[root@mysqld ~]# mysql -uroot -h 192.168.1.35 -p

Enter password:

ERROR 1130 (HY000): Host '192.168.1.66' is not allowed to connect to this MySQL server

下表可见3306端口没打开:

[root@v01-svn-test-server online]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

2    ACCEPT     all  --  127.0.0.1            127.0.0.1

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED

2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED

[root@v01-svn-test-server online]# iptables -A INPUT -p tcp -s 192.168.1.66 --dport 3306 -j ACCEPT

[root@v01-svn-test-server online]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

2    ACCEPT     all  --  127.0.0.1            127.0.0.1

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80

4    ACCEPT     tcp  --  192.168.1.66         0.0.0.0/0           tcp dpt:3306 

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED

2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED

建个远程账户:

mysql> select user,host,password from user;

+------+-----------+-------------------------------------------+

| user | host      | password                                  |

+------+-----------+-------------------------------------------+

| root | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |

+------+-----------+-------------------------------------------+

1 row in set (0.06 sec)

mysql> grant select on *.* to "select_user"@"%" identified by "123";

Query OK, 0 rows affected (0.10 sec)

mysql> select user,host,password from user;

+-------------+-----------+-------------------------------------------+

| user        | host      | password                                  |

+-------------+-----------+-------------------------------------------+

| root        | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |

| select_user | %         | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |

+-------------+-----------+-------------------------------------------+

2 rows in set (0.00 sec)

成功连入远程连入mysql服务器:

[root@mysqld ~]# mysql -uselect_user -h192.168.1.35 -p

Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 13

Server version: 5.5.40-log MySQL Community Server (GPL)

Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

关掉3306端口,再次测试:

[root@v01-svn-test-server online]# iptables -D INPUT -p tcp -s 192.168.1.66 --dport 3306 -j ACCEPT

[root@v01-svn-test-server online]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

2    ACCEPT     all  --  127.0.0.1            127.0.0.1

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED

2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED

[root@v01-svn-test-server online]# iptables -P INPUT DROP

[root@v01-svn-test-server online]# iptables -P OUTPUT DROP

[root@v01-svn-test-server online]# iptables -P FORWARD DROP

[root@v01-svn-test-server online]# service iptables status

Table: filter

Chain INPUT (policy DROP)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

2    ACCEPT     all  --  127.0.0.1            127.0.0.1

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy DROP)

num  target     prot opt source               destination         

Chain OUTPUT (policy DROP)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED

2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED

[root@mysqld ~]# mysql -uselect_user -h192.168.1.35 -p

Enter password: 

#卡主无法链接

重新开启3306端口:

[root@v01-svn-test-server online]# service iptables status

Table: filter

Chain INPUT (policy DROP)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:3306

2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

3    ACCEPT     all  --  127.0.0.1            127.0.0.1

4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy DROP)

num  target     prot opt source               destination         

Chain OUTPUT (policy DROP)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:3306

2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED

3    ACCEPT     all  --  127.0.0.1            0.0.0.0/0

4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED 

[root@v01-svn-test-server online]# cat /etc/sysconfig/ip

ip6tables         ip6tables.old     iptables-config   iptables.save

ip6tables-config  iptables          iptables.old

[root@v01-svn-test-server online]# cat /etc/sysconfig/iptables

# Generated by iptables-save v1.4.7 on Wed Jun  1 22:15:41 2016

*filter

:INPUT DROP [24:3081]

:FORWARD DROP [0:0]

:OUTPUT DROP [0:0]

-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT

-A OUTPUT -p tcp -m tcp --sport 3306 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

-A OUTPUT -p tcp -m tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

-A OUTPUT -s 127.0.0.1/32 -j ACCEPT

-A OUTPUT -p tcp -m tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

COMMIT

# Completed on Wed Jun  1 22:15:41 2016

iptables 开启3306端口的更多相关文章

  1. linux mysql 授权以及 iptables开启3306

    mysql授权ip段访问mysql grant all privileges on *.* to 'yang'@'192.168.1.%' identified by '123456'; linux ...

  2. centos7开启3306端口,liunx查看防火墙是否开启

    Can't connect to MySQL server on localhost (10061)这个就属于下面要说的情况 启动服务 systemctl start mariadb.service ...

