博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
iptables 开启3306端口
阅读量:7207 次
发布时间:2019-06-29

本文共 7360 字,大约阅读时间需要 24 分钟。

 

[root@mysqld ~]# mysql -uroot -h 192.168.1.35 -pEnter password: ERROR 1130 (HY000): Host '192.168.1.66' is not allowed to connect to this MySQL server

下表可见3306端口没打开:

[root@v01-svn-test-server online]# service iptables statusTable: filterChain INPUT (policy ACCEPT)num  target     prot opt source               destination         1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 2    ACCEPT     all  --  127.0.0.1            127.0.0.1           3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 Chain FORWARD (policy ACCEPT)num  target     prot opt source               destination         Chain OUTPUT (policy ACCEPT)num  target     prot opt source               destination         1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED 2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0           3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED

 

[root@v01-svn-test-server online]# iptables -A INPUT -p tcp -s 192.168.1.66 --dport 3306 -j ACCEPT[root@v01-svn-test-server online]# service iptables statusTable: filterChain INPUT (policy ACCEPT)num  target     prot opt source               destination         1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 2    ACCEPT     all  --  127.0.0.1            127.0.0.1           3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 4    ACCEPT     tcp  --  192.168.1.66         0.0.0.0/0           tcp dpt:3306 Chain FORWARD (policy ACCEPT)num  target     prot opt source               destination         Chain OUTPUT (policy ACCEPT)num  target     prot opt source               destination         1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED 2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0           3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED

 建个远程账户:

mysql> select user,host,password from user;+------+-----------+-------------------------------------------+| user | host      | password                                  |+------+-----------+-------------------------------------------+| root | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |+------+-----------+-------------------------------------------+1 row in set (0.06 sec)

 

mysql> grant select on *.* to "select_user"@"%" identified by "123";Query OK, 0 rows affected (0.10 sec)

 

mysql> select user,host,password from user;+-------------+-----------+-------------------------------------------+| user        | host      | password                                  |+-------------+-----------+-------------------------------------------+| root        | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 || select_user | %         | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |+-------------+-----------+-------------------------------------------+2 rows in set (0.00 sec)

 成功连入远程连入mysql服务器:

[root@mysqld ~]# mysql -uselect_user -h192.168.1.35 -pEnter password: Welcome to the MySQL monitor.  Commands end with ; or \g.Your MySQL connection id is 13Server version: 5.5.40-log MySQL Community Server (GPL)Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql>

 关掉3306端口,再次测试:

[root@v01-svn-test-server online]# iptables -D INPUT -p tcp -s 192.168.1.66 --dport 3306 -j ACCEPT[root@v01-svn-test-server online]# service iptables statusTable: filterChain INPUT (policy ACCEPT)num  target     prot opt source               destination         1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 2    ACCEPT     all  --  127.0.0.1            127.0.0.1           3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 Chain FORWARD (policy ACCEPT)num  target     prot opt source               destination         Chain OUTPUT (policy ACCEPT)num  target     prot opt source               destination         1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED 2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0           3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED

 

[root@v01-svn-test-server online]# iptables -P INPUT DROP[root@v01-svn-test-server online]# iptables -P OUTPUT DROP[root@v01-svn-test-server online]# iptables -P FORWARD DROP[root@v01-svn-test-server online]# service iptables statusTable: filterChain INPUT (policy DROP)num  target     prot opt source               destination         1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 2    ACCEPT     all  --  127.0.0.1            127.0.0.1           3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 Chain FORWARD (policy DROP)num  target     prot opt source               destination         Chain OUTPUT (policy DROP)num  target     prot opt source               destination         1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED 2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0           3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED

 

[root@mysqld ~]# mysql -uselect_user -h192.168.1.35 -pEnter password: #卡主无法链接

 重新开启3306端口:

[root@v01-svn-test-server online]# service iptables statusTable: filterChain INPUT (policy DROP)num  target     prot opt source               destination         1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:3306 2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 3    ACCEPT     all  --  127.0.0.1            127.0.0.1           4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 Chain FORWARD (policy DROP)num  target     prot opt source               destination         Chain OUTPUT (policy DROP)num  target     prot opt source               destination         1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:3306 2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED 3    ACCEPT     all  --  127.0.0.1            0.0.0.0/0           4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED [root@v01-svn-test-server online]# cat /etc/sysconfig/ipip6tables         ip6tables.old     iptables-config   iptables.save     ip6tables-config  iptables          iptables.old      [root@v01-svn-test-server online]# cat /etc/sysconfig/iptables# Generated by iptables-save v1.4.7 on Wed Jun  1 22:15:41 2016*filter:INPUT DROP [24:3081]:FORWARD DROP [0:0]:OUTPUT DROP [0:0]-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT-A OUTPUT -p tcp -m tcp --sport 3306 -j ACCEPT-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT -A OUTPUT -s 127.0.0.1/32 -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT COMMIT# Completed on Wed Jun  1 22:15:41 2016

 

转载地址:http://ktrum.baihongyu.com/

你可能感兴趣的文章
拨打电话
查看>>
Linux下安装mysql
查看>>
排序算法(2)—选择排序
查看>>
C++(实验六)
查看>>
EBS后台取消死锁检查代码和取消死锁会话步骤---经验
查看>>
[置顶] Gridview中弹出层前台取值避免了刷新,easyui+Jquery
查看>>
Oracle BIEE11G --- ADF_IFRAME
查看>>
Java 连接数据库
查看>>
部分 TCP 参数简介
查看>>
[转]java annotation 手册
查看>>
不安装oracle客户端也可以使用pl/sql developer
查看>>
4、在Shell程序中的使用变量
查看>>
AndroidのListView之滑动列表项(点击事件和滑动事件共存)
查看>>
pygtk手记(1)
查看>>
YOUYOU深入学习Ganglia之三(gmetad的软件架构)
查看>>
poj1483 It's not a Bug, It's a Feature!
查看>>
ESET Smart Security 6 – 免费60天(SG)
查看>>
Coursera Machine Leaning 课程总结
查看>>
js 控制div 显示隐藏的问题
查看>>
execute、executeQuery和executeUpdate之间的区别
查看>>
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2025-02-12 08:29:45   当前IP: 3.147.62.94   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2022 baihongyu.com 京ICP备2021015314号-2
强烈建议你试试无所不能的CHAT-GPT,快点击我
强烈建议你试试无所不能的CHAT-GPT,快点击我