In Linux, the mysql Port cannot be remotely accessed. firewall settings _ MySQL

Source: Internet
Author: User
In Linux, the mysql Port cannot be remotely accessed. the firewall sets bitsCN.com.

In Linux, the mysql Port cannot be remotely accessed. firewall settings

The following content only solves the problem of the port opened by iptables, and does not solve the problem of the remote access permission of the account of the mysql database itself.

Linux iptables opens the Mysql port to allow remote access

Modify the firewall configuration file:

Vi/etc/sysconfig/iptables

Add the following line:

-A RH-Firewall-1-INPUT-m state-state NEW-m tcp-p tcp-dport 3306-j ACCEPT

Or use the command

Iptables-A RH-Firewall-1-INPUT-m state-state NEW-m tcp-p tcp-dport 3306-j ACCEPT

Save the configuration. Otherwise, the restart will not take effect.

Service iptables save

Restart iptable

Service iptables restart

Then you can access Mysql from other machines.

The line for enabling port 3306 must be before icmp-host-prohibited.

I have never been able to find the problem. I have configured port 3306 and cannot access mysql externally. I can close iptables and finally find the problem ..

Iptables-L-n -- line-number there is a REJECT in the RH-Firewall-1-INPUT that points to icmp ..

The port to open must be before this rule .. if you load the RH-Firewall-1-INPUT with INPUT, you can put REJECT under the RH-Firewall-1-INPUT, let INPUT first load the rules in the RH-Firewal-1-INPUT, and then load REJECT ..

Or write the open rules for Port 3306 before the RH-Firewall-1-INPUT in the INPUT ..

(I personally think the first one is more convenient. in the future, there will be rules that can be directly added to RH, so there is no need to worry about order issues ..)

The command to add a REJECT is:

Iptables-a input-j REJECT -- reject-with icmp-host-prohibited

With my configuration ..

[Root @ localhost ~] # Iptables-L-n

Chain INPUT (policy ACCEPT)

Target prot opt source destination

RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)

Target prot opt source destination

RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)

Target prot opt source destination

RH-Firewall-1-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain RH-Firewall-1-INPUT (2 references)

Target prot opt source destination

ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255

ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0

ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0

ACCEPT udp -- 0.0.0.0/0 224.0.0.20.udp dpt: 5353

ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 uddpt: 631

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt: 631

ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED, ESTABLISHED

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 21

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 22

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 80

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 3306

BitsCN.com

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.