In Linux, the mysql Port cannot be remotely accessed. the firewall sets bitsCN.com.
In Linux, the mysql Port cannot be remotely accessed. firewall settings
The following content only solves the problem of the port opened by iptables, and does not solve the problem of the remote access permission of the account of the mysql database itself.
Linux iptables opens the Mysql port to allow remote access
Modify the firewall configuration file:
Vi/etc/sysconfig/iptables
Add the following line:
-A RH-Firewall-1-INPUT-m state-state NEW-m tcp-p tcp-dport 3306-j ACCEPT
Or use the command
Iptables-A RH-Firewall-1-INPUT-m state-state NEW-m tcp-p tcp-dport 3306-j ACCEPT
Save the configuration. Otherwise, the restart will not take effect.
Service iptables save
Restart iptable
Service iptables restart
Then you can access Mysql from other machines.
The line for enabling port 3306 must be before icmp-host-prohibited.
I have never been able to find the problem. I have configured port 3306 and cannot access mysql externally. I can close iptables and finally find the problem ..
Iptables-L-n -- line-number there is a REJECT in the RH-Firewall-1-INPUT that points to icmp ..
The port to open must be before this rule .. if you load the RH-Firewall-1-INPUT with INPUT, you can put REJECT under the RH-Firewall-1-INPUT, let INPUT first load the rules in the RH-Firewal-1-INPUT, and then load REJECT ..
Or write the open rules for Port 3306 before the RH-Firewall-1-INPUT in the INPUT ..
(I personally think the first one is more convenient. in the future, there will be rules that can be directly added to RH, so there is no need to worry about order issues ..)
The command to add a REJECT is:
Iptables-a input-j REJECT -- reject-with icmp-host-prohibited
With my configuration ..
[Root @ localhost ~] # Iptables-L-n
Chain INPUT (policy ACCEPT)
Target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
Target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
Target prot opt source destination
RH-Firewall-1-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain RH-Firewall-1-INPUT (2 references)
Target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.20.udp dpt: 5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 uddpt: 631
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt: 631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED, ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 3306
BitsCN.com