Connect to mysql on Amazon EC2 from a remote server - ERROR 2003 - mysql

cant get it to work. this is what i've done so far:
mysql> CREATE USER 'admin'#'localhost' IDENTIFIED BY 'xxxxxx';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'admin'#'localhost' WITH GRANT OPTION;
mysql> CREATE USER 'admin'#'%' IDENTIFIED BY 'xxxxxx';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'admin'#'%' WITH GRANT OPTION;
in AWS Console -> EC2 -> Network & Security -> Security Groups -> quick-start-1 -> Inbound tab -> Choose 'MYSQL' from drop down -> Add Rule -> apply
edit /etc/my.cnf and added bind-address, then
sudo /etc/init.d/mysqld restart
sudo /sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT
sudo service iptables save
and finally from my computer:
[nir#dhcppc4 ~]$ mysql -h xxx.xxx.xxx.xxx -u admin -p
Enter password:
ERROR 2003 (HY000): Can't connect to MySQL server on 'xxx.xxx.xxx.xxx' (113)
EDIT:
running netstat -lp | grep mysql (I dont see port number in the output):
tcp 0 0 *:mysql *:* LISTEN -
unix 2 [ ACC ] STREAM LISTENING 16003 - /var/lib/mysql/mysql.sock
added in /etc/my.cnf
port=3306
and now netstat -lp | grep mysql is
tcp 0 0 *:mysql *:* LISTEN -
unix 2 [ ACC ] STREAM LISTENING 37757 - /var/lib/mysql/mysql.sock
/etc/my.cnf file:
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
port=3306
bind-address = 0.0.0.0
#skip-networking
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
plus i tried to connect through other computer and i could not connect, so i guess its not a problem on the connecting computer
and i got access denied my telnet:
[nir#dhcppc4 ~]$ telnet xxx.xxx.xxx.xxx 3306
Trying xxx.xxx.xxx.xxx...
telnet: connect to address xxx.xxx.xxx.xxx: No route to host
** i'm also trying to solve it in amazon ec2 forum

SOLVED
the problem:
i have in the iptables this line
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
and this line only append the rule to the end of the list so the reject catch it first
sudo iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
to solve it i needed to put the rule higher in the chain, i.e. use -I switch like this:
sudo iptables -I INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT

Related

How can I enable remote connections for MySQL

I have a MariaDB instance running with proper users set up. My my.cnf looks like this:
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
bind-address = 0.0.0.0
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
!includedir /etc/my.cnf.d
I'm trying to connect to this DB from Windows MySQL Workbench as root and am getting
Unable to connect to MYSQL server on <servername>
When I run netstat -aonp | grep 3306 on my server I get:
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 12793/mysqld off (0.00/0/0)
All looks to be running just fine and my bind-address is set to all 0's.
What could I possibly be missing here?
Maybe it's the issue with permission
GRANT ALL PRIVILEGES ON *.* TO 'root'#'*' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
Since this was a new VM, FirewallD was not running.
I needed to start FirewallD and add 3306/tcp to it:
firewall-cmd --add-port=3306/tcp
firewall-cmd --permanent --add-port=3306/tcp

cannot connect to remote mysql server

I have installed mysql lampp on my server.
When i try to connect remotely using this command:
mysql -h SERVER_IP -u USER -p
it returns me error :
ERROR 2003 (HY000): Can't connect to MySQL server on 'SERVER_IP' (110)
I have setting bind-address to 0.0.0.0 in /opt/lampp/etc/my.cnf file,
I have also give this iptables rule to allow access to mysql port on 3306
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
Nmap on local server give the following output:
PORT STATE SERVICE
#nmap -p 3306 localhost
PORT STATE SERVICE
3306/tcp open mysql
but when nmap from outside the server network i.e using external ip, nmap give the following output:
#nmap -p 3306 SERVER_IP
PORT STATE SERVICE
3306/tcp filtered mysql
output from netstat -ntulp |grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 17946/mysqld
the port is listen according to netstat but can't accept connection from outside the network (remotely)
What is wrong here?
try one thing that go to your mysql server and execute below command-
service iptables stop
Now check your connection.

