在过去的几天,我尝试了很多东西来解决Can't connect to MySQL server 。 我想描述一下我迄今为止所做的一切。
/etc/my.cnf 0.0.0.0。 更改IP表如下图所示:
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 127.0.0.0/8 anywhere Admin tcp -- anywhere anywhere tcp dpt:caiccipc REJECT tcp -- anywhere anywhere tcp dpt:mysql reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:caiccipc reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:ssslic-mgr reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:h323hostcallsc reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:cadkey-tablet reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:ufastro-instr reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:5062 reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:ca-2 reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:5070 reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:6060 reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:8005 reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:8009 reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp dpt:itelserverport reject-with icmp-port-unreachable ACCEPT tcp -- 103.19.0.0/24 anywhere tcp dpt:mysql state NEW,ESTABLISHED DROP tcp -- 103.19.0.0/24 anywhere tcp dpt:mysql state NEW,ESTABLISHED DROP tcp -- 103.19.0.0/24 anywhere tcp dpt:mysql ACCEPT tcp -- 103.19.0.0/24 anywhere tcp dpt:mysql ACCEPT tcp -- 103.19.0.0/24 anywhere tcp dpt:mysql state NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:mysql Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
我的nmap为'198.211.37.xx'显示了下面的内容:
PORT STATE SERVICE 1/tcp filtered tcpmux 2/tcp filtered compressnet 3/tcp filtered compressnet 4/tcp filtered unknown 5/tcp filtered rje 6/tcp filtered unknown 7/tcp filtered echo 8/tcp filtered unknown 9/tcp filtered discard 10/tcp filtered unknown 11/tcp filtered systat 12/tcp filtered unknown 13/tcp filtered daytime 14/tcp filtered unknown 15/tcp filtered netstat 16/tcp filtered unknown 17/tcp filtered qotd 18/tcp filtered msp 19/tcp filtered chargen 21/tcp open ftp 22/tcp filtered ssh 25/tcp open smtp 26/tcp open unknown 53/tcp open domain 80/tcp open http 110/tcp open pop3 143/tcp open imap 443/tcp open https 465/tcp open smtps 587/tcp open submission 993/tcp open imaps 995/tcp open pop3s 3306/tcp open mysql 8080/tcp open http-proxy
完成这一切后,我仍然Can't connect to MySQL server on '198.211.37.xx'我的应用程序中的Can't connect to MySQL server on '198.211.37.xx' 。
这个问题我非常需要专家的build议。
我会亲自去掉你所有的iptablesconfiguration,并重新开始,使用这个文档作为参考。
为了好的做法,我将运行一个“默认拒绝”规则,并明确允许要运行的服务的连接(例如,分别用于SSH和MySQL的端口22和3306)。 根据本指南 (请记住,您的系统可能需要更改命令):
首先,刷新所有现有的规则:
iptables -F iptables -X
然后,为INPUT , OUTPUT和FORWARD链添加默认策略,并允许回送连接 – 请注意,默认情况下,这将允许所有出站访问:
iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -A INPUT -i lo -j ACCEPT
允许SSH(将<SERVER_IP>replace为服务器的公共IP):
iptables -A INPUT -p tcp -s 0.0.0.0/0 -d <SERVER_IP> --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
允许MySQL(将<OTHER_SERVER_IP>replace为要将MySQL访问列入白名单的IP地址 – 我强烈build议您这样做以避免您的MySQL端口处于世界可见状态)。 你可以重复下面的所有端口,你想公开访问:
iptables -A INPUT -p tcp -s <OTHER_SERVER_IP> -d <SERVER_IP> --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
最后,放弃所有其他入站stream量:
iptables -A INPUT -j DROP