I've got a root server (Ubuntu 14.04) with a MYSQL (5.5.41) running and trying to access the database from two diffrent homepages on two diffrent server. The homepage servers use static ips.
I set up iptables on the root.
iptables -A INPUT -p tcp --dport 3306 -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -s 'my_homepage_ip' -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j REJECT --reject-with icmp-port-unreachable
If I try to access the server from the two homepages I get:
Can't connect to MySQL server on 'server_ip' (111)2003.
The homepages are running on webspaces from some german provider called 1und1.
If I open the iptables and delete the reject line, everything works fine. Also I tried to access the SQL Server from my local computer which is running an XAMPP server with the same script as I use at the homepage server. This works fine.
Server('my_server') and Port (3306) are defined in my php script.
$db = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME, DB_PORT);
I assume that I got wrong IPs of the homepage server or that the homepage server use an other port than 3306.
Try changing your 3rd line to iptables -A INPUT -p tcp --dport 3306 -j LOG. This will log all attempts to the MySQL port to your /var/log/messages file, including the source IP address. This will allow you to verify that the source IP is the same as the IP being used for your website proper. If it is different, just change line 2 with the correct IP address.
Related
I'm having issues connecting to my AWS EC2 Server holding a MySQL Server.
Here's my Response from mysqli_connect
p#xxx.com [~/app]# php checkmysqlremote.php
Error: Unable to connect to MySQL.
Debugging errno: 2002
Debugging error: Connection refused
Here's my netstat -tuplen on the EC2 Server containing the MySQL Server
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 999 20299 1378/mysqld
As you can see its binding to the 0.0.0.0 address correctly.
I enabled the 3306 port in inbound rules for EC2.
on the server making the request handshake, I ran:
curl -s example.com:3306 >/dev/null && echo Success. || echo Fail.
which resulted in Fail.
I also ran it on the local server instance and it responded with Success.
I also ran nmap on the server making the handshake,
nmap -p 3306 example.com
Nmap scan report for example.com (1.1.1.1)
Host is up (0.048s latency).
PORT STATE SERVICE
3306/tcp filtered mysql
Nmap done: 1 IP address (1 host up) scanned in 2.03 seconds
Lastly, I tried adding the following rules in iptables:
iptables -A INPUT -i eth0 -s "example.com" -p tcp --destination-port 3306 -j ACCEPT
and
sudo iptables -I INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
I don't know what to do at this point.
UPDATE
I tried pinging the EC2 server from the remote server and it did not return anything. At this point i think the issue is with EC2.
Try adding the follwing GRANT to your user:
GRANT ALL PRIVILEGES ON *.* TO 'user'#'ipadress'
Sounds like the port might not be getting forwarded correctly? One thing to try might be to put an Amazon Elastic Load Balancer in front of the instance. Then you can forward port 3306 for the MySQL connection.
I need solution for Centralized DB.
We have DB in one Hosting server (Azure Redhat virtual server) and we need to use the same db in other hosting server too. So it will be centralized DB for both server. I can not use it in navicat also if I use IP of Mysql DB.
I have tried using ( bind-address= IP address of the server where db is hosted ) in My.cnf file but it doesn't allow remote access. to use it in other hosting server nor in any mysql client like navicat / Heidi sql.
Also I have added the port 3306 rule in azure server for inbound security.
Thanks in advance for help.
As Azure VMs disable ICMP and we can use SSH tunnels to allow outside access to internal network resources.
Please try to follow this post, created a SSH tunnel in VM which hosted the MySQL server:
Open port 3306, so a remote client can connect to your MySQL Server. Run the following command to open TCP port 3306
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
Now let’s check if the port 3306 is open by running this command:
sudo netstat -anltp|grep :3306
Create a SSH tunnel for port 3307
sudo ssh -fNg -L 3307:127.0.0.1:3306 azurevmuser#servername
Create an endpoint for the port 3307 rule in azure server for inbound security. Now your Database host name is <VM_ip>:3307
Any further concern, please feel free to let me know.
Today I've been trying to access MySQL running on my remote work machine (Ubuntu), from my home machine (OSX), and I've had no success.
On my work machine, I've checked the following:
sudo netstat -ntlup | grep mysql
gives
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 23692/mysqld
and nmap tells me
PORT STATE SERVICE
3306/tcp open mysql
and in /etc/mysql/my.cnf I've set bind-address = 0.0.0.0
I've also run the following iptables rules:
iptables -A INPUT -i lo -p tcp --dport 3306 -j ACCEPT
iptables -A OUTPUT -o lo -p tcp --sport 3306 -j ACCEPT
What else can I check?
If there is some corporate network rule blocking my MySQL access, what could I check to find this?
The only way I can make this work is ssh tunnelling:
ssh -L 8080:localhost:3306 my_user_name#my_dev_machine_IP
and then if I do
mysql -h 127.0.0.1 --port=8080 -u root -p
I can get in. If I close the ssh tunnel, then I can't log in via mysql, nor even via telnet remote_IP 3306.
But this is no good for what I want, because I need the PHP code running on my local machine to be able to access the remote database.
I've also (hopefully temporarily) opened up the access to the MySQL databases to all hosts/IP:
GRANT ALL PRIVILEGES ON *.* TO 'application_username'#'%'
FLUSH PRIVILEGES
Any advice gratefully received!
Ubuntu has uwf - in some vps installations it is enabled by default. So, if it is, do sudo ufw allow 3306. I am writing this jsut in case you run nmap from your work machine. If nmap shows that result run from your mac, then this does not apply.
I started local server using php on my server . (Trying to work on port 8080/8283 . Anyone of them will do .)
php -S 0.0.0.0 8283 -t testServer/
using curl localhost:8283 I am able to get the result of the index.php file
but when I access it using my server ip I am not able to access that port .
Any when I do netstat -tuplen . I can see that port as well .
How can I make port 8283 available through http request ?
I asked this question here but not much help .
I have used this
# /sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 8283 -j ACCEPT
# service iptables save
# service iptables restart
and still it did not work
And this is output from telnet on my server
telnet XX.XX.X.XXX 8283
Trying XX.XX.X.XXX...
Connected to XX.XX.X.XXX.
Escape character is '^]'.
GET /
HTTP/0.9 200 OK
Connection: close
X-Powered-By: PHP/5.5.19
Content-type: text/html
Hello World !Connection closed by foreign host.
this one is from my PC
telnet XX.XX.X.XXX 8283
Trying XX.XX.X.XXX...
telnet: Unable to connect to remote host: No route to host
NMAP Result
sudo nmap -p 8283 XX.XX.X.XXX
Starting Nmap 5.21 ( http://nmap.org ) at 2015-02-04 19:18 IST
Nmap scan report for srv1.domain.com (XX.XX.X.XXX)
Host is up (0.035s latency).
PORT STATE SERVICE
8283/tcp filtered unknown
Nmap done: 1 IP address (1 host up) scanned in 0.37 seconds
IPTABLES OUTPUT
/sbin/iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8282
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8283 state NEW,ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
try
php -S 0.0.0.0 8080 -t testServer/
by use localhost you will bound just 127.0.0.1 address: that address is not reachable by other address instead of localhost or localhost.localdomin.
Now by use 0.0.0.0 you will bound all your interfaces. Alternatively you can use your host address where you want expose the service.
You do not have to use localhost you have to use your external ip address:
php -S <ip-address> 8080 -t testServer/
localhost is mapped on ip 127.0.0.1 so it is only available from yor server.
You're explicitly binding to localhost. If you want to bind to a different IP address, then specify it instead of localhost (or use 0.0.0.0 for all network interfaces).
This question already has an answer here:
Can't Connect to PostgreSQL with PHP pg_connect()
(1 answer)
Closed 8 years ago.
Connecting to a PostgreSQL database via a remote IP address, I have been successful via Windows using pgAdmin III, but I get errors whenever I try connecting from my local CentOS 6 Apache web server using the standard php-pgsql library using pg_connect().
Notes:
I am not in control of the remote server, but could inquire about additional info if needed.
My password does contain a special character (although it's not a quote character).
Creds are as follows:
Host (IP): xx.xx.xx.xx
Port: 5432
DBname: sandbox
Username: abc
Password: ***
MaintenanceDB: template1
This is the PHP code I have attempted to run in my local server:
pg_connect("host=xx.xx.xx.xx port=5432 dbname=sandbox user=abc password=***");
I've also tried:
pg_connect("host=xx.xx.xx.xx port=5432 dbname=template1 user=abc password=***");
When I attempt to connect, I receive the following error:
Warning: pg_connect(): Unable to connect to PostgreSQL server: could not connect to server: Permission denied Is the server running on host "xx.xx.xx.xx" and accepting TCP/IP connections on port 5432?
I have added/uncommented extension=pgsql.so in the /etc/php.d/ directory and service httpd restart. I've even gone as far as opening my iptables ports as such so there should be no doubt about local firewall ports being blocked:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5432 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 5432 -j ACCEPT
Thanks in advance :-)
As per your postgresql connection problem, this solution may work. i just take this answer from php manual and i am not sure about it, so please see here for more http://php.net/manual/en/function.pg-connect.php#38291
You should try to leave the host= and port= parts out of the connection string. This sounds strange, but this is an "option" of Postgre. If you have not activated the TCP/IP port in postgresql.conf then postgresql doesn't accept any incoming requests from an TCP/IP port.