[root@mysqld ~]# mysql -uroot -h 192.168.1.35 -p

Enter password:

ERROR 1130 (HY000): Host '192.168.1.66' is not allowed to connect to this MySQL server

下表可见3306端口没打开:

[root@v01-svn-test-server online]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

2    ACCEPT     all  --  127.0.0.1            127.0.0.1

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED

2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED

[root@v01-svn-test-server online]# iptables -A INPUT -p tcp -s 192.168.1.66 --dport 3306 -j ACCEPT

[root@v01-svn-test-server online]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

2    ACCEPT     all  --  127.0.0.1            127.0.0.1

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80

4    ACCEPT     tcp  --  192.168.1.66         0.0.0.0/0           tcp dpt:3306 

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED

2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED

建个远程账户:

mysql> select user,host,password from user;

+------+-----------+-------------------------------------------+

| user | host      | password                                  |

+------+-----------+-------------------------------------------+

| root | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |

+------+-----------+-------------------------------------------+

1 row in set (0.06 sec)

mysql> grant select on *.* to "select_user"@"%" identified by "123";

Query OK, 0 rows affected (0.10 sec)

mysql> select user,host,password from user;

+-------------+-----------+-------------------------------------------+

| user        | host      | password                                  |

+-------------+-----------+-------------------------------------------+

| root        | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |

| select_user | %         | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |

+-------------+-----------+-------------------------------------------+

2 rows in set (0.00 sec)

成功连入远程连入mysql服务器:

[root@mysqld ~]# mysql -uselect_user -h192.168.1.35 -p

Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 13

Server version: 5.5.40-log MySQL Community Server (GPL)

Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

关掉3306端口,再次测试:

[root@v01-svn-test-server online]# iptables -D INPUT -p tcp -s 192.168.1.66 --dport 3306 -j ACCEPT

[root@v01-svn-test-server online]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

2    ACCEPT     all  --  127.0.0.1            127.0.0.1

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED

2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED

[root@v01-svn-test-server online]# iptables -P INPUT DROP

[root@v01-svn-test-server online]# iptables -P OUTPUT DROP

[root@v01-svn-test-server online]# iptables -P FORWARD DROP

[root@v01-svn-test-server online]# service iptables status

Table: filter

Chain INPUT (policy DROP)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

2    ACCEPT     all  --  127.0.0.1            127.0.0.1

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy DROP)

num  target     prot opt source               destination         

Chain OUTPUT (policy DROP)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED

2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED

[root@mysqld ~]# mysql -uselect_user -h192.168.1.35 -p

Enter password: 

#卡主无法链接

重新开启3306端口:

[root@v01-svn-test-server online]# service iptables status

Table: filter

Chain INPUT (policy DROP)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:3306

2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

3    ACCEPT     all  --  127.0.0.1            127.0.0.1

4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy DROP)

num  target     prot opt source               destination         

Chain OUTPUT (policy DROP)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:3306

2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED

3    ACCEPT     all  --  127.0.0.1            0.0.0.0/0

4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED 

[root@v01-svn-test-server online]# cat /etc/sysconfig/ip

ip6tables         ip6tables.old     iptables-config   iptables.save

ip6tables-config  iptables          iptables.old

[root@v01-svn-test-server online]# cat /etc/sysconfig/iptables

# Generated by iptables-save v1.4.7 on Wed Jun  1 22:15:41 2016

*filter

:INPUT DROP [24:3081]

:FORWARD DROP [0:0]

:OUTPUT DROP [0:0]

-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT

-A OUTPUT -p tcp -m tcp --sport 3306 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

-A OUTPUT -p tcp -m tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

-A OUTPUT -s 127.0.0.1/32 -j ACCEPT

-A OUTPUT -p tcp -m tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

COMMIT

# Completed on Wed Jun  1 22:15:41 2016

iptables 开启3306端口的更多相关文章

  1. linux mysql 授权以及 iptables开启3306

    mysql授权ip段访问mysql grant all privileges on *.* to 'yang'@'192.168.1.%' identified by '123456'; linux ...

  2. centos7开启3306端口,liunx查看防火墙是否开启

    Can't connect to MySQL server on localhost (10061)这个就属于下面要说的情况 启动服务 systemctl start mariadb.service ...

  3. linux下如何修改iptables开启80端口

    linux下如何修改iptables开启80端口   最近在做本地服务器的环境,发现网站localhost能正常访问,用ip访问就访问不了,经常使用CentOS的朋友,可能会遇到和我一样的问题.开启了 ...

  4. memcache和iptables开启11211端口

    linux下安装完memcached后,netstat -ant | grep LISTEN 看到memcache用的11211端口已在监听状态,但建立php文件连接测试发现没有输出结果,iptabl ...

  5. Centos7防火墙开启3306端口

    CentOS7的默认防火墙为firewall,且默认是不打开的. systemctl start firewalld # 启动friewall systemctl status firewalld # ...

  6. linux中用iptables开启指定端口

    linux中用iptables开启指定端口   centos默认开启的端口只有22端口,专供于SSH服务,其他端口都需要自行开启. 1.修改/etc/sysconfig/iptables文件,增加如下 ...

  7. windows开启3306端口并用可视化工具访问远程mysql(授权访问)

    开启 MySQL 的远程登陆帐号有两大步: 1.确定服务器上的防火墙没有阻止 3306 端口. MySQL 默认的端口是 3306 ,需要确定防火墙没有阻止 3306 端口,否则远程是无法通过 330 ...

  8. CentOs7 使用iptables开启关闭端口

    介绍 iptables命令是Linux上常用的防火墙软件,是netfilter项目的一部分 iptables文件设置路径:命令:vim /etc/sysconfig/iptables-config 注 ...

  9. ubuntu开启mysql远程连接,并开启3306端口

    mysql -u root -p 修改mysql库的user表,将host项,从localhost改为%.%这里表示的是允许任意host访问,如果只允许某一个ip访问,则可改为相应的ip mysql& ...

随机推荐

  1. automapper初步

    首先引入 automapper.dll using System; using System.Collections.Generic; using System.Linq; using System. ...

  2. ci中如何私有化方法

    私有方法 在某些情况下,你可能想要隐藏一些方法使之无法对外查阅.将方法私有化很简单,只要在方法名字前面加一个下划线("_")做前缀就无法通过 URL 访问到了.例如,如果你有一个像 ...

  3. frameset用法

    <html> <frameset rows="15%,*" border="1" frameborder="1" scro ...

  4. JSP 使用

    JSP教程: http://www.w3cschool.cc/jsp/jsp-tutorial.html jsp语法: 任何语言都有自己的语法,JAVA中有,JSP虽然是在JAVA上的一种应用,但是依 ...

  5. Protocol Buffer技术详解(Java实例)

    Protocol Buffer技术详解(Java实例) 该篇Blog和上一篇(C++实例)基本相同,只是面向于我们团队中的Java工程师,毕竟我们项目的前端部分是基于Android开发的,而且我们研发 ...

  6. day4作业之信息表

    实在是太low了,终究是自己写的,记录下 #!/usr/bin/env python # coding=utf8 import os, re #这里我把查询这块分为3个函数了,纠结了很久是放一起还是分 ...

  7. Matplotlib中文设置

    1.中文设置方法,代码前加入语句 from pylab import mpl mpl.rcParams['font.sans-serif'] = ['SimHei'] 2.例子 # -*- codin ...

  8. UML(统一建模语言)

    最近看了一个UML图,所以特意来了解一下UML 统一建模语言 锁定 同义词 UML(统一建模语言)一般指统一建模语言 本词条由“科普中国”百科科学词条编写与应用工作项目 审核 . Unified Mo ...

  9. webexam项目杂记

    sql 语句 数据库 本身 有数据类型的区分,对于mysql的字符串默认的用单引号''来表示,因此,整个sql 语句就要用双引号来括. 如: $sql = "SELECT * FROM us ...

  10. acdream.Bet(数学推导)

    Bet Time Limit:1000MS     Memory Limit:64000KB     64bit IO Format:%lld & %llu Submit Status Pra ...