MySQL / Firewall / Can't connect to MySQL server
6,764
I think your problem is in second line of your iptables:
REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port-unreachable
it should be at the end
Related videos on Youtube
Comments
-
Rob over 1 year
I have a client running a mysql server with
bind-address=0.0.0.0
.Here is the iptables output
root@host:/var/www# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT icmp -- anywhere anywhere ACCEPT tcp -- anywhere mysql tcp dpt:mysql LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix `iptables denied: ' DROP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere
One web server can connect to the mysql server but another server cannot. They are both connecting on the same ip address, using the same username and password. It seems there is another firewall configured that is blocking this request. I'm not sure what else to check.
mysql -h <host> -u <user> -p<password> ERROR 2003 (HY000): Can't connect to MySQL server on '<host>' (110)
Any ideas to point me in the right direction?
Update
It turns out the new web server was setup in a different data center than the mysql server so the internal network ip's couldn't communicate.
-
Laurentiu Roescu over 10 yearsAre the two webservers using the same connection string? It could be a DNS problem.
-
-
Maxat Kulmanov over 10 yearsHave you tried to connect with telnet?
-
Rob over 10 yearsI cannot connect with telnet. I can't even ping the server since trying this rackspace article. I also tried removing the above line and reloading the ip tables. It didn't help.
-
Rob over 10 yearsBy the way, that firewall rule only drops traffic for
127/8
that's not onlo0
. I am trying to connect to mysql oneth1
on a different ip address. -
Maxat Kulmanov over 10 yearswhy is your rule for allowing mysql has destination mysql? Could you post iptables -L -v output?