想要远程访问MysqL数据库,但在检查yougetsignal(dot)com时,我收到一条消息,说明端口3306已关闭.
配置:Fresh Server(安装了Zpanel的Centos 6.4 64位)
已采取的步骤:
>从my.cnf中删除了绑定地址
>尝试添加绑定地址作为服务器IP
>编辑了IPTABLES以保持端口打开.
>从路由器转发端口
>在/etc/my.cnf中添加了port = 3306
>停止了IPTABLES
>每次更改后都会重启几次mysqld
>更改后重新启动IPTABLES
到目前为止没有任何工作.
IP表:
# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
诊断结果:
netstat结果:
# netstat -na | grep 3306 tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
netstat结果(netstat -lnp | grep MysqL)
# netstat -lnp | grep MysqL tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 6684/MysqLd unix 2 [ ACC ] STREAM LISTENING 33101 6684/MysqLd /var/lib/MysqL/MysqL.sock
iptables -L结果:
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:MysqL Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination
可以从localhost / SSH连接在服务器上运行nc,但不能从远程系统运行
流量可能正在被过滤.
因为你提供了你的域名(假设在这里,尽管有两个不同的地址141.101.117.86有两个A记录是准确的..
跟踪到端口80,我们可以证明是开放的..
$sudo traceroute -T -O info 141.101.117.86 -p 80 traceroute to 141.101.117.86 (141.101.117.86),30 hops max,60 byte packets 1 192.168.1.1 (192.168.1.1) 0.332 ms 0.460 ms 0.574 ms 2 host-92-25-242-1.as13285.net (92.25.242.1) 13.745 ms 13.807 ms 13.902 ms 3 host-78-151-225-189.static.as13285.net (78.151.225.189) 15.058 ms 15.086 ms 15.118 ms 4 host-78-151-225-196.static.as13285.net (78.151.225.196) 16.120 ms host-78-151-225-232.static.as13285.net (78.151.225.232) 15.748 ms host-78-151-225-184.static.as13285.net (78.151.225.184) 16.069 ms 5 host-78-144-11-115.as13285.net (78.144.11.115) 16.630 ms 16.579 ms host-78-144-11-109.as13285.net (78.144.11.109) 16.798 ms 6 195.66.225.179 (195.66.225.179) 16.728 ms 14.735 ms 14.707 ms 7 141.101.117.86 (141.101.117.86) <syn,ack> 14.713 ms 14.907 ms 14.887 ms
如果我们尝试3306 ..
$sudo traceroute -T -O info 141.101.117.86 -p 3306 traceroute to 141.101.117.86 (141.101.117.86),60 byte packets 1 192.168.1.1 (192.168.1.1) 0.343 ms 0.444 ms 0.624 ms 2 host-92-25-242-1.as13285.net (92.25.242.1) 13.225 ms 13.226 ms 13.233 ms 3 host-78-151-225-189.static.as13285.net (78.151.225.189) 14.736 ms 15.352 ms 15.347 ms 4 host-78-151-225-220.static.as13285.net (78.151.225.220) 15.492 ms host-78-151-228-37.as13285.net (78.151.228.37) 15.441 ms host-78-151-225-232.static.as13285.net (78.151.225.232) 15.350 ms 5 host-78-144-11-95.as13285.net (78.144.11.95) 16.140 ms host-78-144-11-119.as13285.net (78.144.11.119) 16.551 ms host-78-144-11-95.as13285.net (78.144.11.95) 16.463 ms 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * ...
此主机的流量停止:195.66.225.179,这可能是防火墙并阻止流量.