[SOLVED] can not grant access to mysql for remote users
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
hello
I want to grant access to mysql for remote users I do this sort of things:
Quote:
1) GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY PASSWORD '*95013D13C503AF2768B878CC80E4B967037CB83C' WITH GRANT OPTION;
2) commenting bind-address in my.cnf
3) touch /etc/apparmor.d/disable/usr.sbin.mysqld
4) /etc/init.d/apparmor restart
5) service mysql restart
but from remote host :
Quote:
[root@localhost test]# mysql -u root -pmypass -h 192.168.8.111
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.8.111' (110)
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY PASSWORD '*95013D13C503AF2768B878CC80E4B967037CB83C' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
root@RAAD:~# service mysql restart
mysql start/running, process 31670
another thing that I have to say is that it take long time for client to say:
Quote:
[root@localhost test]# mysql -u root -pmypass -h 192.168.8.111 [[[[ after one minutes]]]]
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.8.111' (110)
root@RA# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
inospoof all -- anywhere anywhere
iexternalmodules all -- anywhere anywhere
iexternal all -- anywhere anywhere
inoexternal all -- anywhere anywhere
imodules all -- anywhere anywhere
iintservs all -- anywhere anywhere
iglobal all -- anywhere anywhere
ACCEPT icmp !f anywhere anywhere icmp echo-request state NEW
ACCEPT icmp !f anywhere anywhere icmp echo-reply state NEW
ACCEPT icmp !f anywhere anywhere icmp destination-unreachable state NEW
ACCEPT icmp !f anywhere anywhere icmp source-quench state NEW
ACCEPT icmp !f anywhere anywhere icmp time-exceeded state NEW
ACCEPT icmp !f anywhere anywhere icmp parameter-problem state NEW
idrop all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
fnospoof all -- anywhere anywhere
fredirects all -- anywhere anywhere
fmodules all -- anywhere anywhere
ffwdrules all -- anywhere anywhere
fnoexternal all -- anywhere anywhere
fdns all -- anywhere anywhere
fobjects all -- anywhere anywhere
fglobal all -- anywhere anywhere
ACCEPT icmp !f anywhere anywhere icmp echo-request state NEW
ACCEPT icmp !f anywhere anywhere icmp echo-reply state NEW
ACCEPT icmp !f anywhere anywhere icmp destination-unreachable state NEW
ACCEPT icmp !f anywhere anywhere icmp source-quench state NEW
ACCEPT icmp !f anywhere anywhere icmp time-exceeded state NEW
ACCEPT icmp !f anywhere anywhere icmp parameter-problem state NEW
fdrop all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ointernal all -- anywhere anywhere
omodules all -- anywhere anywhere
oglobal all -- anywhere anywhere
ACCEPT icmp !f anywhere anywhere icmp echo-request state NEW
ACCEPT icmp !f anywhere anywhere icmp echo-reply state NEW
ACCEPT icmp !f anywhere anywhere icmp destination-unreachable state NEW
ACCEPT icmp !f anywhere anywhere icmp source-quench state NEW
ACCEPT icmp !f anywhere anywhere icmp time-exceeded state NEW
ACCEPT icmp !f anywhere anywhere icmp parameter-problem state NEW
odrop all -- anywhere anywhere
Chain drop (13 references)
target prot opt source destination
DROP all -- anywhere anywhere
ACCEPT udp -- anywhere 4.2.2.4 state NEW udp dpt:domain
ACCEPT tcp -- anywhere 4.2.2.4 state NEW tcp dpt:domain
ACCEPT udp -- anywhere 4.2.2.2 state NEW udp dpt:domain
ACCEPT tcp -- anywhere 4.2.2.2 state NEW tcp dpt:domain
Chain fdrop (5 references)
target prot opt source destination
drop all -- anywhere anywhere
Chain ftoexternalonly (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
fdrop all -- anywhere anywhere
Chain idrop (4 references)
target prot opt source destination
drop all -- anywhere anywhere
Chain iexternal (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
drop tcp -- anywhere anywhere tcp dpt:8110 state NEW
drop tcp -- anywhere anywhere tcp dpt:xmpp-client state NEW
drop tcp -- anywhere anywhere tcp dpt:5223 state NEW
drop tcp -- anywhere anywhere tcp dpt:4190 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps state NEW
ACCEPT tcp -- anywhere anywhere tcp dptop3 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssmtp state NEW
ACCEPT tcp -- anywhere anywhere tcp dptop3s state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2 state NEW
drop udp -- anywhere anywhere udp dpts:10000:20000 state NEW
drop udp -- anywhere anywhere udp dpt:iax state NEW
drop udp -- anywhere anywhere udp dpt:sip state NEW
drop udp -- anywhere anywhere udp dpt:5036 state NEW
drop udp -- anywhere anywhere udp dpt:radius state NEW
Chain iglobal (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:ntp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:8110 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:xmpp-client state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:5223 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:www state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:4190 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps state NEW
ACCEPT tcp -- anywhere anywhere tcp dptop3 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssmtp state NEW
ACCEPT tcp -- anywhere anywhere tcp dptop3s state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:domain state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:domain state NEW
ACCEPT udp -- anywhere anywhere udp dpt:bootps state NEW
ACCEPT udp -- anywhere anywhere udp dpt:tftp state NEW
ACCEPT udp -- anywhere anywhere udp dpts:10000:20000 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:iax state NEW
ACCEPT udp -- anywhere anywhere udp dpt:sip state NEW
ACCEPT udp -- anywhere anywhere udp dpt:5036 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:radius state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp state NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-dgm state NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ns state NEW
ACCEPT udp -- anywhere anywhere udp dpt:microsoft-ds state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds state NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ssn state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:8888 state NEW
drop tcp -- anywhere anywhere tcp dpt:ldap state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW
Chain odrop (1 references)
target prot opt source destination
drop all -- anywhere anywhere
Chain oglobal (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dptop3 state NEW
ACCEPT all -- anywhere anywhere state NEW
Chain ointernal (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 4.2.2.4 state NEW udp dpt:domain
ACCEPT tcp -- anywhere 4.2.2.4 state NEW tcp dpt:domain
ACCEPT udp -- anywhere 4.2.2.2 state NEW udp dpt:domain
ACCEPT tcp -- anywhere 4.2.2.2 state NEW tcp dpt:domain
Chain omodules (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere state NEW tcp spt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp spt:netbios-ns
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns
ACCEPT tcp -- anywhere anywhere state NEW tcp spt:netbios-dgm
ACCEPT udp -- anywhere anywhere state NEW udp spt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp spt:netbios-ssn
ACCEPT udp -- anywhere anywhere state NEW udp spt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp spt:microsoft-ds
ACCEPT udp -- anywhere anywhere state NEW udp spt:microsoft-ds
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds
ACCEPT udp -- anywhere anywhere state NEW udp dpt:microsoft-ds
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:www
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
there is no permit on the INPUT chain for the IP you're using. use "iptables -vnL" for a better output, and you'll see the first ACCEPT there that permits everything will probably just be for lo, not eth0, so you'll need to add a rule for that.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.