In Linux, the mysql Port cannot be remotely accessed. firewall settings _ MySQL

In Linux, the mysql Port cannot be remotely accessed. the firewall sets bitsCN.com.

In Linux, the mysql Port cannot be remotely accessed. firewall settings

The following content only solves the problem of the port opened by iptables, and does not solve the problem of the remote access permission of the account of the mysql database itself.

Linux iptables opens the Mysql port to allow remote access

Modify the firewall configuration file:

Vi/etc/sysconfig/iptables

Add the following line:

-A RH-Firewall-1-INPUT-m state-state NEW-m tcp-p tcp-dport 3306-j ACCEPT

Or use the command

Iptables-A RH-Firewall-1-INPUT-m state-state NEW-m tcp-p tcp-dport 3306-j ACCEPT

Save the configuration. Otherwise, the restart will not take effect.

Service iptables save

Restart iptable

Service iptables restart

Then you can access Mysql from other machines.

The line for enabling port 3306 must be before icmp-host-prohibited.

I have never been able to find the problem. I have configured port 3306 and cannot access mysql externally. I can close iptables and finally find the problem ..

Iptables-L-n -- line-number there is a REJECT in the RH-Firewall-1-INPUT that points to icmp ..

The port to open must be before this rule .. if you load the RH-Firewall-1-INPUT with INPUT, you can put REJECT under the RH-Firewall-1-INPUT, let INPUT first load the rules in the RH-Firewal-1-INPUT, and then load REJECT ..

Or write the open rules for Port 3306 before the RH-Firewall-1-INPUT in the INPUT ..

(I personally think the first one is more convenient. in the future, there will be rules that can be directly added to RH, so there is no need to worry about order issues ..)

The command to add a REJECT is:

Iptables-a input-j REJECT -- reject-with icmp-host-prohibited

With my configuration ..

[Root @ localhost ~] # Iptables-L-n

Chain INPUT (policy ACCEPT)

Target prot opt source destination

RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)

Target prot opt source destination

RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)

Target prot opt source destination

RH-Firewall-1-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain RH-Firewall-1-INPUT (2 references)

Target prot opt source destination

ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255

ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0

ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0

ACCEPT udp -- 0.0.0.0/0 224.0.0.20.udp dpt: 5353

ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 uddpt: 631

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt: 631

ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED, ESTABLISHED

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 21

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 22

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 80

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 3306

BitsCN.com