I'm trying to set up a MySQL server. Its running on Ubuntu. When I try to log into it from local, via 'mysql -u user - h server-ip-add -p', it will ask for a password, and then time out after the password is entered. I'm able to SSH into the server, and then access mysql from there.
I've checked that port 3306 is open in the iptables settings:
Chain INPUT (policy DROP)
target prot opt source destination
f2b-nginx-http-auth tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
f2b-sshd tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22
ufw-before-logging-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-before-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-logging-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-reject-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-track-input all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
DROP all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 69.114.251.207 0.0.0.0/0 tcp dpt:3306
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ufw-before-logging-forward all -- 0.0.0.0/0 0.0.0.0/0
ufw-before-forward all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-forward all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-logging-forward all -- 0.0.0.0/0 0.0.0.0/0
ufw-reject-forward all -- 0.0.0.0/0 0.0.0.0/0
ufw-track-forward all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ufw-before-logging-output all -- 0.0.0.0/0 0.0.0.0/0
ufw-before-output all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-output all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-logging-output all -- 0.0.0.0/0 0.0.0.0/0
ufw-reject-output all -- 0.0.0.0/0 0.0.0.0/0
ufw-track-output all -- 0.0.0.0/0 0.0.0.0/0
Chain f2b-nginx-http-auth (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain f2b-sshd (1 references)
target prot opt source destination
REJECT all -- 181.211.20.46 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 5.238.99.64 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 93.82.51.144 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 91.197.232.103 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 90.150.180.36 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 78.243.95.82 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 61.91.245.98 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 5.140.148.242 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 5.104.107.139 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 31.28.97.115 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 31.163.250.245 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 31.162.171.190 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 223.99.174.194 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 223.229.249.84 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 222.74.225.125 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 222.220.35.196 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 222.171.242.151 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 218.56.106.106 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 218.3.140.74 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 202.163.79.110 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 195.162.95.35 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 195.154.36.75 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 191.80.83.249 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 188.187.52.223 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 185.136.151.107 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 185.116.157.105 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 181.20.73.164 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 177.43.247.139 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 177.19.185.235 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 171.35.163.238 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 123.31.31.146 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 123.31.31.140 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 123.168.209.238 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 122.189.199.143 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 119.193.140.162 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 119.177.250.2 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 116.31.116.41 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 116.16.69.191 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 115.213.198.13 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 113.195.145.21 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 103.217.90.10 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 103.207.37.24 0.0.0.0/0 reject-with icmp-port-unreachable
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-after-forward (1 references)
target prot opt source destination
Chain ufw-after-input (1 references)
target prot opt source destination
ufw-skip-to-policy-input udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137
ufw-skip-to-policy-input udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138
ufw-skip-to-policy-input tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
ufw-skip-to-policy-input tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
ufw-skip-to-policy-input udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ufw-skip-to-policy-input udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
ufw-skip-to-policy-input all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
Chain ufw-after-logging-forward (1 references)
target prot opt source destination
Chain ufw-after-logging-input (1 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-after-logging-output (1 references)
target prot opt source destination
Chain ufw-after-output (1 references)
target prot opt source destination
Chain ufw-before-forward (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 4
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 11
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 12
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8
ufw-user-forward all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-before-input (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ufw-logging-deny all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 4
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 11
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 12
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
ufw-not-local all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 239.255.255.250 udp dpt:1900
ufw-user-input all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-before-logging-forward (1 references)
target prot opt source destination
Chain ufw-before-logging-input (1 references)
target prot opt source destination
Chain ufw-before-logging-output (1 references)
target prot opt source destination
Chain ufw-before-output (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ufw-user-output all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-logging-allow (0 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "
Chain ufw-logging-deny (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID limit: avg 3/min burst 10
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-not-local (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
RETURN all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
RETURN all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
ufw-logging-deny all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-reject-forward (1 references)
target prot opt source destination
Chain ufw-reject-input (1 references)
target prot opt source destination
Chain ufw-reject-output (1 references)
target prot opt source destination
Chain ufw-skip-to-policy-forward (0 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-skip-to-policy-input (7 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-skip-to-policy-output (0 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-track-forward (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW
Chain ufw-track-input (1 references)
target prot opt source destination
Chain ufw-track-output (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW
Chain ufw-user-forward (1 references)
target prot opt source destination
Chain ufw-user-input (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:22
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 /* 'dapp_OpenSSH' */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
Chain ufw-user-limit (0 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-user-logging-forward (0 references)
target prot opt source destination
Chain ufw-user-logging-input (0 references)
target prot opt source destination
Chain ufw-user-logging-output (0 references)
target prot opt source destination
Chain ufw-user-output (1 references)
target prot opt source destination
On line 217, I see that port 3306 is open:
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
Also, I made sure that the local IP I'm trying to log in from is tied to 'user':
mysql> SELECT User, Host FROM mysql.user;
+------------------+----------------+
| User | Host |
+------------------+----------------+
| alex | 6x.xxx.xxx.xxx |
| alex | localhost |
| debian-sys-maint | localhost |
| mysql.sys | localhost |
| root | localhost |
+------------------+----------------+
Does anyone know what I may be missing here?
Thanks a lot!
Try adding a wildcard(%) entry for your user.Maybe it will work cause in my case SELECT User, Host FROM mysql.user; command gives same result as yours just one wildcard entry is more and it's working.
Thanks everyone!
I established that it was a firewall issue. I enabled all connections from my local IP to this server, and it's working correctly now. It's important to add your IP to the top of the list in the INPUT section of iptables:
iptables -I INPUT -p tcp -s XXX.XXX.XXX.XXX -j ACCEPT
iptables -I OUTPUT -p tcp -d XXX.XXX.XXX.XXX -j ACCEPT`
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.