MySQL Remote access forbidden only to a specific client
Hi,
I'm hit by a weird problem which is preventing a single specific instance of mysql-client to connect to a remote mysql-server. Connecting a client from other hosts to the same server works. Details of setup: A MySQL server is located at central.hwcharts.com; it is the master of a basic master-slave replication which replicates toward host0.hwcharts.com, located on a different physical machine which virtualizes (OpenVZ) the VM where the slave runs in. The replication itself works flawlessly, but the problem is that a mysql-client launched from the "slave" machine cannot connect to the master: Code:
mysql -h central.hwcharts.com -u hwcharts -pvery-long-pass hwcharts Code:
+---------------------------------------------------------------------+ MySQL version is 5.5.31 on every machine, for both client and server software. Operating systems are:
|
can they
Code:
telnet mysql-serverIP 3306 |
From any host, including the "slave" host, I get:
Code:
$ telnet central.hwcharts.com 3306 |
Wild guess: MySQL-slave-server does not have proper nameserver configured. The master-slave replication is done with ip-adress not hostname.
--- Edit: Sorry didn't see your reply, obviously hostname lookup works fine. |
I'd blame it on the access rules of mysql.users. Or maybe some fancy nat rules for this particular machine.
|
Code:
mysql -h central.hwcharts.com -uroot -p -e "use mysql; select User, Host from user;" |
I believe my setup is quite plain basic w/o much fancy customizations:
Code:
select user,host,password from mysql.user; Code:
Rule Application Prot Port_a port_b Local IP address comment |
Output of access attempts:
Executed from the slave host Code:
$ mysql -h central.hwcharts.com -uroot -p -e "use mysql; select User, Host from user;" Code:
$ mysql -h central.hwcharts.com -uroot -p -e "use mysql; select User, Host from user;" |
Are you sure replication works?
It is not enough checking SHOW SLAVE STATUS, to be absolutely sure you have to check the records in slave's db. Can you connect to slaves db with mysql client on itself? |
@pingu
I've checked right now, replication works: any change to master's tables (hwcharts.*) is immediately propagated to the slave database, flawlessly. MySQL client-server connection also works fine between the following combination of hosts, except between host0.hwcharts.com and central.hwcharts.com: Code:
From client To server Works? Comment |
Get your client's IP = xxx
and try to query: show grants for hwcharts@xxx and can you paste query's output? |
The grants for user 'hwcharts'@'%' (the only hwcharts user) in master DB are:
Code:
show grants; |
It is of course good to check the permissioms on the mysql server.
But the message you get - "Can't connect to MySQL server" - makes me believe that you don't reach the server at all. I think you need to find out where the connection is stopped. You have 4 systems to check, taken from your diagram: MySQL slave OpenVZ NAT (home DSL router) MySQL master I suggest you run tcpdump on all these while trying to connect, it will at least show how far the request goes. Maybe you can't on the NAT device but if so just leave it out for now. Also please post firewall rules for all systems. ("iptables -L") And a small note: you have posted valid url's & ip-adress in this thread, maybe not a good idea! There are always bad robots out there sniffing for places to hack. Easy fix is to write posts in whatever text-editor you have and do a search-replace. Then post with fake ip & url, and edit your earlier posts too. |
A very wild shot in the dark, should not be possible but I've seen a few really weird home "routers" before...
Could it be that you can have only one connection at a time from a client? Check it by opening two connections to mysql server from one client. You could also stop the slave and then try to connect via terminal. Well, as I said not very likely - but then it is a weird problem! |
Come to think of it, when did you start the replication, what have you done after that?
If you started replication and then later changed firewall rules the existing connection could still be kept alive but no new connections can be made. This applies on the client side too, it doesn't have to be the central-server that blocks. So think of it, what has been done on the servers in the communication chain after replication was set up? |
All times are GMT -5. The time now is 03:54 PM. |