无法建立与 MYSQL 数据库的远程连接

无法建立与 MYSQL 数据库的远程连接

想要远程访问 MYSQL 数据库,但是当检查 yougetsignal(dot) com 时,我收到一条消息,提示端口 3306 已关闭。

配置:全新服务器(安装了 Zpanel 的 Centos 6.4 64 位)

已采取的措施:

  1. 从 my.cnf 中删除绑定地址

  2. 尝试添加绑定地址作为服务器 IP

  3. 已编辑IPTABLES以保持端口开放。

  4. 从路由器转发端口

  5. 在 /etc/my.cnf 中添加 port=3306

  6. 已停止 IPTABLES

  7. 每次更改后都要重新启动 mysqld

  8. 更改后重新启动 IPTABLES

到现在为止什么都没有起作用。

IP 表:

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

诊断结果:netstat 结果:

# netstat -na | grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN

netstat 结果(netstat -lnp | grep mysql)

# netstat -lnp | grep mysql
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 6684/mysqld
unix 2 [ ACC ] STREAM LISTENING 33101 6684/mysqld /var/lib/mysql/mysql.sock

iptables -L 结果:

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

可以通过本地主机/SSH 连接在服务器上运行 nc,但不能通过远程系统运行

答案1

流量可能正在被过滤。

因为您提供了您的域名(这里假设,尽管有两个具有两个不同地址的 A 记录141.101.117.86是准确的..

跟踪路由到端口 80,我们可以证明该端口是开放的。

$ sudo traceroute -T -O info 141.101.117.86 -p 80
traceroute to 141.101.117.86 (141.101.117.86), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  0.332 ms  0.460 ms  0.574 ms
 2  host-92-25-242-1.as13285.net (92.25.242.1)  13.745 ms  13.807 ms  13.902 ms
 3  host-78-151-225-189.static.as13285.net (78.151.225.189)  15.058 ms  15.086 ms  15.118 ms
 4  host-78-151-225-196.static.as13285.net (78.151.225.196)  16.120 ms host-78-151-225-232.static.as13285.net (78.151.225.232)  15.748 ms host-78-151-225-184.static.as13285.net (78.151.225.184)  16.069 ms
 5  host-78-144-11-115.as13285.net (78.144.11.115)  16.630 ms  16.579 ms host-78-144-11-109.as13285.net (78.144.11.109)  16.798 ms
 6  195.66.225.179 (195.66.225.179)  16.728 ms  14.735 ms  14.707 ms
 7  141.101.117.86 (141.101.117.86) <syn,ack>  14.713 ms  14.907 ms  14.887 ms

如果我们尝试 3306...

$ sudo traceroute -T -O info 141.101.117.86 -p 3306
traceroute to 141.101.117.86 (141.101.117.86), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  0.343 ms  0.444 ms  0.624 ms
 2  host-92-25-242-1.as13285.net (92.25.242.1)  13.225 ms  13.226 ms  13.233 ms
 3  host-78-151-225-189.static.as13285.net (78.151.225.189)  14.736 ms  15.352 ms  15.347 ms
 4  host-78-151-225-220.static.as13285.net (78.151.225.220)  15.492 ms host-78-151-228-37.as13285.net (78.151.228.37)  15.441 ms host-78-151-225-232.static.as13285.net (78.151.225.232)  15.350 ms
 5  host-78-144-11-95.as13285.net (78.144.11.95)  16.140 ms host-78-144-11-119.as13285.net (78.144.11.119)  16.551 ms host-78-144-11-95.as13285.net (78.144.11.95)  16.463 ms
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
...

流量在此主机处停止:195.66.225.179这可能是一个防火墙,正在阻止流量。

答案2

因此,这里给出的真实 IP 地址是跟踪路由;笔记路线似乎经常变化,但这两个示例似乎采用了类似的路径。

端口 80

traceroute to 103.231.8.238 (103.231.8.238), 30 hops max, 60 byte packets
 1  192.168.1.1  0.290 ms  0.435 ms  0.520 ms
 2  92.25.242.1  13.350 ms  13.348 ms  13.343 ms
 3  78.151.225.189  15.084 ms  15.086 ms  15.099 ms
 4  78.151.225.200  15.236 ms  15.873 ms 78.151.225.184  15.907 ms
 5  78.144.11.123  16.353 ms 78.144.11.121  16.227 ms 78.144.11.135  16.243 ms
 6  195.66.224.209  18.715 ms 78.144.11.2  16.502 ms 78.144.10.252  16.443 ms
 7  206.126.236.88  96.076 ms  93.854 ms 145.253.33.238  14.138 ms
 8  182.19.105.75  132.438 ms 182.19.105.73  131.902 ms  131.863 ms
 9  * * *
10  103.1.112.13  140.948 ms 182.19.115.224  278.477 ms  278.436 ms
11  103.13.96.170  154.360 ms  153.584 ms 182.19.115.226  275.564 ms
12  103.241.180.132  137.192 ms  138.187 ms 182.19.115.100  276.826 ms
13  103.231.8.238  138.987 ms  138.867 ms  140.010 ms

以及端口 3306:

 1  192.168.1.1  0.380 ms  0.468 ms  0.574 ms
 2  92.25.242.1  13.358 ms  13.366 ms  13.399 ms
 3  78.151.225.189  14.904 ms  14.904 ms  14.931 ms
 4  78.151.225.156  15.081 ms  15.676 ms 78.151.225.188  32.598 ms
 5  78.144.11.111  16.741 ms 78.144.11.119  19.341 ms 78.144.11.125  16.725 ms
 6  78.144.11.6  16.818 ms 78.144.10.254  17.168 ms 78.144.11.6  17.104 ms
 7  206.126.236.88  96.258 ms 145.253.33.238  14.267 ms 206.126.236.88  94.096 ms
 8  63.218.162.165  344.874 ms 182.19.105.75  132.858 ms 63.218.162.165  344.861 ms
 9  63.218.163.170  284.351 ms 123.63.182.125  138.510 ms 63.218.163.170  283.633 ms
10  103.1.112.13  138.879 ms  140.004 ms 182.19.115.224  277.669 ms
11  103.13.96.170  154.360 ms 182.19.107.1  275.934 ms 103.13.96.170  152.461 ms
12  103.241.180.132  136.943 ms  138.046 ms 182.19.115.100  275.782 ms
13  182.19.105.75  274.382 ms  274.097 ms *
14  123.63.182.125  280.577 ms *  281.215 ms
15  * 103.1.112.13  281.433 ms *
16  103.13.96.170  297.287 ms *  296.211 ms
17  * * *
18  * * *
19  * * *
...

感兴趣的是第 12 到第 13 跳。在端口 80 示例中,第 13 跳是您的服务器。在端口 3306 上,第 13 跳是 182.19.105.75 地址,在其他跟踪路由中,这也显示为从目的地到倒数第二跳。我假设发生了一些 DNAT,将流量从此网络重定向回不同的目的地,但无法从输出中判断此目的地可能是什么。

一些跟踪路由显示出一些循环的迹象,例如这个......

 8  182.19.105.75  148.637 ms  133.271 ms 63.218.162.165  345.590 ms
 9  * * 123.63.182.125  137.830 ms
10  103.1.112.13  140.637 ms *  140.108 ms
11  182.19.107.1  275.851 ms 103.13.96.170  153.820 ms 182.19.107.1  275.465 ms
12  103.241.180.132  136.681 ms 182.19.115.100  275.113 ms 103.241.180.132  136.907 ms
13  182.19.105.75  274.357 ms  274.330 ms  274.211 ms
14  123.63.182.125  282.631 ms  282.339 ms *
15  * 103.1.112.13  283.497 ms  282.053 ms
16  * * 103.13.96.170  298.444 ms
17  103.241.180.132  279.360 ms * *

然而我最终从未收到过 TTL 超出消息。

检查您在路由器和端口转发中设置的内容,似乎有些配置不正确。

相关内容