iptables 开启3306端口
[root@mysqld ~]# mysql -uroot -h 192.168.1.35 -p
Enter password:
ERROR 1130 (HY000): Host '192.168.1.66' is not allowed to connect to this MySQL server
下表可见3306端口没打开:
[root@v01-svn-test-server online]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
2 ACCEPT all -- 127.0.0.1 127.0.0.1
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 Chain FORWARD (policy ACCEPT)
num target prot opt source destination Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22 state ESTABLISHED
2 ACCEPT all -- 127.0.0.1 0.0.0.0/0
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80 state ESTABLISHED
[root@v01-svn-test-server online]# iptables -A INPUT -p tcp -s 192.168.1.66 --dport 3306 -j ACCEPT
[root@v01-svn-test-server online]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
2 ACCEPT all -- 127.0.0.1 127.0.0.1
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
4 ACCEPT tcp -- 192.168.1.66 0.0.0.0/0 tcp dpt:3306 Chain FORWARD (policy ACCEPT)
num target prot opt source destination Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22 state ESTABLISHED
2 ACCEPT all -- 127.0.0.1 0.0.0.0/0
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80 state ESTABLISHED
建个远程账户:
mysql> select user,host,password from user;
+------+-----------+-------------------------------------------+
| user | host | password |
+------+-----------+-------------------------------------------+
| root | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |
+------+-----------+-------------------------------------------+
1 row in set (0.06 sec)
mysql> grant select on *.* to "select_user"@"%" identified by "123";
Query OK, 0 rows affected (0.10 sec)
mysql> select user,host,password from user;
+-------------+-----------+-------------------------------------------+
| user | host | password |
+-------------+-----------+-------------------------------------------+
| root | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |
| select_user | % | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |
+-------------+-----------+-------------------------------------------+
2 rows in set (0.00 sec)
成功连入远程连入mysql服务器:
[root@mysqld ~]# mysql -uselect_user -h192.168.1.35 -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 13
Server version: 5.5.40-log MySQL Community Server (GPL) Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>
关掉3306端口,再次测试:
[root@v01-svn-test-server online]# iptables -D INPUT -p tcp -s 192.168.1.66 --dport 3306 -j ACCEPT
[root@v01-svn-test-server online]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
2 ACCEPT all -- 127.0.0.1 127.0.0.1
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 Chain FORWARD (policy ACCEPT)
num target prot opt source destination Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22 state ESTABLISHED
2 ACCEPT all -- 127.0.0.1 0.0.0.0/0
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80 state ESTABLISHED
[root@v01-svn-test-server online]# iptables -P INPUT DROP
[root@v01-svn-test-server online]# iptables -P OUTPUT DROP
[root@v01-svn-test-server online]# iptables -P FORWARD DROP
[root@v01-svn-test-server online]# service iptables status
Table: filter
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
2 ACCEPT all -- 127.0.0.1 127.0.0.1
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 Chain FORWARD (policy DROP)
num target prot opt source destination Chain OUTPUT (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22 state ESTABLISHED
2 ACCEPT all -- 127.0.0.1 0.0.0.0/0
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80 state ESTABLISHED
[root@mysqld ~]# mysql -uselect_user -h192.168.1.35 -p
Enter password: #卡主无法链接
重新开启3306端口:
[root@v01-svn-test-server online]# service iptables status
Table: filter
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
3 ACCEPT all -- 127.0.0.1 127.0.0.1
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 Chain FORWARD (policy DROP)
num target prot opt source destination Chain OUTPUT (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3306
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22 state ESTABLISHED
3 ACCEPT all -- 127.0.0.1 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80 state ESTABLISHED [root@v01-svn-test-server online]# cat /etc/sysconfig/ip
ip6tables ip6tables.old iptables-config iptables.save
ip6tables-config iptables iptables.old
[root@v01-svn-test-server online]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Wed Jun 1 22:15:41 2016
*filter
:INPUT DROP [24:3081]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -s 127.0.0.1/32 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
COMMIT
# Completed on Wed Jun 1 22:15:41 2016
iptables 开启3306端口的更多相关文章
- linux mysql 授权以及 iptables开启3306
mysql授权ip段访问mysql grant all privileges on *.* to 'yang'@'192.168.1.%' identified by '123456'; linux ...
- centos7开启3306端口,liunx查看防火墙是否开启
Can't connect to MySQL server on localhost (10061)这个就属于下面要说的情况 启动服务 systemctl start mariadb.service ...
