我遇到了一个问题,即使我设置了 3306 端口 (mysql),也无法访问它iptables。我该如何解决这个问题?
root@vps191532:# iptables-save
# Generated by iptables-save v1.4.21 on Thu Oct 22 20:42:38 2015
*filter
:INPUT ACCEPT [695:36753]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [469:37083]
-A INPUT -p tcp -m tcp --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 3306 -m state --state ESTABLISHED -j ACCEPT
COMMIT
# Completed on Thu Oct 22 20:42:38 2015
root@vps191532:# netstat -lnpa | grep mysql
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 8960/mysqld
unix 2 [ ACC ] STREAM LISTENING 42152 8960/mysqld /var/run/mysqld/mysqld.sock
C:\Users>telnet 149.XXX.51.XXX 3306
Connecting To 149.XXX.51.XXX...Could not open connection to the host, on port 3306: Connect failed
root@vps191532:# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql state NEW,ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:mysql state ESTABLISHED
答案1
问题在于您的 MySQL 安装仅监听 127.0.0.1 地址(也称为 localhost)上的连接。基本上,只需编辑 /etc/mysql/my.cnf 文件并找到以下行:
bind-address = 127.0.0.1
只需将其更改为:
bind-address = 0.0.0.0
并使用以下命令重新启动 MySQL 服务:
service mysql restart
只需记住 MySQL 将开始监听所有地址,因此只需根据您的需要进行调整,并添加防火墙规则来阻止不需要的请求...
再见!