT open 3306.

Instead, do what every other server does: Open port 22 for secure ssh connection, then once logged on, connect locally to mysql.