- linux下如何修改iptables开启80端口
linux下如何修改iptables开启80端口 最近在做本地服务器的环境,发现网站localhost能正常访问,用ip访问就访问不了,经常使用CentOS的朋友,可能会遇到和我一样的问题.开启了 ...
- memcache和iptables开启11211端口
linux下安装完memcached后,netstat -ant | grep LISTEN 看到memcache用的11211端口已在监听状态,但建立php文件连接测试发现没有输出结果,iptabl ...
- Centos7防火墙开启3306端口
CentOS7的默认防火墙为firewall,且默认是不打开的. systemctl start firewalld # 启动friewall systemctl status firewalld # ...
- linux中用iptables开启指定端口
linux中用iptables开启指定端口 centos默认开启的端口只有22端口,专供于SSH服务,其他端口都需要自行开启. 1.修改/etc/sysconfig/iptables文件,增加如下 ...
- windows开启3306端口并用可视化工具访问远程mysql(授权访问)
开启 MySQL 的远程登陆帐号有两大步: 1.确定服务器上的防火墙没有阻止 3306 端口. MySQL 默认的端口是 3306 ,需要确定防火墙没有阻止 3306 端口,否则远程是无法通过 330 ...
- CentOs7 使用iptables开启关闭端口
介绍 iptables命令是Linux上常用的防火墙软件,是netfilter项目的一部分 iptables文件设置路径:命令:vim /etc/sysconfig/iptables-config 注 ...
- ubuntu开启mysql远程连接,并开启3306端口
mysql -u root -p 修改mysql库的user表,将host项,从localhost改为%.%这里表示的是允许任意host访问,如果只允许某一个ip访问,则可改为相应的ip mysql& ...
随机推荐
- POJ 2481Cows(树状数组 + 好题)
Cows Time Limit: 3000MS Memory Limit: 65536K Total Submissions: 15222 Accepted: 5070 Description ...
- 解决IE apk变成zip:Android 手机应用程序文件下载服务器Nginx+Tomcat配置解决方法
APK文件其实是zip格式,但后缀名被修改为apk,通过UnZip解压后,可以看到Dex文件,Dex是Dalvik VM executes的全称,即Android Dalvik执行程序,并非Java ...
- mongodb基本数据类型
本文导读:Mongodb是一种强大,灵活,可扩展的数据存储方式.它扩展了关系型数据库众多有用的功能,如索引,范围查询和排序. MongoDB的文件存储格式为BSON,同JSON一样支持往其它文档对象和 ...
- ASP.NET MVC 数据分页
作为一个菜鸟级的程序猿,总结一下学到的两种数据分页. 1.真分页 真分页就是需要时从数据库里读出需要多的数据,利用存储过程可实现.网上的分页SQL特别多,数据库自带的一些方法也可方便的帮助分页,但是我 ...
- [Asp.Net]状态管理(ViewState、Cookie)
简介 HTTP协议是无状态的.从客户端到服务器的连接可以在每个请求之后关闭.但是一般需要把一些客户端信息从一个页面传送给另一个页面. 无状态的根本原因是:浏览器和服务器使用Socket通信,服务器将请 ...
- Radius 远程用户拨号认证系统
RADIUS 锁定 本词条由“科普中国”百科科学词条编写与应用工作项目 审核 . RADIUS:Remote Authentication Dial In User Service,远程用户拨号认证系 ...
- javaScript模块化规范ADM与CMD
模块化:模块化是指在解决某一个复杂问题时,依照一种分类的思维把问题进行系统性的分解处理,可以想象一个巨大的系统代码,被整合优化分割成逻辑性很强的模块时,对于软件是一种何等意义的存在. 模块化系统所必须 ...
- ASP.NET中利用DataList实现图片无缝滚动
这个问题之前也困扰我,后来解决了,拿出来分享下,以后用也方便,代码很容易看懂,不多说什么了 <div id="demo" style="overflow: hidd ...
- Hello Kitty微信主题很可爱?小心财产安全!
个性化是产品服务的一个趋势.微信很火,可为什么微信主题只有一个呢?你让那些小女生情何以堪?这时HelloKitty微信主题.大嘴猴.哆啦A梦等一大批主题在网上出现了,有些打着免费的旗号却做着盗号的勾当 ...
- Currency Exchange(Bellman-ford)
Currency Exchange Time Limit: 1000MS Memory Limit: 30000K Total Submissions: 21349 Accepted: 765 ...