trouble connecting to mysql from different domain/environment
`Ladies/Gents,
I recently installed mysql Ver 14.14 Distrib 5.5.49, for debian-linux-gnu (x86_64) using readline 6.3 on a ubuntu trusty server in my dev environment. everything works within that environment. i am able to telnet from remote servers through port 3306 just find. i am even able to connect using CF datasource to that mysql server. the issue is, i cannot, for some reason connect to the mysql server from my production environment server, i cannot telnet port 3306 although the port is open, iptables have rules to open 3306 for all class C block to the prod environment. mysql user also have permission to local and to host % and to IP. why can't i connect from my prod to dev? i've tried the bindings for localhost, 0.0.0.0 and 127.0.0.1 and none of it helps. skip-networking is also commented out. i am in a position where i am in the wall and not knowing what else to try. Please help. Thank you btw, ufw is disabled. |
Code:
mysql -uroot -p -e "select user, host from mysql.user;" -Ns If the user in "dev" has perms, you can modify those permissions for the "prod" environment. Are you saying you allow the wildcard host ('%') and you still can't connect from prod? wrt: bind-address, use 0.0.0.0 for all interfaces, even if just for testing. "prod" could be coming in over non-routable IPs... Code:
ufw deny mysql 1.2.3.4 is your prod machine. Do your testing from prod here... Here's how I grant explicit assess to a mysql db: Code:
grant all on <db>.* to '<user>'@'1.2.3.4'; identified by '<password>'; flush privileges; '<user>', '1.2.3.4', and '<password>' I suppose if I didn't know the password and didn't want to change it (as above) I'd try: Code:
grant all on <db>.* to '<user>'@'1.2.3.4'; flush privileges; it'd be something like: Code:
grant all on <db>.* to '<user>'@'1.2.%'; flush privileges; Code:
grant all on <db>.* to '<user>'@'1.2.0.0/n ; flush privileges; Code:
mysql -u<user> -p -h<IP> 1.2.3.4 may need tuning. I in no way advocate the use of the wildcard host without certain precautions. Something to research I guess. Others may have more. |
so yes, the user does have multiple permissions set already
Code:
mysql> select User,Host from mysql.user where user='redalert'; |
Only thing left to do is on the mysql server,
fire up tcdump and save to file using: Code:
tcpdump -s 1550 -c 50 -nn -i eth0 src 10.245.97.20 and tcp port 3306 -w redalert.sniff It will collect 50 samples and quit. Yo can use tcpdump to replay the file back. see also http://linux.byexamples.com/archives...ge-of-tcpdump/ |
Quote:
0 packets dropped |
Better talk to the firewall guys, again.
|
Quote:
TY all who were involved in this problem. |
Glad it worked out!
|
All times are GMT -5. The time now is 03:04 PM. |