想要远程访问MysqL数据库,但在检查yougetsignal(dot)com时,我收到一条消息,说明端口3306已关闭.
配置:Fresh Server(安装了Zpanel的Centos 6.4 64位)
已采取的步骤:
>从my.cnf中删除了绑定地址
>尝试添加绑定地址作为服务器IP
>编辑了IPTABLES以保持端口打开.
>从路由器转发端口
>在/etc/my.cnf中添加了port = 3306
>停止了IPTABLES
>每次更改后都会重启几次mysqld
>更改后重新启动IPTABLES
到目前为止没有任何工作.
IP表:
- # Firewall configuration written by system-config-firewall
- # Manual customization of this file is not recommended.
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- -A INPUT -p icmp -j ACCEPT
- -A INPUT -i lo -j ACCEPT
- -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
- -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
- -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
- -A INPUT -j REJECT --reject-with icmp-host-prohibited
- -A FORWARD -j REJECT --reject-with icmp-host-prohibited
- COMMIT
诊断结果:
netstat结果:
- # netstat -na | grep 3306
- tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
netstat结果(netstat -lnp | grep MysqL)
iptables -L结果:
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
- ACCEPT icmp -- anywhere anywhere
- ACCEPT all -- anywhere anywhere
- ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
- ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
- ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
- ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:MysqL
- Chain FORWARD (policy ACCEPT)
- target prot opt source destination
- REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
可以从localhost / SSH连接在服务器上运行nc,但不能从远程系统运行
流量可能正在被过滤.
因为你提供了你的域名(假设在这里,尽管有两个不同的地址141.101.117.86有两个A记录是准确的..
跟踪到端口80,我们可以证明是开放的..
- $sudo traceroute -T -O info 141.101.117.86 -p 80
- traceroute to 141.101.117.86 (141.101.117.86),30 hops max,60 byte packets
- 1 192.168.1.1 (192.168.1.1) 0.332 ms 0.460 ms 0.574 ms
- 2 host-92-25-242-1.as13285.net (92.25.242.1) 13.745 ms 13.807 ms 13.902 ms
- 3 host-78-151-225-189.static.as13285.net (78.151.225.189) 15.058 ms 15.086 ms 15.118 ms
- 4 host-78-151-225-196.static.as13285.net (78.151.225.196) 16.120 ms host-78-151-225-232.static.as13285.net (78.151.225.232) 15.748 ms host-78-151-225-184.static.as13285.net (78.151.225.184) 16.069 ms
- 5 host-78-144-11-115.as13285.net (78.144.11.115) 16.630 ms 16.579 ms host-78-144-11-109.as13285.net (78.144.11.109) 16.798 ms
- 6 195.66.225.179 (195.66.225.179) 16.728 ms 14.735 ms 14.707 ms
- 7 141.101.117.86 (141.101.117.86) <syn,ack> 14.713 ms 14.907 ms 14.887 ms
如果我们尝试3306 ..
- $sudo traceroute -T -O info 141.101.117.86 -p 3306
- traceroute to 141.101.117.86 (141.101.117.86),60 byte packets
- 1 192.168.1.1 (192.168.1.1) 0.343 ms 0.444 ms 0.624 ms
- 2 host-92-25-242-1.as13285.net (92.25.242.1) 13.225 ms 13.226 ms 13.233 ms
- 3 host-78-151-225-189.static.as13285.net (78.151.225.189) 14.736 ms 15.352 ms 15.347 ms
- 4 host-78-151-225-220.static.as13285.net (78.151.225.220) 15.492 ms host-78-151-228-37.as13285.net (78.151.228.37) 15.441 ms host-78-151-225-232.static.as13285.net (78.151.225.232) 15.350 ms
- 5 host-78-144-11-95.as13285.net (78.144.11.95) 16.140 ms host-78-144-11-119.as13285.net (78.144.11.119) 16.551 ms host-78-144-11-95.as13285.net (78.144.11.95) 16.463 ms
- 6 * * *
- 7 * * *
- 8 * * *
- 9 * * *
- 10 * * *
- ...
此主机的流量停止:195.66.225.179,这可能是防火墙并阻止流量.
