无法在虚拟接口 10.0.0.x 上连接 mysql

我无法从 10.0.0.4 连接到在 10.0.0.5 上运行的 mysql。这是在 Hetzner 接口中创建的虚拟网络。我认为根据文档，mysql 的配置是正确的。

后端 10.0.0.4

root@backend:~# mysql -u root --host=10.0.0.5 --protocol=tcp --port=3306
ERROR 2002 (HY000): Can't connect to MySQL server on '10.0.0.5' (115)
root@backend:~# mysql -u literakl --host=10.0.0.5 --protocol=tcp --port=3306 -p
Enter password:
ERROR 2002 (HY000): Can't connect to MySQL server on '10.0.0.5' (115)

root@backend:~# telnet 10.0.0.5 3306
Trying 10.0.0.5...
telnet: Unable to connect to remote host: No route to host

root@backend:~# ssh [email protected]
The authenticity of host '10.0.0.5 (10.0.0.5)' can't be established.
ECDSA key fingerprint is SHA256:iDrbbDdMK1XKRrb0O3lZ899K/oQmTFtu4ju75h+te0Y.
10.0.0.5

root@backend:~# ping 10.0.0.5
PING 10.0.0.5 (10.0.0.5) 56(84) bytes of data.
64 bytes from 10.0.0.5: icmp_seq=1 ttl=63 time=1.75 ms

root@backend:~# nmap 10.0.0.0/24
Starting Nmap 7.70 ( https://nmap.org ) at 2021-06-30 20:35 CEST
Nmap scan report for 10.0.0.5
Host is up (0.0011s latency).
Not shown: 999 filtered ports
PORT   STATE SERVICE
22/tcp open  ssh
Nmap done: 256 IP addresses (5 hosts up) scanned in 150.32 seconds

次要 10.0.0.5

root@secondary:~# less /etc/mysql/mariadb.conf.d/50-server.cnf
bind-address            = 0.0.0.0
#skip-networking=1
#skip-bind-address

root@secondary:~# ufw status
Status: active
33060                      ALLOW       10.0.0.4
33061                      ALLOW       10.0.0.4
3306                       ALLOW       10.0.0.4
3306/tcp                   ALLOW       Anywhere
3306/tcp (v6)              ALLOW       Anywhere (v6)

root@secondary:~# netstat -ln | grep mysql
unix  2      [ ACC ]     STREAM     LISTENING     9927594  /run/mysqld/mysqld.sock

root@secondary:~# lsof -i -P -n | grep LISTEN
mysqld    6749 mysql   21u  IPv4 9927593      0t0  TCP *:3306 (LISTEN)

root@secondary:~# telnet 10.0.0.5 3306
Trying 10.0.0.5...
Connected to 10.0.0.5.
5.5.5-10.3.29-MariaDB-0+deb10u1$(u:]H1mysql_native_password

root@secondary:~# ip address
3: ens10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 86:00:00:b8:0d:95 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.5/32 brd 10.0.0.5 scope global dynamic ens10
       valid_lft 54105sec preferred_lft 54105sec
    inet6 fe80::8400:ff:feb8:d95/64 scope link
       valid_lft forever preferred_lft forever

root@secondary:~# mysql -u literakl --host=10.0.0.5 --protocol=tcp --port=3306 -p
Your MariaDB connection id is 37
Server version: 10.3.29-MariaDB-0+deb10u1 Debian 10

MariaDB [(none)]> SELECT User, Host FROM mysql.user;
| User             | Host      |
| literakl         | %         |
| literakl         | localhost |

我想知道，到底出了什么问题？辅助服务上的端口 3306 是开放的。我甚至尝试关闭两台服务器上的防火墙，但仍然没有成功。很奇怪。

更新 1：

root@secondary:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.31.1.1      0.0.0.0         UG    0      0        0 eth0
10.0.0.0        10.0.0.1        255.255.0.0     UG    0      0        0 ens10
10.0.0.1        0.0.0.0         255.255.255.255 UH    0      0        0 ens10
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
172.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker_gwbridge
172.31.1.1      0.0.0.0         255.255.255.255 UH    0      0        0 eth0

root@secondary:~# ip route list
default via 172.31.1.1 dev eth0
10.0.0.0/16 via 10.0.0.1 dev ens10
10.0.0.1 dev ens10 scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev docker_gwbridge proto kernel scope link src 172.18.0.1
172.31.1.1 dev eth0 scope link

root@secondary:~# arp -a
? (10.0.0.1) at d2:74:7f:6e:37:e3 [ether] on ens10
? (172.18.0.3) at 02:42:ac:12:00:03 [ether] on docker_gwbridge
? (172.31.1.1) at d2:74:7f:6e:37:e3 [ether] on eth0
11214.your-cloud.host (195.201.66.70) at 2e:bb:61:a6:0f:84 [ether] on eth0

更新 2：

我创建了名为 ternary 的新 VPS，开发人员只安装了 MySQL，Docker 中没有运行 Mongo（就像在辅助节点中一样），我可以从后端连接它。两台机器上的原始路由似乎相同。我们怀疑 Docker/Swarm 可能会影响辅助节点。

root@secondary:~# ip route
default via 172.31.1.1 dev eth0
10.0.0.0/16 via 10.0.0.1 dev ens10
10.0.0.1 dev ens10 scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.31.1.1 dev eth0 scope link

新型三元VPS

root@ternary:~# ip route
default via 172.31.1.1 dev eth0
10.0.0.0/16 via 10.0.0.1 dev ens10
10.0.0.1 dev ens10 scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.31.1.1 dev eth0 scope link

root@backend:~# mysql --host=10.0.0.6 -u matomo -p matomo
Enter password:
ERROR 1045 (28000): Access denied for user 'matomo'@'10.0.0.4' (using password: YES)