Monday, June 22, 2015

centos - Cannot Establish Remote Connection to MYSQL Database

want to access the MYSQL database remotely but when checking on yougetsignal(dot) com I get a message that port 3306 is closed.



Configuration: Fresh Server (Centos 6.4 64 bit with Zpanel installed)



Steps Already Taken:




  1. Removed bind address from my.cnf


  2. Tried adding bind address as server IP



  3. Have edited the IPTABLES to keep the port open.


  4. Forwarded the port from router


  5. added port=3306 in /etc/my.cnf


  6. Stopped IPTABLES


  7. several restarts of mysqld after every change


  8. restarts of IPTABLES after change




Nothing has worked so far.




IP Tables:



# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT


Diagnostic Results:

netstat result:



# netstat -na | grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN


netstat Results (netstat -lnp | grep mysql)



# netstat -lnp | grep mysql
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 6684/mysqld

unix 2 [ ACC ] STREAM LISTENING 33101 6684/mysqld /var/lib/mysql/mysql.sock


iptables -L Results:



Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)

target prot opt source destination


can run nc on server from localhost / SSH connection but not from remote systems

No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...