我的问题类似于此问题,但由于我没有足够的声誉来发表评论,并且该问题的答案无济于事,所以我开始一个新的问题.
My problem is similar to this question but since I don't have enough reputation to write a comment AND the answer to that question dindn’t help, I am starting a new question.
我有一个带有LEMP且带有MySQL Ver 15.1 Distrib 10.1.18-MariaDB的GCE VM实例,我正在尝试从本地计算机远程连接到它.
I have an GCE VM instance with LEMP with MySQL Ver 15.1 Distrib 10.1.18-MariaDB and I'm trying to connect remotely to it from my local machine.
我已经尝试过前面提到的问题链接中的所有建议.
I already tried all the suggestions in the question link that I mentioned before.
这是我的防火墙配置:
在myf文件中,我有:
In myf file I have:
绑定地址= 0.0.0.0
bind-address = 0.0.0.0
关于MySQL用户的特权,我有以下内容:
And about MySQL users privileges I have the following:
当我尝试与 wkreport 用户进行远程连接时,我得到以下结果:
When I try to connect remotely with wkreport user I get the following result:
我的问题是,我想念什么?!
My question is, what am I missing ?!
推荐答案我刚刚找到了解决问题的方法,
I just found the solution to my problem,
特别感谢@Slava为我指明了方向,毕竟那是iptables.
Special thanks to @Slava for pointing me the way, after all it was iptables.
因此,在尝试远程连接时,我始终收到"MySQL连接被拒绝"消息,因此我搜索了一种查看TCP连接日志的方法,并找到了tcpdump命令.
So, I kept receiving a "MySQL connection refused" message when trying to connect remotely so I searched for a way to see TCP connection logs and I found the tcpdump command.
通过运行sudo tcpdump port 3306 -vvv -n,每次尝试远程连接时,我都会看到以下输出:
By running sudo tcpdump port 3306 -vvv -n I saw the following output every time I tried to connect remotely:
我搜索了tcpdump手册页,发现R代表TCP RST(RESET)标志.
I searched the tcpdump man page and saw that R means for TCP RST (RESET) flag.
搜索了一下,发现了这个问题及其接受的答案再次将我带入了IPTABLES,自从第一次发表评论以来,@ Slava就提出了建议.
Searched a little bit and found this question and its accepted answer led me again into IPTABLES that @Slava suggested since the first comment.
那是当我仔细观察并发现我的INPUT ACCEPT tcp:3306是在REJECT TCP reject-with tcp-reset规则之后定义的,因此显示了日志.
That's when I looked closely and saw that my INPUT ACCEPT tcp:3306 was defined after the REJECT TCP reject-with tcp-reset rule hence the log was showing.
在此之后,我刚刚删除了接受tcp:3306的规则,并将其放在拒绝tcp规则之前,瞧!
After this I just removed the rule to accept tcp:3306 and prepended it to the reject tcp rules and voila!
iptables -D INPUT -p tcp -m tcp --dport 3306 -j ACCEPT iptables -I INPUT {line number from the first reject tcp rule} -p tcp -m tcp --dport 3306 -j ACCEPTIPTABLES现在看起来像这样,最后我可以远程连接到MySQL:
IPTABLES now looks like this and finally I can connect to MySQL remotely:
要列出具有行号的iptables,请输入:
To list the iptables with line numbers type:
sudo iptables -nL --line-numbers最后一击:
- 出于安全考虑,可以通过将要进行远程连接的源IP地址列入白名单来改善这一点.
更多推荐
在Google Compute Engine VM上远程连接到MySQL
发布评论