I moved this over to the “Administration” category, since it’s about setting up Looker.
This docs page: https://docs.looker.com/setup-and-management/enabling-secure-db might answer your question-- It shows how to whitelist the Looker IP addresses / configure an SSH tunnel for maximum security (https://docs.looker.com/setup-and-management/enabling-secure-db/ssh-tunnel).
In general, though, customers who have on-premise databases often tend to also host their own Looker instance on-premise (https://docs.looker.com/setup-and-management/on-prem-install), so that they can connect directly to their database without having to expose ports/whitelist, etc.
If it’s absolutely full-stop not-gonna-happen to have your DB exposed to the public internet at all, that’s the route you’ll probably want to take. But, it’s way easier to have us host for you, so you should definitely check out the SSH tunnel + whitelist options.