I am running a little daft here as i have a problem with accessing database over the network.
I have deployed webapp on server A and i want to access database on server B. I have added necessary rules into iptables
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 'client ip' --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 'client ip' --sport 5432 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
I have added necessary permissions into pg_hba.conf
host all all 'client ip'/32 trust
hostssl all all 'client ip'/32 trust
I am also able to connect to the database from server A via CLI
serverA:/etc/postgresql/9.4/main# psql -h 'server B Ip' -U postgres -d test
psql (9.4.5)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
Type "help" for help.
test=#
Yet my webapp when trying to access the database from Server A throws me this error:
Message: pg_connect(): Unable to connect to PostgreSQL server:
FATAL: no pg_hba.conf entry for host "ServerA ip", user "postgres", database "test", SSL on
FATAL: no pg_hba.conf entry for host "ServerA ip", user "postgres", database "test", SSL off
Related
I'm having issues connecting to my AWS EC2 Server holding a MySQL Server.
Here's my Response from mysqli_connect
p#xxx.com [~/app]# php checkmysqlremote.php
Error: Unable to connect to MySQL.
Debugging errno: 2002
Debugging error: Connection refused
Here's my netstat -tuplen on the EC2 Server containing the MySQL Server
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 999 20299 1378/mysqld
As you can see its binding to the 0.0.0.0 address correctly.
I enabled the 3306 port in inbound rules for EC2.
on the server making the request handshake, I ran:
curl -s example.com:3306 >/dev/null && echo Success. || echo Fail.
which resulted in Fail.
I also ran it on the local server instance and it responded with Success.
I also ran nmap on the server making the handshake,
nmap -p 3306 example.com
Nmap scan report for example.com (1.1.1.1)
Host is up (0.048s latency).
PORT STATE SERVICE
3306/tcp filtered mysql
Nmap done: 1 IP address (1 host up) scanned in 2.03 seconds
Lastly, I tried adding the following rules in iptables:
iptables -A INPUT -i eth0 -s "example.com" -p tcp --destination-port 3306 -j ACCEPT
and
sudo iptables -I INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
I don't know what to do at this point.
UPDATE
I tried pinging the EC2 server from the remote server and it did not return anything. At this point i think the issue is with EC2.
Try adding the follwing GRANT to your user:
GRANT ALL PRIVILEGES ON *.* TO 'user'#'ipadress'
Sounds like the port might not be getting forwarded correctly? One thing to try might be to put an Amazon Elastic Load Balancer in front of the instance. Then you can forward port 3306 for the MySQL connection.
Today I've been trying to access MySQL running on my remote work machine (Ubuntu), from my home machine (OSX), and I've had no success.
On my work machine, I've checked the following:
sudo netstat -ntlup | grep mysql
gives
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 23692/mysqld
and nmap tells me
PORT STATE SERVICE
3306/tcp open mysql
and in /etc/mysql/my.cnf I've set bind-address = 0.0.0.0
I've also run the following iptables rules:
iptables -A INPUT -i lo -p tcp --dport 3306 -j ACCEPT
iptables -A OUTPUT -o lo -p tcp --sport 3306 -j ACCEPT
What else can I check?
If there is some corporate network rule blocking my MySQL access, what could I check to find this?
The only way I can make this work is ssh tunnelling:
ssh -L 8080:localhost:3306 my_user_name#my_dev_machine_IP
and then if I do
mysql -h 127.0.0.1 --port=8080 -u root -p
I can get in. If I close the ssh tunnel, then I can't log in via mysql, nor even via telnet remote_IP 3306.
But this is no good for what I want, because I need the PHP code running on my local machine to be able to access the remote database.
I've also (hopefully temporarily) opened up the access to the MySQL databases to all hosts/IP:
GRANT ALL PRIVILEGES ON *.* TO 'application_username'#'%'
FLUSH PRIVILEGES
Any advice gratefully received!
Ubuntu has uwf - in some vps installations it is enabled by default. So, if it is, do sudo ufw allow 3306. I am writing this jsut in case you run nmap from your work machine. If nmap shows that result run from your mac, then this does not apply.
I've got a root server (Ubuntu 14.04) with a MYSQL (5.5.41) running and trying to access the database from two diffrent homepages on two diffrent server. The homepage servers use static ips.
I set up iptables on the root.
iptables -A INPUT -p tcp --dport 3306 -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -s 'my_homepage_ip' -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j REJECT --reject-with icmp-port-unreachable
If I try to access the server from the two homepages I get:
Can't connect to MySQL server on 'server_ip' (111)2003.
The homepages are running on webspaces from some german provider called 1und1.
If I open the iptables and delete the reject line, everything works fine. Also I tried to access the SQL Server from my local computer which is running an XAMPP server with the same script as I use at the homepage server. This works fine.
Server('my_server') and Port (3306) are defined in my php script.
$db = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME, DB_PORT);
I assume that I got wrong IPs of the homepage server or that the homepage server use an other port than 3306.
Try changing your 3rd line to iptables -A INPUT -p tcp --dport 3306 -j LOG. This will log all attempts to the MySQL port to your /var/log/messages file, including the source IP address. This will allow you to verify that the source IP is the same as the IP being used for your website proper. If it is different, just change line 2 with the correct IP address.
This question already has an answer here:
Can't Connect to PostgreSQL with PHP pg_connect()
(1 answer)
Closed 8 years ago.
Connecting to a PostgreSQL database via a remote IP address, I have been successful via Windows using pgAdmin III, but I get errors whenever I try connecting from my local CentOS 6 Apache web server using the standard php-pgsql library using pg_connect().
Notes:
I am not in control of the remote server, but could inquire about additional info if needed.
My password does contain a special character (although it's not a quote character).
Creds are as follows:
Host (IP): xx.xx.xx.xx
Port: 5432
DBname: sandbox
Username: abc
Password: ***
MaintenanceDB: template1
This is the PHP code I have attempted to run in my local server:
pg_connect("host=xx.xx.xx.xx port=5432 dbname=sandbox user=abc password=***");
I've also tried:
pg_connect("host=xx.xx.xx.xx port=5432 dbname=template1 user=abc password=***");
When I attempt to connect, I receive the following error:
Warning: pg_connect(): Unable to connect to PostgreSQL server: could not connect to server: Permission denied Is the server running on host "xx.xx.xx.xx" and accepting TCP/IP connections on port 5432?
I have added/uncommented extension=pgsql.so in the /etc/php.d/ directory and service httpd restart. I've even gone as far as opening my iptables ports as such so there should be no doubt about local firewall ports being blocked:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5432 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 5432 -j ACCEPT
Thanks in advance :-)
As per your postgresql connection problem, this solution may work. i just take this answer from php manual and i am not sure about it, so please see here for more http://php.net/manual/en/function.pg-connect.php#38291
You should try to leave the host= and port= parts out of the connection string. This sounds strange, but this is an "option" of Postgre. If you have not activated the TCP/IP port in postgresql.conf then postgresql doesn't accept any incoming requests from an TCP/IP port.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I have two Centos VM. The IP Address on VM_1 is 10.99.0.10 and VM_2 is 10.99.0.12. Apache and PHP are in VM_1 and MySQL is in VM_2. Both are having IPTables rules. VM_2 is working fine with rules. Now I am Testing from VM_1.
First, I disabled VM_1 IPTables and connect to VM_2 MySQL (connected successfully).
[root#foster ~]# service IPTables stop
IPTables : Applying firewall rules: [ OK ]
[root#foster ~]# mysql -h 10.99.0.12 -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 16
Server version: 5.6.21 MySQL Community Server (GPL)
Next, I enabled VM_1 IPTables and connect to VM_2 MySQL (It never respond in hours and hours also).
[root#foster ~]# service IPTables start
IPTables : Applying firewall rules: [ OK ]
[root#foster ~]# mysql -h 10.99.0.12 -u root -p
Enter password:
What is wrong with my IPTables rules? My rules are in Pastebin.
The problem is in the method you enable MySQL traffic:
# Allow MySQL private Networking
sudo iptables -A INPUT -i eth1 -p tcp -s 10.99.0.12 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -o eth1 -p tcp --sport 3306 -m state --state ESTABLISHED -j ACCEPT
These rules have two issues:
They allow outgoing MySQL traffic from VM_1 only if the connection was first initiated from VM_2 (10.99.0.12).
They specify the port 3306 as the client's (VM_1) port rather than as the server's (VM_2) port.
A more suitable rule set would be as follows:
# Allow MySQL private Networking
sudo iptables -A OUTPUT -o eth1 -p tcp --dport 3306 -m state --state NEW, ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i eth1 -p tcp -s 10.99.0.12 --sport 3306 -m state --state ESTABLISHED -j ACCEPT