  3. linux下如何修改iptables开启80端口

    linux下如何修改iptables开启80端口   最近在做本地服务器的环境,发现网站localhost能正常访问,用ip访问就访问不了,经常使用CentOS的朋友,可能会遇到和我一样的问题.开启了 ...

  4. memcache和iptables开启11211端口

    linux下安装完memcached后,netstat -ant | grep LISTEN 看到memcache用的11211端口已在监听状态,但建立php文件连接测试发现没有输出结果,iptabl ...

  5. Centos7防火墙开启3306端口

    CentOS7的默认防火墙为firewall,且默认是不打开的. systemctl start firewalld # 启动friewall systemctl status firewalld # ...

  6. linux中用iptables开启指定端口

    linux中用iptables开启指定端口   centos默认开启的端口只有22端口,专供于SSH服务,其他端口都需要自行开启. 1.修改/etc/sysconfig/iptables文件,增加如下 ...

  7. windows开启3306端口并用可视化工具访问远程mysql(授权访问)

    开启 MySQL 的远程登陆帐号有两大步: 1.确定服务器上的防火墙没有阻止 3306 端口. MySQL 默认的端口是 3306 ,需要确定防火墙没有阻止 3306 端口,否则远程是无法通过 330 ...

  8. CentOs7 使用iptables开启关闭端口

    介绍 iptables命令是Linux上常用的防火墙软件,是netfilter项目的一部分 iptables文件设置路径:命令:vim /etc/sysconfig/iptables-config 注 ...

  9. ubuntu开启mysql远程连接,并开启3306端口

    mysql -u root -p 修改mysql库的user表,将host项,从localhost改为%.%这里表示的是允许任意host访问,如果只允许某一个ip访问,则可改为相应的ip mysql& ...

随机推荐

  1. zabbix表结构

    zabbix数据库表结构的重要性 想理解zabbix的前端代码.做深入的二次开发,甚至的调优,那就不能不了解数据库的表结构了. 我们这里采用的zabbix1.8.mysql,所以简单的说下我们mysq ...

  2. Cocoa的MVC架构分析 cocoa的mvc实现

    Cocoa是Mac OS和iPhone OS上的开发框架,使用Objective-C做为开发语言.当然,在代码中也可以嵌入C和C++的语句.初识Objective-C时会觉得它的语法很奇怪,但本质上和 ...

  3. 超详细cordova环境配置(windows)及实例

    摘要: 最近闲来无事就把以前做的cordova项目整理了下,发现网上很少有详细完整的配置教程,所以自己就总结了下分享给大家. 项目地址:https://github.com/baixuexiyang/ ...

  4. 深入浅出JSON

      JSON定义     JSON(JavaScript Object Notation) 是一种轻量级的数据交换格式,易于阅读和编写,同时也易于机器解析和生成.它基于ECMA262语言规范(1999 ...

  5. 【初级为题,大神绕道】The app icon set named "AppIcon" did not have any applicable content 错误#解决方案#

    The app icon set named "AppIcon" did not have any applicable content 错误,怎样解决   按照您的错误提示您应该 ...

  6. POJ 3041 Asteroids

     最小点覆盖数==最大匹配数 Asteroids Time Limit: 1000MS Memory Limit: 65536K Total Submissions: 12678 Accepted:  ...

  7. 微信用户量破6.5亿 首超移动QQ

    腾讯控股有限公司昨日公布了微信和WeChat合并月活跃用户量达到6.5亿,同比再涨39%.QQ在移动智能终端月活为6.39亿,同比增长18%,尽管势头也不错,但这是第一次,微信干掉了移动QQ! 201 ...

  8. 完美串(区间dp)

    完美串 Description 爱美之心人皆有之,GG也不例外.所以GG他对于完美串有一种热衷的爱.在GG眼中完美串是一个具有无比魅力的01子串.这个子串有之其魅力之处,对它取反后水平翻转,它又和它原 ...

  9. Scheme笔记(1)

    (define pi 3.14159) (define radius 10) (* pi (* radius radius)) (define circumference (* 2 pi radius ...

  10. [Effective JavaScript 笔记]第34条:在原型中存储方法

    js中完全有可能不借助原型进行编程.不用在其原型中定义任何的方法. 创建对象 构造函数法 所有属性和方法都在构造函数中定义 function User(name,pwd){ this.name=nam ...