好吧,我知道这已经被问了很多,但我已经尝试了我可以find的每一个build议,我仍然不能telnet到端口3306上的我的亚马逊服务器。
添加iptables条目以接受端口3306上的连接:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
这不能解决它,所以我关掉防火墙ufw disable
my.cnf中将绑定地址更改为0.0.0.0 ,并确保端口为3306 仍然没有运气。 3306端口可能被阻塞还有其他原因吗? 为什么我不能用telnet连接? (ofc我的目的是远程连接mysql)这里是netstat -lnptu的结果
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 16883/mysqld tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 932/sshd tcp6 0 0 :::80 :::* LISTEN 14030/apache2 tcp6 0 0 :::22 :::* LISTEN 932/sshd udp 0 0 0.0.0.0:68 0.0.0.0:* 512/dhclient udp 0 0 0.0.0.0:29313 0.0.0.0:* 512/dhclient udp6 0 0 :::28486 :::* 512/dhclient
事实certificate,ufw禁用实际上并没有closuresiptables规则。 我在我的iptables中有这个行:
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
这就阻止了附加的ACCEPT行被忽略。 我添加了iptables -I INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT行与-I而不是-A和它的工作。
最终iptables -L工作:
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:mysql ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:http REJECT all -- anywhere anywhere reject-with icmp-host-prohibited ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:mysql ACCEPT tcp -- anywhere anywhere tcp dpt:mysql Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination