Remotely connect to MySQL on Google Compute Engine VM(远程连接到 Google Compute Engine VM 上的 MySQL)
问题描述
我的问题类似于
在 my.cnf 文件中我有:
<块引用>绑定地址 = 0.0.0.0
关于 MySQL 用户的权限,我有以下几点:
当我尝试与 wkreport 用户远程连接时,我得到以下结果:
我的问题是,我错过了什么?!
我刚刚找到了解决问题的方法,
特别感谢@Slava 为我指路,毕竟它是 iptables.
所以,我在尝试远程连接时一直收到MySQL 连接被拒绝"消息,所以我搜索了一种查看 TCP 连接日志的方法,并找到了 tcpdump
命令.
通过运行 sudo tcpdump port 3306 -vvv -n
我每次尝试远程连接时都会看到以下输出:
我搜索了 tcpdump 手册页,发现 R 表示 TCP RST (RESET) 标志.
搜索了一下,发现了这个
在此之后,我刚刚删除了接受 tcp:3306 的规则并将其添加到拒绝 tcp 规则之前,瞧!
iptables -D INPUT -p tcp -m tcp --dport 3306 -j ACCEPTiptables -I INPUT {第一个拒绝 tcp 规则的行号} -p tcp -m tcp --dport 3306 -j ACCEPT
IPTABLES 现在看起来像这样,最后我可以远程连接到 MySQL:
要列出带有行号的 iptables,请键入:
sudo iptables -nL --line-numbers
最后的挑战:
- 出于安全考虑,可以通过将您进行远程连接的源 IP 地址列入白名单来改善这一点.
My problem is similar to this question but since I don't have enough reputation to write a comment AND the answer to that question dindn’t help, I am starting a new question.
I have an GCE VM instance with LEMP with MySQL Ver 15.1 Distrib 10.1.18-MariaDB and I'm trying to connect remotely to it from my local machine.
I already tried all the suggestions in the question link that I mentioned before.
This is my firewall configuration:
In my.cnf file I have:
bind-address = 0.0.0.0
And about MySQL users privileges I have the following:
When I try to connect remotely with wkreport user I get the following result:
My question is, what am I missing ?!
I just found the solution to my problem,
Special thanks to @Slava for pointing me the way, after all it was iptables.
So, I kept receiving a "MySQL connection refused" message when trying to connect remotely so I searched for a way to see TCP connection logs and I found the tcpdump
command.
By running sudo tcpdump port 3306 -vvv -n
I saw the following output every time I tried to connect remotely:
I searched the tcpdump man page and saw that R means for TCP RST (RESET) flag.
Searched a little bit and found this question and its accepted answer led me again into IPTABLES that @Slava suggested since the first comment.
That's when I looked closely and saw that my INPUT ACCEPT tcp:3306 was defined after the REJECT TCP reject-with tcp-reset rule hence the log was showing.
After this I just removed the rule to accept tcp:3306 and prepended it to the reject tcp rules and voila!
iptables -D INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
iptables -I INPUT {line number from the first reject tcp rule} -p tcp -m tcp --dport 3306 -j ACCEPT
IPTABLES now looks like this and finally I can connect to MySQL remotely:
To list the iptables with line numbers type:
sudo iptables -nL --line-numbers
Final toughts:
- This can be improved by whitelisting the source IP address from where you're making the remote connection for security matters.
这篇关于远程连接到 Google Compute Engine VM 上的 MySQL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:远程连接到 Google Compute Engine VM 上的 MySQL
基础教程推荐
- SQL Server 中单行 MERGE/upsert 的语法 2021-01-01
- 无法在 ubuntu 中启动 mysql 服务器 2021-01-01
- SQL Server 2016更改对象所有者 2022-01-01
- SQL Server:只有 GROUP BY 中的最后一个条目 2021-01-01
- 使用pyodbc“不安全"的Python多处理和数据库访问? 2022-01-01
- 在 VB.NET 中更新 SQL Server DateTime 列 2021-01-01
- 如何在 SQL Server 的嵌套过程中处理事务? 2021-01-01
- Sql Server 字符串到日期的转换 2021-01-01
- 将数据从 MS SQL 迁移到 PostgreSQL? 2022-01-01
- ERROR 2006 (HY000): MySQL 服务器已经消失 2021-01-01