远程连接到 Google Compute Engine VM 上的 MySQL

编程入门行业动态更新时间:2024-10-22 23:13:39

本文介绍了远程连接到 Google Compute Engine VM 上的 MySQL的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我的问题类似于

在 myf 文件中我有:

<块引用>

绑定地址 = 0.0.0.0

关于 MySQL 用户的权限，我有以下几点:

当我尝试与 wkreport 用户远程连接时，我得到以下结果:

我的问题是，我错过了什么?！

解决方案

我刚刚找到了解决问题的方法，

特别感谢@Slava 为我指路，毕竟它是 iptables.

所以，我在尝试远程连接时一直收到MySQL 连接被拒绝"消息，所以我搜索了一种查看 TCP 连接日志的方法，并找到了 tcpdump 命令.

通过运行 sudo tcpdump port 3306 -vvv -n 我每次尝试远程连接时都会看到以下输出:

我搜索了 tcpdump 手册页，发现 R 表示 TCP RST (RESET) 标志.

搜索了一下，发现了这个

在此之后，我刚刚删除了接受 tcp:3306 的规则并将其添加到拒绝 tcp 规则之前，瞧！

iptables -D INPUT -p tcp -m tcp --dport 3306 -j ACCEPTiptables -I INPUT {第一个拒绝 tcp 规则的行号} -p tcp -m tcp --dport 3306 -j ACCEPT

IPTABLES 现在看起来像这样，最后我可以远程连接到 MySQL:

要列出带有行号的 iptables，请键入:

sudo iptables -nL --line-numbers

最后的挑战:

出于安全考虑，可以通过将您进行远程连接的源 IP 地址列入白名单来改善这一点.

My problem is similar to this question but since I don't have enough reputation to write a comment AND the answer to that question dindn’t help, I am starting a new question.

I have an GCE VM instance with LEMP with MySQL Ver 15.1 Distrib 10.1.18-MariaDB and I'm trying to connect remotely to it from my local machine.

I already tried all the suggestions in the question link that I mentioned before.

This is my firewall configuration:

In myf file I have:

bind-address = 0.0.0.0

And about MySQL users privileges I have the following:

When I try to connect remotely with wkreport user I get the following result:

My question is, what am I missing ?!

解决方案

I just found the solution to my problem,

Special thanks to @Slava for pointing me the way, after all it was iptables.

So, I kept receiving a "MySQL connection refused" message when trying to connect remotely so I searched for a way to see TCP connection logs and I found the tcpdump command.

By running sudo tcpdump port 3306 -vvv -n I saw the following output every time I tried to connect remotely:

I searched the tcpdump man page and saw that R means for TCP RST (RESET) flag.

Searched a little bit and found this question and its accepted answer led me again into IPTABLES that @Slava suggested since the first comment.

That's when I looked closely and saw that my INPUT ACCEPT tcp:3306 was defined after the REJECT TCP reject-with tcp-reset rule hence the log was showing.

After this I just removed the rule to accept tcp:3306 and prepended it to the reject tcp rules and voila!

iptables -D INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
iptables -I INPUT {line number from the first reject tcp rule} -p tcp -m tcp --dport 3306 -j ACCEPT

IPTABLES now looks like this and finally I can connect to MySQL remotely:

To list the iptables with line numbers type: