I have been using the GCE for about a year now, and have not run into this problem before. The VM is CentOS, has services running on http, smpt, pop3, pop3s, a few others. It has a static IP address assigned as well.
This morning, the VM was rebooted and when it came back up, no external connections were getting through. The GCE firewall rules have not changed:
Ubuntu:~$ gcloud compute firewall-rules list
NAME NETWORK SRC_RANGES RULES SRC_TAGS TARGET_TAGS
default-allow-http default 0.0.0.0/0 tcp:80 http-server
default-allow-https default 0.0.0.0/0 tcp:443 https-server
default-allow-internal default 10.0.0.0/8 tcp:1-65535,udp:1-65535,icmp
default-ssh default 0.0.0.0/0 tcp:22
http2 default 0.0.0.0/0 tcp:80
https default 0.0.0.0/0 tcp:443
msa default 0.0.0.0/0 tcp:587
pop3 default 0.0.0.0/0 tcp:110
pop3s default 0.0.0.0/0 tcp:995
smtp default 0.0.0.0/0 tcp:25
smtps default 0.0.0.0/0 tcp:465
I shut down the VM, created a new temporary VM and mounted the boot disk from the VM into the temporary VM to read through the log files, but didn't find any errors, it appeared everything was starting up correctly.
I read somewhere that there was an issue at one time with iptables creating some restrictive rules on accident, and I noticed that iptables was indeed running (though it might have been running all this time, not sure), so I disabled it.
Local services appear to be listening:
[root#]# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
And I can connect from the temporary VM via the internal network:
[repair ~]$ telnet 10.240.26.51 995
Trying 10.240.26.51...
Connected to 10.240.26.51.
Escape character is '^]'.
^]
So, connecting via the internal network works fine, but connecting from anywhere outside via the static IP does not work. Any ideas of what I might have missed? 1) Services appear to be listening on the server, 2) Server firewall should (now) be off, though was on before, 3) GCE firewall rules should be allowing external traffic, 4) But no dice on getting a connection in, not even using: gcloud compute ssh
Well, very odd, but it turns out that the IP I've been using from Google as a static IP for my VM, simply doesn't work (or route?) anymore. Hope this helps somebody else that may come across this issue, that if you have checked everything and you still can't get connections from outside, try checking that your static IP actually works.
Related
I have a problem in connecting to my MySQL server running on an EC2 Ubuntu instance.
In the /etc/mysql/mysql.conf.d/mysqld.cnf,
I've set the port=3306
I've set thebind-address=0.0.0.0.
Commented skip-external-locking
netstat -an | grep 3306 returns
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
I allowed the connections using sudo ufw allow 3306
Still Iam getting the error as below. (I have added the db.apim.com to /etc/hosts )
ERROR 2003 (HY000): Can't connect to MySQL server on 'db.apim.com' (110)
Note : I followed everything in this blog
This is resolved by adding a suitable inbound traffic rule.
By adding Type : TCP and Source: 0.0.0.0/0 as a new inbound traffic rule this issue resolved [1].
Thanks #GobindDeepSingh for pointing this out.
[1] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html
I am having problem to connect to MariaDB on Linuc GCP VM. I have followed all practices to expose the VM on 3306, I use ephemeral IP. The VM is reachable as I have nginx installed. I have create remote user in MySQL, enabled remote access but still nothing. When i cannoct from my PC with MySQL Workbench i get connection error. What can it be?
I have also followed this:
enter link description here
Update
this the output of netstat:
$> netstat -ant | grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
Result of nmap is more intersting though:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp closed https
3389/tcp closed ms-wbt-server
I do not see 3306 but it is a port I have opened on firewall rule in GCP... How can it be is not shown?
Ok, I have found a mistake. It was in the GCP firewall configuration rule. The tag name of the VM was spelled wrongly. thanks.
im trying to get remote access to my MySQL / MariaDB server however it keep denying my access. Here is my setup:
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
mysql
MariaDB [(none)]> SELECT User, Host FROM mysql.user WHERE Host <> 'localhost';
+----------+------+
| User | Host |
+----------+------+
| feed_user| % |
+----------+------+
my.cnf
[mysqld]
local-infile=0
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
!includedir /etc/my.cnf.d
netstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 30227/mysqld
The server is within my local network, on a different subnet.
Internal firewall is set to allow connections between the two subnets, can see the traffic being accepted.
Any ideas on why it wont allow me remote access?
Thanks
Chris
Turns out i was adding the rules to iptables instead of firewalld. After adding the rules to firewalld i was able to access the the server remotely.
NOTE. operation system is ubuntu 14.*
I am breaking my head over my connection on my MYSQL server. I try to connect to my MYSQL server internal through my public ip. But i am unable to connect. While i am able to connect when i connect to localhost and when i connect externally.
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1
I commented the bind-adress out and this should bind the addres to 0.0.0.0. I also tried to setup the bind-adres to 0.0.0.0. This also doesnt work.
My hosts file is setup up as follows:
127.0.0.1 MY-IP
When i telnet on port 80 to my public ip there is no problem.
telnet MY-IP 80
I get:
Trying MY-IP...
Connected to MY-IP.
Escape character is '^]'.
But when i try this on port 3306 it keeps on:
Trying MY-IP...
I also granted all the right permissions to my MYSQL users. And i am possible to connect externaly and internaly. But it is not possible for me to connect internaly with my public ip.
Also i tried to find a solution with netstat.
netstat -tln
give mes
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
EDIT: Just disabled UFW. It still doesnt work.
ufw status
Status: inactive
EDIT2: Is it possible that mysql is ignoring the /etc/hosts file?
Could somebody help me a bit further with some great ideas where the problem might be.
You should change the bind address to 0.0.0.0 then restart the mysqld. Also make sure there is no firewall enabled:
iptables -n -L
if there are rules, blocking port 3306, delete them, or just disable the firwall with
iptables -F
also use netstat to check if the server is listening on the external ip:
netstat -tupan |grep :3306
On google compute engine, I can access a port on a server through 'localhost', but I can not access the same port using IP address from the same server or from external client machines. I tried to create a new firewall rule on web console page, and can see it from Linux command, but port 8888 still can't be accessed
$ gcloud compute firewall-rules list
NAME NETWORK SRC_RANGES RULES SRC_TAGS TARGET_TAGS
allow8888 default 0.0.0.0/0 tcp:8888,udp:8888
default-allow-http default 0.0.0.0/0 tcp:80 http-server
default-allow-https default 0.0.0.0/0 tcp:443 https-server
Problem solved by changing local tcp server setting files
from 'localhost' to '0.0.0.0'
Problem solved by changing local tcp server setting files from 'localhost' to '0.0.0.0'
goto etc/hosts and update your host entries it should work