Linux
無法從遠端主機連接 telnet 到 mysql 監聽 ip 埠
我可以在本地遠端登錄到 mysql 程序,如下所示:
我還通過
bind-address = 0.0.0.0如下設置確保 MySQL 程序正在偵聽所有 IP:root@localhost:~# netstat -plutn | grep mysql tcp 0 0 0.0.0.0:33060 0.0.0.0:* LISTEN 39288/mysqld tcp 0 0 0.0.0.0:7306 0.0.0.0:* LISTEN 39288/mysqld和
root@localhost:~# telnet 82.165.32.59 7306 Trying 82.165.32.59... Connected to 82.165.32.59. Escape character is '^]'. >Host 'linux' is not allowed to connect to this MySQL serverConnection closed by foreign host我打開防火牆埠 7306 並使用以下命令重新載入防火牆:
root@localhost:~# firewall-cmd --zone=public --permanent --add-port=7306/tcp Warning: ALREADY_ENABLED: 7306:tcp success root@localhost:~# firewall-cmd --reload success root@localhost:~# firewall-cmd --list-all public target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: 443/tcp 80/tcp 7306/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:但是,當從遠端主機 telnet 失敗時,如下所示:
$ telnet 82.165.32.59 7306 Trying 82.165.32.59... telnet: connect to address 82.165.32.59: Connection timed out我的作業系統是:
root@localhost:~# uname -a Linux localhost 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:50:10 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux root@localhost:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04.3 LTS Release: 20.04 Codename: focal我嘗試重新啟動防火牆服務,如下所示:
root@localhost:~# systemctl restart firewalld我還使用以下腳本刷新了 IPTABLES,但沒有幫助:
root@localhost:~# cat fw.stop #!/bin/sh echo "Stopping IPv4 firewall and allowing everyone..." ipt="/sbin/iptables" ## Failsafe - die if /sbin/iptables not found [ ! -x "$ipt" ] && { echo "$0: \"${ipt}\" command not found."; exit 1; } $ipt -P INPUT ACCEPT $ipt -P FORWARD ACCEPT $ipt -P OUTPUT ACCEPT $ipt -F $ipt -X $ipt -t nat -F $ipt -t nat -X $ipt -t mangle -F $ipt -t mangle -X $ipt -t raw -F $ipt -t raw -X我還使用以下網站檢查了埠 7306 是否對外界開放,但它也說
Port 7306 is closed on 82.165.32.59.https://www.yougetsignal.com/tools/open-ports/
然而,下面是輸出
iptables -L,我沒有理解它的專業知識。root@localhost:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- anywhere anywhere INPUT_direct all -- anywhere anywhere INPUT_ZONES all -- anywhere anywhere DROP all -- anywhere anywhere ctstate INVALID REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- anywhere anywhere FORWARD_direct all -- anywhere anywhere FORWARD_IN_ZONES all -- anywhere anywhere FORWARD_OUT_ZONES all -- anywhere anywhere DROP all -- anywhere anywhere ctstate INVALID REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere OUTPUT_direct all -- anywhere anywhere Chain FORWARD_IN_ZONES (1 references) target prot opt source destination FWDI_public all -- anywhere anywhere [goto] Chain FORWARD_OUT_ZONES (1 references) target prot opt source destination FWDO_public all -- anywhere anywhere [goto] Chain FORWARD_direct (1 references) target prot opt source destination Chain FWDI_public (1 references) target prot opt source destination FWDI_public_pre all -- anywhere anywhere FWDI_public_log all -- anywhere anywhere FWDI_public_deny all -- anywhere anywhere FWDI_public_allow all -- anywhere anywhere FWDI_public_post all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere Chain FWDI_public_allow (1 references) target prot opt source destination Chain FWDI_public_deny (1 references) target prot opt source destination Chain FWDI_public_log (1 references) target prot opt source destination Chain FWDI_public_post (1 references) target prot opt source destination Chain FWDI_public_pre (1 references) target prot opt source destination Chain FWDO_public (1 references) target prot opt source destination FWDO_public_pre all -- anywhere anywhere FWDO_public_log all -- anywhere anywhere FWDO_public_deny all -- anywhere anywhere FWDO_public_allow all -- anywhere anywhere FWDO_public_post all -- anywhere anywhere Chain FWDO_public_allow (1 references) target prot opt source destination Chain FWDO_public_deny (1 references) target prot opt source destination Chain FWDO_public_log (1 references) target prot opt source destination Chain FWDO_public_post (1 references) target prot opt source destination Chain FWDO_public_pre (1 references) target prot opt source destination Chain INPUT_ZONES (1 references) target prot opt source destination IN_public all -- anywhere anywhere [goto] Chain INPUT_direct (1 references) target prot opt source destination Chain IN_public (1 references) target prot opt source destination IN_public_pre all -- anywhere anywhere IN_public_log all -- anywhere anywhere IN_public_deny all -- anywhere anywhere IN_public_allow all -- anywhere anywhere IN_public_post all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere Chain IN_public_allow (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW,UNTRACKED ACCEPT tcp -- anywhere anywhere tcp dpt:https ctstate NEW,UNTRACKED ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW,UNTRACKED ACCEPT tcp -- anywhere anywhere tcp dpt:mysql ctstate NEW,UNTRACKED ACCEPT tcp -- anywhere anywhere tcp dpt:7306 ctstate NEW,UNTRACKED Chain IN_public_deny (1 references) target prot opt source destination Chain IN_public_log (1 references) target prot opt source destination Chain IN_public_post (1 references) target prot opt source destination Chain IN_public_pre (1 references) target prot opt source destination Chain OUTPUT_direct (1 references) target prot opt source destination你能建議嗎?
伺服器由https://cloudpanel.ionos.de/提供
登錄門戶後,網頁儀表板上有一個防火牆選項,允許在埠 7306 上訪問(傳入流量)。
如果有人可以闡明答案,我不明白是什麼阻止了遠端主機訪問該埠。
選擇該埠後重新啟動伺服器,現在埠正在連接。
非常感謝您的幫助。
這可能是一個特權限制。如果您允許的帳戶是
'user'@'localhost',您應該telnet localhost 7306在本地嘗試。您還可以驗證是否存在
'user'@'%'Mysql 使用者(或'user'@'linux')請注意,我不希望 telnet 連接有什麼用處。這個埠是用來連接Mysql客戶端的。