Access Remotely to mysql 3306 CENTOS 7

Support for security such as Firewalls and securing linux
Post Reply
Master78
Posts: 6
Joined: 2018/04/23 09:56:36

Access Remotely to mysql 3306 CENTOS 7

Post by Master78 » 2018/04/26 09:06:19

Hello,
i need to access remotely to my database on CENTOS 7.
I have this IPTABLES:

Code: Select all

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:mysql

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:ftp-data
And the my.cnf is:

Code: Select all

[mysqld]
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock

# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0

# Recommended in standard MySQL setup
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
bind-address=*

Code: Select all

# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp6       0      0 :::3306                 :::*                    LISTEN
tcp6       0      0 :::111                  :::*                    LISTEN
tcp6       0      0 :::80                   :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
Why can't access?

mghe
Posts: 766
Joined: 2015/11/24 12:04:43
Location: Katowice, Poland

Re: Access Remotely to mysql 3306 CENTOS 7

Post by mghe » 2018/04/26 09:21:35


tunk
Posts: 1204
Joined: 2017/02/22 15:08:17

Re: Access Remotely to mysql 3306 CENTOS 7

Post by tunk » 2018/04/26 09:51:40

Does it work if you (temporarely) switch off the firewall?

Master78
Posts: 6
Joined: 2018/04/23 09:56:36

Re: Access Remotely to mysql 3306 CENTOS 7

Post by Master78 » 2018/04/27 09:13:04

Not function,
i stop the firewall with this command:

systemctl stop iptables

after try to connect with terminal on windows and i have this response:

Code: Select all

J
 5.6.40Dm`yaWs\Çh4i6mFV[G0ZWmysql_native_password

Connestion lost to host.

tunk
Posts: 1204
Joined: 2017/02/22 15:08:17

Re: Access Remotely to mysql 3306 CENTOS 7

Post by tunk » 2018/04/27 11:15:46

Firewalld is the default firewall in CentOS 7. Unless you have installed/switched to iptables, I think you have to use:
systemctl stop firewalld

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Access Remotely to mysql 3306 CENTOS 7

Post by TrevorH » 2018/04/27 14:00:56

Your my.cnf does not contain a bind-address= line so it's most likely only listening on 127.0.0.1.

For most purposes, I'd recommend not opening the port to the entire internet! If you can I would leave it how it is and tunnel the port via ssh if this is just for occasional client queries.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply