Hi All,
Hi All,
MySQL 5.0.77 on CentOS 5.4
MySQL is running, my Wordpress stuff is working, but I cannot connect to the server from my house. This server is in my house, however, but on a public IP, behind a firewall, etc.
I checked my hardware firewall (a dedicated UnTangle system) and that is successfully allowing the passage. I know this because the firewall shows:
2009-12-22 6:29:41 am passed <my IP>:35606 <server IP>:3306
I checked the firewall (system-config-securitylevel-tui) on the server and that has 3306:tcp allowed.
When I try to connect I get an error (4) which when I google says: "Interrupted System call" I have tried using the MySQL Workbench and other client software.
If I look in /var/log/mysqld.log I dont see anything but the fact the server started.
I tried stopping mysql with /etc/init.d/mysqld stop
Then starting with mysqld_safe --init-file=/tmp/code.txt &
Where code.txt contains:
UPDATE mysql.user SET Password=PASSWORD('mypassword') WHERE User='root'; GRANT ALL ON mysql.* to 'root'@'127.0.0.1'; GRANT ALL ON mysql.* TO 'root'@'localhost'; GRANT ALL ON mysql.* TO 'root'@'my home IP'; FLUSH PRIVILEGES; commit;
and I still cannot connect. But the database starts and this code executes because If I go to the console and run /usr/bin/mysql -u root -p and use this password from the update statement that password gets me in.
So, on my server I run tcpdump host <my ip> and I dont think I see anything where 3306 is coming through.
if I run a test MySQL connection from the MySQL Workbench and they run netstat on my server and I dont see a entry where 3306 is used in what netstat is dumping.
What am I doing wrong? What can I check for? I am stumped!
-Jason
UPDATE mysql.user SET Password=PASSWORD('mypassword') WHERE User='root'; GRANT ALL ON mysql.* to 'root'@'127.0.0.1'; GRANT ALL ON mysql.* TO 'root'@'localhost'; GRANT ALL ON mysql.* TO 'root'@'my home IP'; FLUSH PRIVILEGES; commit;
and I still cannot connect. But the database starts and this code executes because If I go to the console and run /usr/bin/mysql -u root -p and use this password from the update statement that password gets me in.
So, on my server I run tcpdump host <my ip> and I dont think I see anything where 3306 is coming through.
if I run a test MySQL connection from the MySQL Workbench and they run netstat on my server and I dont see a entry where 3306 is used in what netstat is dumping.
What am I doing wrong? What can I check for? I am stumped!
-Jason ----------------------
Try to telnet to port 3306 and see if you get thru.
Try changing the password after you have added the users with the GRANTS. If you have run your script more than once that has probably been done. Commit should probably be before the flush also.
John
On Tue, Dec 22, 2009 at 9:34 AM, ML mailinglists@mailnewsrss.com wrote: [snip]
I checked my hardware firewall (a dedicated UnTangle system) and that is successfully allowing the passage. I know this because the firewall shows:
2009-12-22 6:29:41 am passed <my IP>:35606 <server IP>:3306
I checked the firewall (system-config-securitylevel-tui) on the server and that has 3306:tcp allowed.
Can you post the outputs of: netstat -tlnw
itpables -L
grep bind-address /etc/my.cnf
I checked the firewall (system-config-securitylevel-tui) on the server and that has 3306:tcp allowed.
