Accessing a mysql database from external host/ip?

2020-01-27 06:00发布

站内问答 / MySQL
1076 8 4

I have a mysql server running on x.x.x.x, and can access it internally no problem (of course). However when attempting to connect externally, ie using mysql workbench, or even from an external server, I get the error message "Host 'bla.bla.bla' is not allowed to connect to this MySQL server".

I have done:

  • GRANT ALL PRIVILEGES ON *.* TO mysql@x.x.x.x IDENTIFIED BY "somepass";
  • And I have opened port 3306 in iptables.

Is there another fundamental security issue I am missing?

8条回答
Luminary・发光体
2楼-- · 2020-01-27 06:09

To solve this you needed to perform the following commands:

mysql -u root -p
[enter in your password]
CREATE USER 'mysqluser'@'%' IDENTIFIED BY 'aC0MPL3XPa33W0RD';
GRANT ALL PRIVILEGES ON *.* TO 'mysqluser'@'%' WITH GRANT OPTION;
查看更多
0人赞 添加讨论(0) 举报
Fickle 薄情
3楼-- · 2020-01-27 06:18

I dont know the ins and outs of security behind this bind-addressthing, just learning by installing a debian server on a virtual-box machine. This guest has a virtual network card set up as a bridge, so the rest of the house can see it. Its IP is 192.168.1.4. From another computer (192.168.1.3), connection failed with bind-address = 127.0.0.1. Set up bind-address = 192.168.1.4 works fine. (its own address, litterally) It must be the interpretation of 127.0.0.1 inside a virtual config, not sure...

查看更多
0人赞 添加讨论(0) 举报
Viruses.
4楼-- · 2020-01-27 06:19

I had the exactly similar situation.my MYSQL is installed on a centOS. The path to Nirvana is as below.

  1. bind-address: DID NOT WORK
  2. grant permission: DID NOT WORK
  3. Iptables when turned off: DID work.

SOLUTION:I went fishing into the iptables and made following changes:

  1. Access the iptables using the command : vim /etc/sysconfig/iptables

  2. If you find the below statements COMMENT them out by adding a '#' at the beginning of the line.

    -A INPUT -s 123.123.123.123/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT

    -A INPUT -j REJECT --reject-with icmp-host-prohibited

    -A OUTPUT -p tcp -m tcp --dport 3306 -j ACCEPT

  3. Restart the iptables using the command: service iptables restart

Yep, that worked for me. Hope it is useful to someone.

查看更多
0人赞 添加讨论(0) 举报
萌系小妹纸
5楼-- · 2020-01-27 06:27

Comment out the line:

bind-address = localhost
#bind-address = localhost < this is what it should look like.

in your MySQL my.conf file. It is normally located in /etc/mysql/my.conf.

查看更多
0人赞 添加讨论(0) 举报
ら.Afraid
6楼-- · 2020-01-27 06:29

You need to do 

GRANT ALL PRIVILEGES ON *.* TO mysql@'bla.bla.bla' ...

The part after the @ is the host from which the connection is coming, so you have allowed only connections coming from localhost. You need to allow access from each remote host necessary (or all hosts - ... mysql@'%' ... - if applicable).

查看更多
0人赞 添加讨论(0) 举报
再贱就再见
7楼-- · 2020-01-27 06:29

When I Got my server,even I had the same problem accessing the mysql from MySQL client application, Then I granted the Mysql permission, with following query.

it worked Great 

**GRANT ALL PRIVILEGES ON db_base.* TO db_user @'%' IDENTIFIED BY 'db_passwd';** 

db_base is the database Name
db_user is database User
db_passwd is the database password

Once you execute this flush it, by the following command FLUSH PRIVILEGES;

Suppose if you are looking to give privileges to access certain tables in the Database you can use the following command

GRANT ALL PRIVILEGES ON db_base.HELLOWORLD TO db_user @'%' IDENTIFIED BY 'db_passwd';

Where HELLOWORLD is the table Name

查看更多
0人赞 添加讨论(0) 举报
1 2 下一页
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)