CentOS 上的某些东西阻止了远程 MySQL 连接

CentOS 上的某些东西阻止了远程 MySQL 连接

我在 CentOS 7 上运行 MySQL,似乎无法远程连接 MySQL。我有:

bind-address=0.0.0.0

当然不是#skip-networking,但如果我绑定到实际的公共/本地 IP 地址就没关系了。

我已禁用 SELinux:

[root@hostname ~]# sestatus
SELinux status:                 disabled

输出为iptables -L -v

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 103K   21M ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
   13   880 ACCEPT     all  --  lo     any     anywhere             anywhere            
21423 3952K INPUT_direct  all  --  any    any     anywhere             anywhere            
21423 3952K INPUT_ZONES_SOURCE  all  --  any    any     anywhere             anywhere            
21423 3952K INPUT_ZONES  all  --  any    any     anywhere             anywhere            
  166  7863 DROP       all  --  any    any     anywhere             anywhere             ctstate INVALID
12168 3403K REJECT     all  --  any    any     anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  lo     any     anywhere             anywhere            
    0     0 FORWARD_direct  all  --  any    any     anywhere             anywhere            
    0     0 FORWARD_IN_ZONES_SOURCE  all  --  any    any     anywhere             anywhere            
    0     0 FORWARD_IN_ZONES  all  --  any    any     anywhere             anywhere            
    0     0 FORWARD_OUT_ZONES_SOURCE  all  --  any    any     anywhere             anywhere            
    0     0 FORWARD_OUT_ZONES  all  --  any    any     anywhere             anywhere            
    0     0 DROP       all  --  any    any     anywhere             anywhere             ctstate INVALID
    0     0 REJECT     all  --  any    any     anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 43729 packets, 8473K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 152K   30M OUTPUT_direct  all  --  any    any     anywhere             anywhere            

Chain FORWARD_IN_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 FWDI_public  all  --  ens160 any     anywhere             anywhere            [goto] 
    0     0 FWDI_public  all  --  +      any     anywhere             anywhere            [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_OUT_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 FWDO_public  all  --  any    ens160  anywhere             anywhere            [goto] 
    0     0 FWDO_public  all  --  any    +       anywhere             anywhere            [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 FWDI_public_log  all  --  any    any     anywhere             anywhere            
    0     0 FWDI_public_deny  all  --  any    any     anywhere             anywhere            
    0     0 FWDI_public_allow  all  --  any    any     anywhere             anywhere            
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere            

Chain FWDI_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 FWDO_public_log  all  --  any    any     anywhere             anywhere            
    0     0 FWDO_public_deny  all  --  any    any     anywhere             anywhere            
    0     0 FWDO_public_allow  all  --  any    any     anywhere             anywhere            

Chain FWDO_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 7423 1336K IN_public  all  --  ens160 any     anywhere             anywhere            [goto] 
    0     0 IN_public  all  --  +      any     anywhere             anywhere            [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain IN_public (2 references)
 pkts bytes target     prot opt in     out     source               destination         
21423 3952K IN_public_log  all  --  any    any     anywhere             anywhere            
21423 3952K IN_public_deny  all  --  any    any     anywhere             anywhere            
21423 3952K IN_public_allow  all  --  any    any     anywhere             anywhere            
    8   324 ACCEPT     icmp --  any    any     anywhere             anywhere            

Chain IN_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 9081  540K ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh ctstate NEW

Chain IN_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain IN_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination

我当然这么做了:

GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '********' WITH GRANT OPTION;
FLUSH PRIVILEGES;

但我认为这是一个相当重要的连接问题,因为:

telnet XXX.XXX.XXX.XXX 3306
Trying XXX.XXX.XXX.XXX...
telnet: connect to address XXX.XXX.XXX.XXX: Connection refused
telnet: Unable to connect to remote host

但:

mysql -u root -p
mysql -h localhost -u root -p
mysql -h XXX.XXX.XXX.XXX -u root -p (public IP)
mysql -h XXX.XXX.XXX.XXX -u root -p (local network IP)

一切似乎都可以从服务器本身的控制台运行。有什么想法吗?

相关内容