tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 11107/mysqld
测试连接: mysql -u root -p -h xxx.xxx.xxx.85 --port 3306 6.最坑的防火墙:1.检查防火墙状态
[root@iZ288zn7gymZ ~]# service iptables status
Redirecting to /bin/systemctl status iptables.service
iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled)
Active: active (exited) since Wed 2016-11-02 23:10:51 CST; 14min ago
Process: 12024 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=0/SUCCESS)
Process: 12078 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
Main PID: 12078 (code=exited, status=0/SUCCESS)
Nov 02 23:10:51 iZ288zn7gymZ iptables.init[12078]: iptables: Applying firewall rules: [ OK ]
Nov 02 23:10:51 iZ288zn7gymZ systemd[1]: Started IPv4 firewall with iptables.
正常启动。
查看是否放开mysql端口
[root@iZ288zn7gymZ ~]# iptables -L -n (或者: iptables --list )
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 100/sec burst 100
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 10
syn-flood tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
如果没有 3306 加入防火墙规则:
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
注意这样只能临时加入防火墙 需要把规则save到 /etc/sysconfig/iptables 文件下
[root@iZ288zn7gymZ ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、
或者简单粗暴
直接vim /etc/sysconfig/iptables
增加一行 -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
完成后我的如下:
# Generated by iptables-save v1.4.21 on Thu Jan 28 19:16:55 2016
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1:152]
:syn-flood - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p icmp -m limit --limit 100/sec --limit-burst 100 -j ACCEPT
-A INPUT -p icmp -m limit --limit 1/sec --limit-burst 10 -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN
-A syn-flood -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Thu Jan 28 19:16:55 2016
然后重启防火墙:
[root@iZ288zn7gymZ ~]# service iptables restart
Redirecting to /bin/systemctl restart iptables.service
PS. 请保证mysql 进程正常启动的前提下 逐一排查以上几点。
参考: MySQL远程连接ERROR 2003 (HY000):Can‘t connect to MySQL server on‘XXXXX‘的问题
mysql权限及密码问题见:http://www.cnblogs.com/wangdaijun/p/5312424.html