Granting remote access to MySQL database

I am trying to grant remote access to a mysql database. However I think I am missing a step somewhere.
Server is a VM - Ubuntu 12.04.5 - inet addr:134.226.38.147
mysql Ver 14.14 Distrib 5.5.38, for debian-linux-gnu (x86_64) using readline 6.2
Firstly I create the database on the remote server. I then grant wildcard access to all databases and tables for the user brendan. By using '%' I should have no problem connecting from my computer in college.
mysql> CREATE DATABASE foo;
mysql> GRANT ALL ON *.* TO 'brendan'#'%' IDENTIFIED BY 'mypassword';
I then open the port using
iptables -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
iptables-save | tee /etc/sysconfig/iptables
From what I read the above should work, however when I try to test the connection from my desktop this is what I get
localhost:~ brendan$ mysql -u brendan -h 134.226.38.147 -p
Enter password:
ERROR 2003 (HY000): Can't connect to MySQL server on '134.226.38.147' (61)
localhost:~ brendan$
or
localhost:~ brendan$ echo X | telnet -e X 134.226.38.147 3306
Telnet escape character is 'X'.
Trying 134.226.38.147...
telnet: connect to address 134.226.38.147: Connection refused
telnet: Unable to connect to remote host
localhost:~ brendan$
What am I missing?
Any help is much appreciated.
EDIT
my.cnf
I was unsure If I should comment out the bind-address = 127.0.0.1 which was already there
[mysqld]
#
# * Basic Settings
#
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 127.0.0.1
# ---- You added the below line ----------
bind-address = 134.226.38.147
I then restart with
sudo service mysql restart
Open your my.cnf file:
sudo vim /etc/mysql/my.cnf
Comment out the bind-address in your my.cnf.
like so: #bind-address = 127.0.0.1
Then restart mysql server so that the changes to the my.cnf file will take affect.
sudo service mysql restart
or
sudo /etc/init.d/mysql restart
You can read more here at DigitalOcean or rtcamp.
Now, a user will be able to connect to the Mysql database server remotely as long as they have proper user credentials.

Can't connect to database from a remote server after setting it up to allow connections

I'm trying to allow remote connections to one of my mysql databases, but after I set everything up, I keep getting a time out error. Can you tell me if I perhaps missed a step?
I'm running Ubuntu 12.04 with MySQL 5.5.38-0
Here's my /etc/mysql/my.cnf file
[mysqld]
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
# skip-external-locking
bind-address = 0.0.0.0
Once I updated the my.cnf file, I restarted MySQL and then ran the following to open TCP port 3306
sudo /sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT
Then saved the new rules using:
sudo /sbin/iptables-save
I can see it when I run sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
DROP udp -- anywhere anywhere udp spt:bootps
LOG all -- anywhere anywhere LOG level warning prefix "INPUT__"
DROP all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
I then created a test database:
> create database kentest;
Granted it all privileges from any host:
> GRANT ALL ON kentest.* TO kentest#'%' IDENTIFIED BY 'mypassword';
And flushed the privileges:
> flush privileges
But when I try and connect from another box:
$ mysql -u kentest -h x.x.x.x -p
I get the timeout message:
ERROR 2003 (HY000): Can't connect to MySQL server on 'x.x.x.x' (60)
I did notice that I don't see the port being used when I run
$ lsof -i -P | grep :3306
Any ideas what I could be doing wrong or missing?
Thanks!
I was able to figure out the issue. We are using CSF for our firewall and needed to add the IP to:
sudo vi /etc/csf/csf.allow
Then restart CSF:
$ csf --restart

ERROR 2003 (HY000): Can't connect to MySQL server (111)

