Hi All,
Hi All,
MySQL 5.0.77 on CentOS 5.4
MySQL is running, my Wordpress stuff is working, but I cannot connect to the
server from my house. This server is in my house, however, but on a public IP,
behind a firewall, etc.
I checked my hardware firewall (a dedicated UnTangle system) and that is
successfully allowing the passage. I know this because the firewall shows:
2009-12-22 6:29:41 am passed <my IP>:35606 <server IP>:3306
I checked the firewall (system-config-securitylevel-tui) on the server and that
has 3306:tcp allowed.
When I try to connect I get an error (4) which when I google says:
"Interrupted System call"
I have tried using the MySQL Workbench and other client software.
If I look in /var/log/mysqld.log I dont see anything but the fact the server
started.
I tried stopping mysql with /etc/init.d/mysqld stop
Then starting with mysqld_safe --init-file=/tmp/code.txt &
Where code.txt contains:
UPDATE mysql.user SET Password=PASSWORD('mypassword') WHERE
User='root';
GRANT ALL ON mysql.* to 'root'@'127.0.0.1';
GRANT ALL ON mysql.* TO 'root'@'localhost';
GRANT ALL ON mysql.* TO 'root'@'my home IP';
FLUSH PRIVILEGES;
commit;
and I still cannot connect. But the database starts and this code executes
because If I go to the console and run /usr/bin/mysql -u root -p and use this
password from the update statement that password gets me in.
So, on my server I run tcpdump host <my ip> and I dont think I see
anything where 3306 is coming through.
if I run a test MySQL connection from the MySQL Workbench and they run netstat
on my server
and I dont see a entry where 3306 is used in what netstat is dumping.
What am I doing wrong? What can I check for? I am stumped!
-Jason
John Kienitz
2009-Dec-22 15:00 UTC
[CentOS] Frustrations with MySQL loss, tcpdump, netstat, etc
UPDATE mysql.user SET Password=PASSWORD('mypassword') WHERE
User='root';
GRANT ALL ON mysql.* to 'root'@'127.0.0.1';
GRANT ALL ON mysql.* TO 'root'@'localhost';
GRANT ALL ON mysql.* TO 'root'@'my home IP';
FLUSH PRIVILEGES;
commit;
and I still cannot connect. But the database starts and this code executes
because If I go to the console and run /usr/bin/mysql -u root -p and use this
password from the update statement that password gets me in.
So, on my server I run tcpdump host <my ip> and I dont think I see
anything where 3306 is coming through.
if I run a test MySQL connection from the MySQL Workbench and they run netstat
on my server
and I dont see a entry where 3306 is used in what netstat is dumping.
What am I doing wrong? What can I check for? I am stumped!
-Jason
----------------------
Try to telnet to port 3306 and see if you get thru.
Try changing the password after you have added the users with the GRANTS. If
you have run your script more than once that has probably been done. Commit
should probably be before the flush also.
John
Kwan Lowe
2009-Dec-22 16:03 UTC
[CentOS] Frustrations with MySQL loss, tcpdump, netstat, etc
On Tue, Dec 22, 2009 at 9:34 AM, ML <mailinglists at mailnewsrss.com> wrote: [snip]> > I checked my hardware firewall (a dedicated UnTangle system) and that is successfully allowing the passage. I know this because the firewall shows: > > 2009-12-22 6:29:41 am passed <my IP>:35606 <server IP>:3306 > > I checked the firewall (system-config-securitylevel-tui) on the server and that has 3306:tcp allowed.Can you post the outputs of: netstat -tlnw itpables -L grep bind-address /etc/my.cnf
Les Mikesell
2009-Dec-22 16:03 UTC
[CentOS] Frustrations with MySQL loss, tcpdump, netstat, etc
ML wrote:> > MySQL 5.0.77 on CentOS 5.4 > > MySQL is running, my Wordpress stuff is working, but I cannot connect to the server from my house. This server is in my house, however, but on a public IP, behind a firewall, etc. > > I checked my hardware firewall (a dedicated UnTangle system) and that is successfully allowing the passage. I know this because the firewall shows: > > 2009-12-22 6:29:41 am passed <my IP>:35606 <server IP>:3306 >[...]> > So, on my server I run tcpdump host <my ip> and I dont think I see anything where 3306 is coming through. > > if I run a test MySQL connection from the MySQL Workbench and they run netstat on my server > and I dont see a entry where 3306 is used in what netstat is dumping. > > What am I doing wrong? What can I check for? I am stumped!Where does the client connection originate? Is it behind the same firewall but on a NATed address? Or is NAT involved in some other way that might keep you from seeing the source you expect in your tcpdump? -- Les Mikesell lesmikesell at gmail.com
Hi Les,>> MySQL is running, my Wordpress stuff is working, but I cannot connect to the server from my house. This server is in my house, however, but on a public IP, behind a firewall, etc. >> >> I checked my hardware firewall (a dedicated UnTangle system) and that is successfully allowing the passage. I know this because the firewall shows: >> >> 2009-12-22 6:29:41 am passed <my IP>:35606 <server IP>:3306 >> > [...]>> What am I doing wrong? What can I check for? I am stumped! > > Where does the client connection originate? Is it behind the same > firewall but on a NATed address? Or is NAT involved in some other way > that might keep you from seeing the source you expect in your tcpdump?OK, I have a comcast modem as pass through. I have a firewall and behind it is the mysql server (public IP) I have an Apple Time Capsule that is NOT behind the firewall, but does have a public IP on the same network as the firewall and MySQL Server. The Time Capsule nats and give clients behind it a private IP. -Jason
>> I checked the firewall (system-config-securitylevel-tui) on the server and that has 3306:tcp allowed.Sure:> netstat -tlnw[root at indie ~]# netstat -tnlw Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 173.13.167.209:389 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:10663 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:7306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:3310 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 173.13.167.209:80 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:921 0.0.0.0:* LISTEN tcp 0 0 :::7072 :::* LISTEN tcp 0 0 :::7777 :::* LISTEN tcp 0 0 :::993 :::* LISTEN tcp 0 0 :::995 :::* LISTEN tcp 0 0 :::7780 :::* LISTEN tcp 0 0 :::5222 :::* LISTEN tcp 0 0 :::5223 :::* LISTEN tcp 0 0 :::7335 :::* LISTEN tcp 0 0 :::110 :::* LISTEN tcp 0 0 :::143 :::* LISTEN tcp 0 0 :::8080 :::* LISTEN tcp 0 0 :::7025 :::* LISTEN tcp 0 0 :::5269 :::* LISTEN tcp 0 0 :::2966 :::* LISTEN tcp 0 0 :::443 :::* LISTEN tcp 0 0 :::10015 :::* LISTEN tcp 0 0 :::7071 :::* LISTEN [root at indie ~]#> > itpables -L[root at indie ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql ACCEPT udp -- anywhere anywhere state NEW udp dpt:ntp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:idp-infotrieve ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:webcache ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:7071 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imaps ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3s ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtps ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap4-ssl ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https REJECT all -- anywhere anywhere reject-with icmp-host-prohibited [root at indie ~]#> > grep bind-address /etc/my.cnf[root at indie ~]# grep bind-address /etc/my.cnf [root at indie ~]# nothing here -J
Rick,> have you tried to telnet to port 3306 of the machine where the mysql > server is located, from your home machine? if so, what do you get? > If you're successful you'll get a connect bit that includes a string > that will show your mysql server version number. if you don't have > mysql access you'll likely see a mysqld reject of some nature. if > there's a network issue you'll just get a hang or you could get an > unreachable error.Yup, it works: $ telnet 173.13.167.209 3306 Trying 173.13.167.209... Connected to mail.mailnewsrss.com. Escape character is '^]'. 4 5.0.77aWqQ!OMq,slG]|xft5L[fConnection closed by foreign host.
Kai Schaetzl
2009-Dec-22 17:31 UTC
[CentOS] Frustrations with MySQL loss, tcpdump, netstat, etc
MySQL is *not* listening on TCP 3306 since *long* unless you tell it to in the my.cf. It uses a local Unix socket by default. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com