im trying to get remote access to my MySQL / MariaDB server however it keep denying my access. Here is my setup:
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
mysql
MariaDB [(none)]> SELECT User, Host FROM mysql.user WHERE Host <> 'localhost';
+----------+------+
| User | Host |
+----------+------+
| feed_user| % |
+----------+------+
my.cnf
[mysqld]
local-infile=0
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
!includedir /etc/my.cnf.d
netstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 30227/mysqld
The server is within my local network, on a different subnet.
Internal firewall is set to allow connections between the two subnets, can see the traffic being accepted.
Any ideas on why it wont allow me remote access?
Thanks
Chris
Turns out i was adding the rules to iptables instead of firewalld. After adding the rules to firewalld i was able to access the the server remotely.
Related
I have a problem in connecting to my MySQL server running on an EC2 Ubuntu instance.
In the /etc/mysql/mysql.conf.d/mysqld.cnf,
I've set the port=3306
I've set thebind-address=0.0.0.0.
Commented skip-external-locking
netstat -an | grep 3306 returns
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
I allowed the connections using sudo ufw allow 3306
Still Iam getting the error as below. (I have added the db.apim.com to /etc/hosts )
ERROR 2003 (HY000): Can't connect to MySQL server on 'db.apim.com' (110)
Note : I followed everything in this blog
This is resolved by adding a suitable inbound traffic rule.
By adding Type : TCP and Source: 0.0.0.0/0 as a new inbound traffic rule this issue resolved [1].
Thanks #GobindDeepSingh for pointing this out.
[1] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html
I got the problem that my mysql, while locally (Ubuntu 20.04.3 LTS) available, can't be reached via a remote client:
telnet 127.0.0.1 3306
Trying 127.0.0.1...
Connected to 127.0.0.1.
but
telnet xxx.xxx.xxx.xxx 3306
Trying xxx.xxx.xxx.xxx...
telnet: Unable to connect to remote host: Connection refused
I tried everything I found, but to no success. This is what I tried / checked:
/etc/mysql/mysql.conf.d/mysqld.cnf
bind-address = ::
mysqlx-bind-address = ::
I also tried to set those addresses to "0.0.0.0", the result is the same
I also did a restart via systemctl restart mysql and netstat -ntlup shows
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp6 0 0 :::3306 :::* LISTEN 567829/mysqld
tcp6 0 0 :::33060 :::* LISTEN 567829/mysqld
UFW is inactive
ufw status
Status: inactive
There is a mysql user with remote access
SELECT user, host, account_locked, password_expired FROM user;
+---------+-----------+----------------+------------------+
| user | host | account_locked | password_expired |
+---------+-----------+----------------+------------------+
| my_user | % | N | N |
This user has read permissions to all tables of a database. I executed a FLUSH PRIVILEGES;.
Server accessibility
The server generally is accessible from remote. I can connect via SSH and HTTP/HTTPS. I set the server provider firewall settings (Hetzner Cloud Server) and 3306 aswell as 33060 are allowed incoming ports.
I checked the MySQL server accessibility on the server itself via its remote IP, my local computer and from another external server. All show the above mentioned "Connection refused" via telnet and when trying to connect via the mysql command.
Those were all the tips and configurations I found on existing solutions of this problem. I am stuck for two days now and can't find a way forwards. Does anyone have an idea?
I am trying to connect a remote mysql database in my local application. But it was not connecting with the given user name and password. Though I gave the GRANT ALL to that user. After a long study I came to know about firewall. I assume the following rules of firewall is the culprit for not connecting:
REJECT tcp -- anywhere anywhere tcp dpt:mysql reject-with icmp-port-unreachable
Please let me know if I am right. And please suggest me a solution to overcome this.
You can poke a hole in your firewall, to your given IP address by running the following (as root)
iptables -I INPUT -p tcp --dport 3306 --src 103.19.252/24 -j ACCEPT
-I INPUT signifies we are looking at incoming traffic
--dport 3306 means any traffic headed for port 3306 (mysql)
--src 103.19.252/24 will open up the connection to any traffic that originates from the 103.19.252.xx subnet
-j ACCEPT means let it through
You'll also need to make sure your MySQL user is allowed to connect from that ip
When I tried to connect the remote MySQL server by using command line mysql -h <remote-ip> -u any_existing_users -p or any other mysql client such as phpmyadmin, it didn't work and the error hint was
ERROR 2003 (HY000) Can't connect to MySQL server on '<remote-ip>' (61)
But, when I tried ssh <remote-ip> and connected the MySQL locally by mysql -u root -p, there is no problem.
Here is part of the user table(SELECT User, Host FROM mysql.user;):
+------------------+----------------+
| User | Host |
+------------------+----------------+
| root | % |
| other_users | <remote-ip> |
| root | localhost |
+------------------+----------------+
Here is the iptable:
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306
So, what's the problem?
Check if your mysql server is listening on a socket with netstat:
netstat -tulpen
and search for 3306.
If not or if only on localhost, check my.cnf and search the bind-address line and change it to:
bind-address = 0.0.0.0
then restart the server and try again.
Check status:
netstat -tulpen
Modify your configuration:
nano /etc/mysql/my.cnf
# Edit:
bind-address = 0.0.0.0
Enter mysql and give privileges:
mysql -umyuser -pmypassword
# Run:
GRANT ALL PRIVILEGES ON *.* TO 'myuser'#'%'IDENTIFIED BY 'mypassword' WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit
Restart mysql
/etc/init.d/mysql restart
With MySql 5.7 they changed files so bind-address is now in:
/etc/mysql/mysql.conf.d/mysqld.cnf
instead of:
/etc/mysql/my.cnf
If you run MAMP, do not forget to allow access (mySQL panel, check "Allow network access to MySQL")
I had this problem just after installing Centos 7 on a server. I couldĀ“t access to it through Mysql Workbench in a remote computer.
The problem was in the firewall configuration. Eventually, the solution came when doing:
sudo firewall-cmd --zone=public --permanent --add-service=mysql
And then, restart the firewall:
sudo systemctl restart firewalld
Take a look at the "Causes of Access-Denied Errors" from MySQL.
http://dev.mysql.com/doc/refman/5.1/en/access-denied.html
Possibile is there a failed configuration on your server or a other program is using the same port? Or is the server bind on "127.0.0.1"? Try changing the the my.cnf file.
It can be a problem related to firewall or try this:
GO to Server Admin -> MySQL -> Settings -> check: Allow Network Connections
Then restart MySQL
For MacOS:
mysql -uroot -p
mysql> use mysql;
# View user's host
mysql> select 'host' from user where user='root';
# Update host to '%'
mysql> update user set host='%' where user='root';
mysql> flush privileges;
mysql> quit
vim /usr/local/etc/my.cnf
# Default Homebrew MySQL server config
[mysqld]
bind-address = 0.0.0.0
# Restart and reconnect MySQL
mysql.server restart
mysql -uroot -h0.0.0.0 -p
I have installed normal mysql with apt-get and now I need to connect it with my lampp server, when is lampp booting it echo "Another MySQL deamon already running" (of course - thats right), but when I open phpmyadmin it gives me an message
2002 - The server is not responding (or the local MySQL server's socket is not correctly configured)
So how I could connect non-lampp mysql with lampp - I suppose that will be with a mysql socket, but I don't know how...
mysql listens for two seperiate types of connections, tcp and unix socket. You can view what your mysqld process listens to with the netstat command:
# netstat -npl | grep mysql
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2059/mysqld
unix 2 [ ACC ] STREAM LISTENING 6221 2059/mysqld /var/lib/mysql/mysql.sock
Default port for tcp is 3306, and default socket is /var/lib/mysql/mysql.sock (at least it is on RHEL). Local connections (such as the mysql command) tend to use the socket, while remote connections (other servers) need to use the TCP socket.
If your server isn't listening on one, you may have to specify them in your mysqld configuration. These values are controlled in the /etc/my.cnf file:
[mysqld]
socket=/var/lib/mysql/mysql.sock
port=3306
Also, if your TCP socket is listening on localhost only (127.0.0.1) you can specify this in the my.cnf file:
bind_address=0.0.0.0
0.0.0.0 means listen on all local interfaces. If you want it to listen on a specific IP address, specify it.