Sure:
netstat -tlnw
[root@indie ~]# netstat -tnlw Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 173.13.167.209:389 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:10663 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:7306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:3310 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 173.13.167.209:80 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:921 0.0.0.0:* LISTEN tcp 0 0 :::7072 :::* LISTEN tcp 0 0 :::7777 :::* LISTEN tcp 0 0 :::993 :::* LISTEN tcp 0 0 :::995 :::* LISTEN tcp 0 0 :::7780 :::* LISTEN tcp 0 0 :::5222 :::* LISTEN tcp 0 0 :::5223 :::* LISTEN tcp 0 0 :::7335 :::* LISTEN tcp 0 0 :::110 :::* LISTEN tcp 0 0 :::143 :::* LISTEN tcp 0 0 :::8080 :::* LISTEN tcp 0 0 :::7025 :::* LISTEN tcp 0 0 :::5269 :::* LISTEN tcp 0 0 :::2966 :::* LISTEN tcp 0 0 :::443 :::* LISTEN tcp 0 0 :::10015 :::* LISTEN tcp 0 0 :::7071 :::* LISTEN [root@indie ~]#
itpables -L
[root@indie ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql ACCEPT udp -- anywhere anywhere state NEW udp dpt:ntp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:idp-infotrieve ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:webcache ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:7071 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imaps ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3s ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtps ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap4-ssl ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https REJECT all -- anywhere anywhere reject-with icmp-host-prohibited [root@indie ~]#
grep bind-address /etc/my.cnf
[root@indie ~]# grep bind-address /etc/my.cnf [root@indie ~]#
nothing here
-J
ML wrote:
MySQL 5.0.77 on CentOS 5.4
MySQL is running, my Wordpress stuff is working, but I cannot connect to the server from my house. This server is in my house, however, but on a public IP, behind a firewall, etc.
I checked my hardware firewall (a dedicated UnTangle system) and that is successfully allowing the passage. I know this because the firewall shows:
2009-12-22 6:29:41 am passed <my IP>:35606 <server IP>:3306
[...]
So, on my server I run tcpdump host <my ip> and I dont think I see anything where 3306 is coming through.
if I run a test MySQL connection from the MySQL Workbench and they run netstat on my server and I dont see a entry where 3306 is used in what netstat is dumping.
What am I doing wrong? What can I check for? I am stumped!
Where does the client connection originate? Is it behind the same firewall but on a NATed address? Or is NAT involved in some other way that might keep you from seeing the source you expect in your tcpdump?
Hi Les,
MySQL is running, my Wordpress stuff is working, but I cannot connect to the server from my house. This server is in my house, however, but on a public IP, behind a firewall, etc.
I checked my hardware firewall (a dedicated UnTangle system) and that is successfully allowing the passage. I know this because the firewall shows:
2009-12-22 6:29:41 am passed <my IP>:35606 <server IP>:3306
[...]
What am I doing wrong? What can I check for? I am stumped!
Where does the client connection originate? Is it behind the same firewall but on a NATed address? Or is NAT involved in some other way that might keep you from seeing the source you expect in your tcpdump?
OK, I have a comcast modem as pass through.
I have a firewall and behind it is the mysql server (public IP)
I have an Apple Time Capsule that is NOT behind the firewall, but does have a public IP on the same network as the firewall and MySQL Server. The Time Capsule nats and give clients behind it a private IP.
-Jason
ML wrote:
Hi Les,
MySQL is running, my Wordpress stuff is working, but I cannot connect to the server from my house. This server is in my house, however, but on a public IP, behind a firewall, etc.
I checked my hardware firewall (a dedicated UnTangle system) and that is successfully allowing the passage. I know this because the firewall shows:
2009-12-22 6:29:41 am passed <my IP>:35606 <server IP>:3306
[...]
What am I doing wrong? What can I check for? I am stumped!
Where does the client connection originate? Is it behind the same firewall but on a NATed address? Or is NAT involved in some other way that might keep you from seeing the source you expect in your tcpdump?
OK, I have a comcast modem as pass through.
I have a firewall and behind it is the mysql server (public IP)
I have an Apple Time Capsule that is NOT behind the firewall, but does have a public IP on the same network as the firewall and MySQL Server. The Time Capsule nats and give clients behind it a private IP.
I still don't understand the exact relationship - or which address you are expecting in the tcpdump. From this description I'd guess you would see the time capsule's public IP as the source for your connections. Is that what you were expecting, but not seeing, in your tcpdump? Are there other connections to mysql through this interface or can you just look for anything on port 3306? And is the firewall running as an unnumbered bridge? I'd make sure packets are going back and forth before looking further. Also, comcast modems can overlay a private range on the same subnet as the assigned public set. It would be possible for your time capsule to use a dhcp-assigned private address on it's public facing side which would be NATted by the comcast modem.
MySQL is *not* listening on TCP 3306 since *long* unless you tell it to in the my.cf. It uses a local Unix socket by default.
Kai
-
John Kienitz -
Kai Schaetzl -
Kwan Lowe -
Les Mikesell -
ML