This question is related to the following questions:
Can't connect to MySQL server error 111
Trying to connect to remote MySQL host (error 2003)
I am configuring a new MySQL (5.1) server on my local machine. I need to provide remote access to the database. I did the following steps:
Comment bind-address in my.cnf:
# bind-address = 192.168.1.3
Grant privileges:
GRANT ALL PRIVILEGES ON *.* TO 'nickruiz'#'%' IDENTIFIED BY PASSWORD 'xxxx';
Set port forwarding on router (TCP and UDP, port 3306, 192.168.1.3)
Configure iptables for firewall
sudo iptables -I INPUT -p udp --dport 3306 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 3306 --syn -j ACCEPT
sudo iptables-save
Restart mysql server sudo /etc/init.d/mysql restart
When testing, I get the following:
LAN:
mysql -h 192.168.1.3 -u nickruiz -p
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 95
Server version: 5.1.63-0ubuntu0.11.04.1 (Ubuntu)
Remote:
mysql -h 1xx.xx.4.136 -u nickruiz -p
ERROR 2003 (HY000): Can't connect to MySQL server on '1xx.xx.4.136' (111)
Clearly there's something wrong that's preventing me from being able to use my global IP address.
Notes:
I've tried testing the remote connection on the same machine and also
via SSH from a remote machine.
I'm not sure if my ISP has given me a static IP.
Any ideas?
Update:
telnet doesn't seem to be working.
telnet 192.168.1.3 3306
Trying 192.168.1.3...
Connected to 192.168.1.3.
Escape character is '^]'.
E
5.1.63-0ubuntu0.11.04.1,0g8!:#pX;]DyY0#\)SIConnection closed by foreign host.
Please check your listenning ports with :
netstat -nat |grep :3306
If it show
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
Thats is ok for your remote connection.
But in this case i think you have
tcp 0 192.168.1.3:3306 0.0.0.0:* LISTEN
Thats is ok for your remote connection.
You should also check your firewall (iptables if you centos/redhat)
services iptables stop
for testing or use :
iptables -A input -p tcp -i eth0 --dport 3306 -m state NEW,ESTABLISHED -j ACCEPT
iptables -A output -p tcp -i eth0 --sport 3306 -m state NEW,ESTABLISHED -j ACCEPT
And another thing to check your grant permission for remote connection :
GRANT ALL ON *.* TO remoteUser#'remoteIpadress' IDENTIFIED BY 'my_password';
errno 111 is ECONNREFUSED, I suppose something is wrong with the router's DNAT.
It is also possible that your ISP is filtering that port.
Check that your remote host (i.e. the web hosting server you're trying to connect FROM) allows OUTGOING traffic on port 3306.
I saw the (100) error in this situation. I could connect from my PC/Mac, but not from my website. The MySQL instance was accessible via the internet, but my hosting company wasn't allowing my website to connect to the database on port 3306.
Once I asked my hosting company to open my web hosting account up to outgoing traffic on port 3306, my website could connect to my remote database.
/etc/mysql$ sudo nano my.cnf
Relevant portion that works for me:
#skip-networking
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = MY_IP
MY_IP can be found using ifconfig or curl -L whatismyip.org |grep blue.
Restart mysql to ensure the new config is loaded:
/etc/mysql$ sudo service mysql restart
I had the same problem trying to connect to a remote mysql db.
I fixed it by opening the firewall on the db server to allow traffic through:
sudo ufw allow mysql
if the system you use is CentOS/RedHat, and rpm is the way you install MySQL, there is no my.cnf in /etc/ folder, you could use:
#whereis mysql
#cd /usr/share/mysql/
cp -f /usr/share/mysql/my-medium.cnf /etc/my.cnf
I have got a same question like you, I use wireshark to capture my sent TCP packets, I found when I use mysql bin to connect the remote host, it connects remote's 3307 port, that's my falut in /etc/mysql/my.cnf, 3307 is another project mysql port, but I change that config in my.cnf [client] part, when I use -P option to specify 3306 port, it's OK.
i set my bind-address correctly as above but forgot to restart the mysql server (or reboot) :) face palm - so that's the source of this error for me!
Sometimes when you have special characters in password you need to wrap it in '' characters, so to connect to db you could use:
mysql -uUSER -p'pa$$w0rd'
I had the same error and this solution solved it.
I had this same error and I didn't understand but I realized that my modem was using the same port as mysql. Well, I stop apache2.service by sudo systemctl stop apache2.service and restarted the xammp, sudo /opt/lampp/lampp start
Just maybe, if you were not using a password for mysql yet you had, 1045 (28000): Access denied for user 'root'#'localhost' (using password: YES), then you have to pass an empty string as the password
Not sure as cant see it in steps you mentioned.
Please try FLUSH PRIVILEGES [Reloads the privileges from the grant tables in the mysql database]:
flush privileges;
You need to execute it after GRANT
Hope this help!