LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-13-2016, 12:10 PM   #1
linuxnewbie0101
Member
 
Registered: Dec 2015
Posts: 46

Rep: Reputation: Disabled
trouble connecting to mysql from different domain/environment


`Ladies/Gents,

I recently installed

mysql Ver 14.14 Distrib 5.5.49, for debian-linux-gnu (x86_64) using readline 6.3

on a ubuntu trusty server in my dev environment. everything works within that environment. i am able to telnet from remote servers through port 3306 just find. i am even able to connect using CF datasource to that mysql server.

the issue is, i cannot, for some reason connect to the mysql server from my production environment server, i cannot telnet port 3306 although the port is open, iptables have rules to open 3306 for all class C block to the prod environment.

mysql user also have permission to local and to host % and to IP.

why can't i connect from my prod to dev? i've tried the bindings for localhost, 0.0.0.0 and 127.0.0.1 and none of it helps. skip-networking is also commented out.

i am in a position where i am in the wall and not knowing what else to try.

Please help.

Thank you

btw, ufw is disabled.

Last edited by linuxnewbie0101; 07-13-2016 at 12:11 PM.
 
Old 07-13-2016, 12:40 PM   #2
Habitual
LQ 5k Club
 
Registered: Jan 2011
Location: Nowhere near you, thank God.
Distribution: OSX Sierra
Posts: 8,576
Blog Entries: 15

Rep: Reputation: Disabled
Code:
mysql -uroot -p -e "select user, host from mysql.user;" -Ns
yield any clues?

If the user in "dev" has perms, you can modify those permissions for the "prod" environment.
Are you saying you allow the wildcard host ('%') and you still can't connect from prod?
wrt: bind-address, use 0.0.0.0 for all interfaces, even if just for testing. "prod" could be coming in over non-routable IPs...
Code:
ufw deny mysql
ufw allow from 1.2.3.4 to any port 3306
locks that down.

1.2.3.4 is your prod machine.
Do your testing from prod here...

Here's how I grant explicit assess to a mysql db:
Code:
grant all on <db>.* to '<user>'@'1.2.3.4';  identified by '<password>'; flush privileges;
If you don't know the password the above will 'set it" to <password> and single ticks are required for
'<user>', '1.2.3.4', and '<password>'

I suppose if I didn't know the password and didn't want to change it (as above) I'd try:
Code:
grant all on <db>.* to '<user>'@'1.2.3.4'; flush privileges;
I don't know if the grant statement with a partial IP or a CIDR would be acceptable to mysql. Never tried it, but if I wanted to,
it'd be something like:
Code:
grant all on <db>.* to '<user>'@'1.2.%'; flush privileges;
or possibly
Code:
grant all on <db>.* to '<user>'@'1.2.0.0/n ; flush privileges;
I'd then try to remote mysql into that host using
Code:
mysql -u<user> -p -h<IP>
from the "prod" environment.
1.2.3.4 may need tuning.

I in no way advocate the use of the wildcard host without certain precautions.

Something to research I guess.
Others may have more.

Last edited by Habitual; 07-13-2016 at 01:07 PM.
 
Old 07-13-2016, 12:56 PM   #3
linuxnewbie0101
Member
 
Registered: Dec 2015
Posts: 46

Original Poster
Rep: Reputation: Disabled
so yes, the user does have multiple permissions set already

Code:
mysql> select User,Host from mysql.user where user='redalert';
+----------+--------------+
| User     | Host         |
+----------+--------------+
| redalert | 10.203.%     |
| redalert | 10.245.97.16 |
| redalert | 10.245.97.17 |
| redalert | 10.245.97.20 |
| redalert | 10.245.97.21 |
| redalert | 10.68.12.%   |
| redalert | 10.68.13.%   |
| redalert | 10.7%        |
| redalert | 10.93.%      |
| redalert | 10.93.96.%   |
| redalert | 10.93.96.108 |
| redalert | 10.93.96.130 |
| redalert | 10.93.96.136 |
| redalert | 10.93.96.168 |
| redalert | 10.93.96.169 |
| redalert | 10.93.96.184 |
| redalert | 172.18.10.%  |
| redalert | 172.18.40.%
the one that iam testing is redalert | 10.245.97.20 but it does not allow me to telnet from that server to my mysql server.
 
Old 07-13-2016, 01:28 PM   #4
Habitual
LQ 5k Club
 
Registered: Jan 2011
Location: Nowhere near you, thank God.
Distribution: OSX Sierra
Posts: 8,576
Blog Entries: 15

Rep: Reputation: Disabled
Only thing left to do is on the mysql server,
fire up tcdump and save to file using:
Code:
tcpdump -s 1550 -c 50 -nn -i eth0 src 10.245.97.20  and tcp port 3306 -w redalert.sniff
and see what comes in over the 'wire' from 10.245.97.20
It will collect 50 samples and quit.

Yo can use tcpdump to replay the file back.

see also http://linux.byexamples.com/archives...ge-of-tcpdump/
 
Old 07-13-2016, 02:42 PM   #5
linuxnewbie0101
Member
 
Registered: Dec 2015
Posts: 46

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Habitual View Post
Only thing left to do is on the mysql server,
fire up tcdump and save to file using:
Code:
tcpdump -s 1550 -c 50 -nn -i eth0 src 10.245.97.20  and tcp port 3306 -w redalert.sniff
and see what comes in over the 'wire' from 10.245.97.20
It will collect 50 samples and quit.

Yo can use tcpdump to replay the file back.

see also http://linux.byexamples.com/archives...ge-of-tcpdump/
0 packets received
0 packets dropped
 
Old 07-13-2016, 03:31 PM   #6
Habitual
LQ 5k Club
 
Registered: Jan 2011
Location: Nowhere near you, thank God.
Distribution: OSX Sierra
Posts: 8,576
Blog Entries: 15

Rep: Reputation: Disabled
Better talk to the firewall guys, again.
 
1 members found this post helpful.
Old 07-14-2016, 02:31 PM   #7
linuxnewbie0101
Member
 
Registered: Dec 2015
Posts: 46

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Habitual View Post
Better talk to the firewall guys, again.
Yes, It was my fault not requesting the firewall to be bi-directional (in/out)

TY all who were involved in this problem.
 
Old 07-14-2016, 03:17 PM   #8
Habitual
LQ 5k Club
 
Registered: Jan 2011
Location: Nowhere near you, thank God.
Distribution: OSX Sierra
Posts: 8,576
Blog Entries: 15

Rep: Reputation: Disabled
Glad it worked out!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Trouble when connecting to mysql database remotely via port 3306 iamsamhk Linux - Newbie 3 07-23-2011 01:25 PM
[SOLVED] Connecting to a Samba server (not on domain) from windows domain pc centos123 Linux - Server 35 07-12-2011 06:27 AM
Trouble setting permissions with apache through Lampp and connecting with domain Leon14344 Linux - Server 1 07-12-2009 09:05 PM
Trouble connecting from mysql 4.1 to 5.0 haeppy Linux - Newbie 1 09-27-2005 05:03 PM
Mysql is not connecting from servlet.But connecting from java, help pls Harish_f Linux - General 0 05-08-2002 04:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 03:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration