Of Stack

mysql Opens Remote Access Permission Firewall Opens Port 3306 under linux

  • 2021-06-29 12:16:50
  • OfStack

Open remote access to mysql

The default mysql user does not have remote access, so when the program is not on the same server as the database, we need to turn on remote access for mysql.

There are two main methods, Tabulation and Authorization.

Relatively easy to change tables is 1 point. Individuals are also more inclined to use this method, so only change tables are posted here

1. Log on to mysql

mysql -u root -p

2. Modify the user table of the mysql library to change the host entry from localhost to%.%This means that any host is allowed. If only one ip is allowed, the corresponding ip can be changed. For example, localhost can be changed to 192.168.1.123, which means that only 192.168.1.123 of the local area network is allowed to access mysql remotely. 


mysql> use mysql; 
mysql> update user set host = '%' where user = 'root'; 
mysql> select host, user from user; 
mysql> flush privileges;

Firewall opens port 3306

1. Open Firewall Profile 


vi /etc/sysconfig/iptables

2. Add the following line 


-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

3. Restart Firewall 


service iptables restart

Note: Statement 1 added to open port 3306 must precede icmp-host-prohibited

Attachment: Personal Configuration 


# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth0 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Related articles: