I have a MariaDB instance running with proper users set up. My my.cnf looks like this:
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
bind-address = 0.0.0.0
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
!includedir /etc/my.cnf.d
I'm trying to connect to this DB from Windows MySQL Workbench as root and am getting
Unable to connect to MYSQL server on <servername>
When I run netstat -aonp | grep 3306 on my server I get:
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 12793/mysqld off (0.00/0/0)
All looks to be running just fine and my bind-address is set to all 0's.
What could I possibly be missing here?
Maybe it's the issue with permission
GRANT ALL PRIVILEGES ON *.* TO 'root'#'*' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
Since this was a new VM, FirewallD was not running.
I needed to start FirewallD and add 3306/tcp to it:
firewall-cmd --add-port=3306/tcp
firewall-cmd --permanent --add-port=3306/tcp
Related
Problem:
I have server where is install Laravel app and database. But i want share same database with another server. And i want enable remote access.
What i tried:
I changed config file /etc/mysql/mysql.conf
commented out bind-address = 127.0.0.1
Also changed to bind-address = 0.0.0.0 or bind-address = *, not helps
(this is what everywhere i found to do)
ufw is disabled
netstat -ltn returns
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
isn't 127.0.0.1:3306 suppose to be 0.0.0.1:3306?
I try connect from another server
mysql -h xxx.xxx.xxx.xxx -u pf_remote -p
i got error
Can't connect to MySQL server on 'xxx.xxx.xxx.xxx' (111)
I think that port is not open, but where else i can open. Do i miss something?
Find mysql.conf and set
bind-address=0.0.0.0
Then login to MySQL and run below 2 commands
GRANT ALL PRIVILEGES ON *.* TO 'pf_remote'#'%' IDENTIFIED BY 'your_password' with grant option;
flush privileges;
then
sudo service mysql restart
Then also make sure you do not have any firewall blocking connections, check by
sudo ufw status
If its enabled, then allow remote connections to MySQL port
sudo ufw allow 3306 && sudo ufw reload
If you are using Amazon Web Services server then allowing connections from within shell won't work, you will have to allow connections from AWS Dashboard
Try to grant priviliges to user for remote access:
mysql> GRANT ALL ON yourDatabase.* TO user#'1.2.3.4' IDENTIFIED BY 'yourPassword';
Also please remember to restart your mysql service after config changes:
sudo /etc/init.d/mysql restart
I need external connection to MySQL. Using Plesk/Ubuntu 16/nginx. In firewall policy the port 3306 is allowed from any IP.
Is it somewhere else where it shall be allowed? If so, what file is needed to be edited?
You have to make changes to MySQL configuration, and allow remote access for the user.
1. Open MySQL configuration file. For RHEL-based distributions - /etc/my.cnf, for Debian-based - /etc/mysql/my.cnf.
2. Change bind-address parameter to bind-address = 0.0.0.0 and make sure that skip-networking parameter is not defined.
3. Restart MySQL daemon:
# service mysql restart
Or:
# service mysqld restart
Or:
# service mariadb restart
The service name depends on the installed MySQL version. You can do all three if you are not sure. It will do no harm unless the error was made in my.cnf.
4. Grant the access to remote IP address and login to MySQL. For example, if you want to allow access to database called database for user user with password password and remote IP address 203.0.113.2:
GRANT ALL ON database.* TO user#'203.0.113.2' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
To create a user that has access to all databases, execute the following query:
GRANT ALL PRIVILEGES ON *.* TO 'user'#'203.0.113.2' IDENTIFIED BY 'password' REQUIRE NONE WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
FLUSH PRIVILEGES;
5. You can verify that MySQL server is listening on the correct IP address using netstat. Here is the desired output - 0.0.0.0 address:
# netstat -anp | grep :3306
tcp6 0 0 0.0.0.0:3306 :::* LISTEN 2723/mysqld
netstat result:
netstat -anp | grep :3306
tcp6 0 0 127.0.0.1:3306 :::* LISTEN 1003/mysqld
I am trying to grant remote access to a mysql database. However I think I am missing a step somewhere.
Server is a VM - Ubuntu 12.04.5 - inet addr:134.226.38.147
mysql Ver 14.14 Distrib 5.5.38, for debian-linux-gnu (x86_64) using readline 6.2
Firstly I create the database on the remote server. I then grant wildcard access to all databases and tables for the user brendan. By using '%' I should have no problem connecting from my computer in college.
mysql> CREATE DATABASE foo;
mysql> GRANT ALL ON *.* TO 'brendan'#'%' IDENTIFIED BY 'mypassword';
I then open the port using
iptables -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
iptables-save | tee /etc/sysconfig/iptables
From what I read the above should work, however when I try to test the connection from my desktop this is what I get
localhost:~ brendan$ mysql -u brendan -h 134.226.38.147 -p
Enter password:
ERROR 2003 (HY000): Can't connect to MySQL server on '134.226.38.147' (61)
localhost:~ brendan$
or
localhost:~ brendan$ echo X | telnet -e X 134.226.38.147 3306
Telnet escape character is 'X'.
