我可以在本地远程登录到 mysql 进程,如下所示:
我还通过bind-address = 0.0.0.0
如下设置确保 MySQL 进程正在侦听所有 IP:
root@localhost:~# netstat -plutn | grep mysql
tcp 0 0 0.0.0.0:33060 0.0.0.0:* LISTEN 39288/mysqld
tcp 0 0 0.0.0.0:7306 0.0.0.0:* LISTEN 39288/mysqld
和
root@localhost:~# telnet 82.165.32.59 7306
Trying 82.165.32.59...
Connected to 82.165.32.59.
Escape character is '^]'.
>Host 'linux' is not allowed to connect to this MySQL serverConnection closed by foreign host
我打开防火墙端口 7306 并使用以下命令重新加载防火墙:
root@localhost:~# firewall-cmd --zone=public --permanent --add-port=7306/tcp
Warning: ALREADY_ENABLED: 7306:tcp
success
root@localhost:~# firewall-cmd --reload
success
root@localhost:~# firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports: 443/tcp 80/tcp 7306/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
但是,当从远程主机 telnet 失败时,如下所示:
$ telnet 82.165.32.59 7306
Trying 82.165.32.59...
telnet: connect to address 82.165.32.59: Connection timed out
我的操作系统是:
root@localhost:~# uname -a
Linux localhost 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:50:10 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
root@localhost:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.3 LTS
Release: 20.04
Codename: focal
我尝试重新启动防火墙服务,如下所示:
root@localhost:~# systemctl restart firewalld
我还使用以下脚本刷新了 IPTABLES,但没有帮助:
root@localhost:~# cat fw.stop
#!/bin/sh
echo "Stopping IPv4 firewall and allowing everyone..."
ipt="/sbin/iptables"
## Failsafe - die if /sbin/iptables not found
[ ! -x "$ipt" ] && { echo "$0: \"${ipt}\" command not found."; exit 1; }
$ipt -P INPUT ACCEPT
$ipt -P FORWARD ACCEPT
$ipt -P OUTPUT ACCEPT
$ipt -F
$ipt -X
$ipt -t nat -F
$ipt -t nat -X
$ipt -t mangle -F
$ipt -t mangle -X
$ipt -t raw -F
$ipt -t raw -X
我还使用以下网站检查了端口 7306 是否对外界开放,但它也说Port 7306 is closed on 82.165.32.59.
https://www.yougetsignal.com/tools/open-ports/
然而,下面是输出iptables -L
,我没有理解它的专业知识。
root@localhost:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED,DNAT
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED,DNAT
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all -- anywhere anywhere [goto]
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_public (1 references)
target prot opt source destination
FWDI_public_pre all -- anywhere anywhere
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere
FWDI_public_post all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain FWDI_public_allow (1 references)
target prot opt source destination
Chain FWDI_public_deny (1 references)
target prot opt source destination
Chain FWDI_public_log (1 references)
target prot opt source destination
Chain FWDI_public_post (1 references)
target prot opt source destination
Chain FWDI_public_pre (1 references)
target prot opt source destination
Chain FWDO_public (1 references)
target prot opt source destination
FWDO_public_pre all -- anywhere anywhere
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere
FWDO_public_post all -- anywhere anywhere
Chain FWDO_public_allow (1 references)
target prot opt source destination
Chain FWDO_public_deny (1 references)
target prot opt source destination
Chain FWDO_public_log (1 references)
target prot opt source destination
Chain FWDO_public_post (1 references)
target prot opt source destination
Chain FWDO_public_pre (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all -- anywhere anywhere [goto]
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_public (1 references)
target prot opt source destination
IN_public_pre all -- anywhere anywhere
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere
IN_public_post all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:https ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:7306 ctstate NEW,UNTRACKED
Chain IN_public_deny (1 references)
target prot opt source destination
Chain IN_public_log (1 references)
target prot opt source destination
Chain IN_public_post (1 references)
target prot opt source destination
Chain IN_public_pre (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
你能建议吗?
服务器由https://cloudpanel.ionos.de/提供
登录门户后,网页仪表板上有一个防火墙选项,允许在端口 7306 上访问(传入流量)。
如果有人可以阐明答案,我不明白是什么阻止了远程主机访问该端口。
选择该端口后重新启动服务器,现在端口正在连接。
非常感谢您的帮助。
这可能是一个特权限制。如果您允许的帐户是
'user'@'localhost'
,您应该telnet localhost 7306
在本地尝试。您还可以验证是否存在
'user'@'%'
Mysql 用户(或'user'@'linux'
)另请参阅https://stackoverflow.com/questions/1559955/host-xxx-xx-xxx-xxx-is-not-allowed-to-connect-to-this-mysql-server
请注意,我不希望 telnet 连接有什么用处。这个端口是用来连接Mysql客户端的。