主页 / unix / 问题 / 676900
Accepted
Ashar
Asked: 2021-11-11 06:37:52 +0800 CST

无法从远程主机连接 telnet 到 mysql 监听 ip 端口

  • 772

我可以在本地远程登录到 mysql 进程,如下所示:

我还通过bind-address = 0.0.0.0如下设置确保 MySQL 进程正在侦听所有 IP:

root@localhost:~# netstat -plutn | grep mysql
tcp        0      0 0.0.0.0:33060           0.0.0.0:*               LISTEN      39288/mysqld
tcp        0      0 0.0.0.0:7306            0.0.0.0:*               LISTEN      39288/mysqld


root@localhost:~# telnet 82.165.32.59 7306
Trying 82.165.32.59...
Connected to 82.165.32.59.
Escape character is '^]'.
>Host 'linux' is not allowed to connect to this MySQL serverConnection closed by foreign host

我打开防火墙端口 7306 并使用以下命令重新加载防火墙:

root@localhost:~# firewall-cmd --zone=public --permanent --add-port=7306/tcp
Warning: ALREADY_ENABLED: 7306:tcp
success
root@localhost:~#  firewall-cmd --reload
success
root@localhost:~# firewall-cmd --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client ssh
  ports: 443/tcp 80/tcp 7306/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

但是,当从远程主机 telnet 失败时,如下所示:

$ telnet 82.165.32.59 7306
Trying 82.165.32.59...

telnet: connect to address 82.165.32.59: Connection timed out

我的操作系统是:

root@localhost:~# uname -a
Linux localhost 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:50:10 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

root@localhost:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.3 LTS
Release:        20.04
Codename:       focal

我尝试重新启动防火墙服务,如下所示:

root@localhost:~# systemctl restart firewalld

我还使用以下脚本刷新了 IPTABLES,但没有帮助:

root@localhost:~# cat fw.stop
#!/bin/sh
echo "Stopping IPv4 firewall and allowing everyone..."
ipt="/sbin/iptables"
## Failsafe - die if /sbin/iptables not found
[ ! -x "$ipt" ] && { echo "$0: \"${ipt}\" command not found."; exit 1; }
$ipt -P INPUT ACCEPT
$ipt -P FORWARD ACCEPT
$ipt -P OUTPUT ACCEPT
$ipt -F
$ipt -X
$ipt -t nat -F
$ipt -t nat -X
$ipt -t mangle -F
$ipt -t mangle -X
$ipt -t raw -F
$ipt -t raw -X

我还使用以下网站检查了端口 7306 是否对外界开放,但它也说Port 7306 is closed on 82.165.32.59.

https://www.yougetsignal.com/tools/open-ports/

然而,下面是输出iptables -L,我没有理解它的专业知识。

root@localhost:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED,DNAT
ACCEPT     all  --  anywhere             anywhere
INPUT_direct  all  --  anywhere             anywhere
INPUT_ZONES  all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere             ctstate INVALID
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED,DNAT
ACCEPT     all  --  anywhere             anywhere
FORWARD_direct  all  --  anywhere             anywhere
FORWARD_IN_ZONES  all  --  anywhere             anywhere
FORWARD_OUT_ZONES  all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere             ctstate INVALID
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
OUTPUT_direct  all  --  anywhere             anywhere

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination
FWDI_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination
FWDO_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_direct (1 references)
target     prot opt source               destination

Chain FWDI_public (1 references)
target     prot opt source               destination
FWDI_public_pre  all  --  anywhere             anywhere
FWDI_public_log  all  --  anywhere             anywhere
FWDI_public_deny  all  --  anywhere             anywhere
FWDI_public_allow  all  --  anywhere             anywhere
FWDI_public_post  all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere

Chain FWDI_public_allow (1 references)
target     prot opt source               destination

Chain FWDI_public_deny (1 references)
target     prot opt source               destination

Chain FWDI_public_log (1 references)
target     prot opt source               destination

Chain FWDI_public_post (1 references)
target     prot opt source               destination

Chain FWDI_public_pre (1 references)
target     prot opt source               destination

Chain FWDO_public (1 references)
target     prot opt source               destination
FWDO_public_pre  all  --  anywhere             anywhere
FWDO_public_log  all  --  anywhere             anywhere
FWDO_public_deny  all  --  anywhere             anywhere
FWDO_public_allow  all  --  anywhere             anywhere
FWDO_public_post  all  --  anywhere             anywhere

Chain FWDO_public_allow (1 references)
target     prot opt source               destination

Chain FWDO_public_deny (1 references)
target     prot opt source               destination

Chain FWDO_public_log (1 references)
target     prot opt source               destination

Chain FWDO_public_post (1 references)
target     prot opt source               destination

Chain FWDO_public_pre (1 references)
target     prot opt source               destination

Chain INPUT_ZONES (1 references)
target     prot opt source               destination
IN_public  all  --  anywhere             anywhere            [goto]

Chain INPUT_direct (1 references)
target     prot opt source               destination

Chain IN_public (1 references)
target     prot opt source               destination
IN_public_pre  all  --  anywhere             anywhere
IN_public_log  all  --  anywhere             anywhere
IN_public_deny  all  --  anywhere             anywhere
IN_public_allow  all  --  anywhere             anywhere
IN_public_post  all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere

Chain IN_public_allow (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW,UNTRACKED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https ctstate NEW,UNTRACKED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http ctstate NEW,UNTRACKED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:mysql ctstate NEW,UNTRACKED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:7306 ctstate NEW,UNTRACKED

Chain IN_public_deny (1 references)
target     prot opt source               destination

Chain IN_public_log (1 references)
target     prot opt source               destination

Chain IN_public_post (1 references)
target     prot opt source               destination

Chain IN_public_pre (1 references)
target     prot opt source               destination

Chain OUTPUT_direct (1 references)
target     prot opt source               destination

你能建议吗?

linux firewall

2 个回答

  1. Best Answer

    服务器由https://cloudpanel.ionos.de/提供

    登录门户后,网页仪表板上有一个防火墙选项,允许在端口 7306 上访问(传入流量)。

    如果有人可以阐明答案,我不明白是什么阻止了远程主机访问该端口。

    选择该端口后重新启动服务器,现在端口正在连接。

    非常感谢您的帮助。

    • 0

  2. 这可能是一个特权限制。如果您允许的帐户是'user'@'localhost',您应该telnet localhost 7306在本地尝试。

    您还可以验证是否存在'user'@'%'Mysql 用户(或'user'@'linux'

    另请参阅https://stackoverflow.com/questions/1559955/host-xxx-xx-xxx-xxx-is-not-allowed-to-connect-to-this-mysql-server

    请注意,我不希望 telnet 连接有什么用处。这个端口是用来连接Mysql客户端的。

    • -1

相关问题