Trying 134.226.38.147...
telnet: connect to address 134.226.38.147: Connection refused
telnet: Unable to connect to remote host
localhost:~ brendan$
What am I missing?
Any help is much appreciated.
EDIT
my.cnf
I was unsure If I should comment out the bind-address = 127.0.0.1 which was already there
[mysqld]
#
# * Basic Settings
#
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 127.0.0.1
# ---- You added the below line ----------
bind-address = 134.226.38.147
I then restart with
sudo service mysql restart
Open your my.cnf file:
sudo vim /etc/mysql/my.cnf
Comment out the bind-address in your my.cnf.
like so: #bind-address = 127.0.0.1
Then restart mysql server so that the changes to the my.cnf file will take affect.
sudo service mysql restart
or
sudo /etc/init.d/mysql restart
You can read more here at DigitalOcean or rtcamp.
Now, a user will be able to connect to the Mysql database server remotely as long as they have proper user credentials.
I'm trying to allow remote connections to one of my mysql databases, but after I set everything up, I keep getting a time out error. Can you tell me if I perhaps missed a step?
I'm running Ubuntu 12.04 with MySQL 5.5.38-0
Here's my /etc/mysql/my.cnf file
[mysqld]
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
# skip-external-locking
bind-address = 0.0.0.0
Once I updated the my.cnf file, I restarted MySQL and then ran the following to open TCP port 3306
sudo /sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT
Then saved the new rules using:
sudo /sbin/iptables-save
I can see it when I run sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
DROP udp -- anywhere anywhere udp spt:bootps
LOG all -- anywhere anywhere LOG level warning prefix "INPUT__"
DROP all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
I then created a test database:
> create database kentest;
Granted it all privileges from any host:
> GRANT ALL ON kentest.* TO kentest#'%' IDENTIFIED BY 'mypassword';
And flushed the privileges:
> flush privileges
But when I try and connect from another box:
$ mysql -u kentest -h x.x.x.x -p
I get the timeout message:
ERROR 2003 (HY000): Can't connect to MySQL server on 'x.x.x.x' (60)
I did notice that I don't see the port being used when I run
$ lsof -i -P | grep :3306
Any ideas what I could be doing wrong or missing?
Thanks!
I was able to figure out the issue. We are using CSF for our firewall and needed to add the IP to:
sudo vi /etc/csf/csf.allow
Then restart CSF:
$ csf --restart
cant get it to work. this is what i've done so far:
mysql> CREATE USER 'admin'#'localhost' IDENTIFIED BY 'xxxxxx';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'admin'#'localhost' WITH GRANT OPTION;
mysql> CREATE USER 'admin'#'%' IDENTIFIED BY 'xxxxxx';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'admin'#'%' WITH GRANT OPTION;
in AWS Console -> EC2 -> Network & Security -> Security Groups -> quick-start-1 -> Inbound tab -> Choose 'MYSQL' from drop down -> Add Rule -> apply
edit /etc/my.cnf and added bind-address, then
sudo /etc/init.d/mysqld restart
sudo /sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT
sudo service iptables save
and finally from my computer:
[nir#dhcppc4 ~]$ mysql -h xxx.xxx.xxx.xxx -u admin -p
Enter password:
ERROR 2003 (HY000): Can't connect to MySQL server on 'xxx.xxx.xxx.xxx' (113)
EDIT:
running netstat -lp | grep mysql (I dont see port number in the output):
tcp 0 0 *:mysql *:* LISTEN -
unix 2 [ ACC ] STREAM LISTENING 16003 - /var/lib/mysql/mysql.sock
added in /etc/my.cnf
port=3306
and now netstat -lp | grep mysql is
tcp 0 0 *:mysql *:* LISTEN -
unix 2 [ ACC ] STREAM LISTENING 37757 - /var/lib/mysql/mysql.sock
/etc/my.cnf file:
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
port=3306
bind-address = 0.0.0.0
#skip-networking
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
plus i tried to connect through other computer and i could not connect, so i guess its not a problem on the connecting computer
and i got access denied my telnet:
[nir#dhcppc4 ~]$ telnet xxx.xxx.xxx.xxx 3306
Trying xxx.xxx.xxx.xxx...
telnet: connect to address xxx.xxx.xxx.xxx: No route to host
** i'm also trying to solve it in amazon ec2 forum
SOLVED
the problem:
i have in the iptables this line
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
and this line only append the rule to the end of the list so the reject catch it first
sudo iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
to solve it i needed to put the rule higher in the chain, i.e. use -I switch like this:
sudo iptables -I INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT