启用 IPTables 后，局域网上的 MySQL 无法运行

我有两个 Centos VM。

IP地址如下：

• VM_1 =>10.99.0.10
• VM_2 =>10.99.0.12

Apache 和 PHP 在 VM_1 中，MySQL 在 VM_2 中。两者都有 iptables 规则。VM_2 规则运行良好。现在我正在从 VM_1 进行测试。

首先，我已禁用VM_1 iptables 并连接到 VM_2 MySQL（连接成功）。

[root@foster ~]# service iptables stop
iptables: Applying firewall rules:                         [  OK  ]
[root@foster ~]# mysql -h 10.99.0.12 -u root -p
Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 16
Server version: 5.6.21 MySQL Community Server (GPL)
...

第二节已启用VM_1 iptables 并连接到 VM_2 MySQL（它在几个小时内也没有响应）。

[root@foster ~]# service iptables start
iptables: Applying firewall rules:                         [  OK  ]
[root@foster ~]# mysql -h 10.99.0.12 -u root -p
Enter password:

我的 iptables 规则有什么问题？这里我的 iptables 规则是：

[root@foster ~]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
ACCEPT     udp  --  anywhere             anywhere            udp spt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh state N                                                     EW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http state                                                      NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https state                                                      NEW,ESTABLISHED
ACCEPT     tcp  --  10.99.0.12           anywhere            tcp dpt:mysql state                                                      NEW,ESTABLISHED
ACCEPT     tcp  --  localhost            anywhere            tcp dpt:mysql state                                                      NEW,ESTABLISHED
LOGGING    all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:ssh state E                                                     STABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:http state                                                      ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:https state                                                      ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:mysql state                                                      ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:mysql state                                                      ESTABLISHED

Chain LOGGING (1 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            limit: avg 2/min bu                                                     rst 5 LOG level debug prefix `IPTables Dropped -:- '
DROP       all  --  anywhere             anywhere