远程连接到 Google Compute Engine VM 上的 MySQL

2022-01-15 00:00:00 google-compute-engine mariadb mysql

我的问题类似于

在 my.cnf 文件中我有:

<块引用>

绑定地址 = 0.0.0.0

关于 MySQL 用户的权限,我有以下几点:

当我尝试与 wkreport 用户远程连接时,我得到以下结果:

我的问题是,我错过了什么?!

解决方案

我刚刚找到了解决问题的方法,

特别感谢@Slava 为我指路,毕竟它是 iptables.

所以,我在尝试远程连接时一直收到MySQL 连接被拒绝"消息,所以我搜索了一种查看 TCP 连接日志的方法,并找到了 tcpdump 命令.

通过运行 sudo tcpdump port 3306 -vvv -n 我每次尝试远程连接时都会看到以下输出:

我搜索了 tcpdump 手册页,发现 R 表示 TCP RST (RESET) 标志.

搜索了一下,发现了这个

在此之后,我刚刚删除了接受 tcp:3306 的规则并将其添加到拒绝 tcp 规则之前,瞧!

iptables -D INPUT -p tcp -m tcp --dport 3306 -j ACCEPTiptables -I INPUT {第一个拒绝 tcp 规则的行号} -p tcp -m tcp --dport 3306 -j ACCEPT

IPTABLES 现在看起来像这样,最后我可以远程连接到 MySQL:

要列出带有行号的 iptables,请键入:

sudo iptables -nL --line-numbers

最后的挑战:

  • 出于安全考虑,可以通过将您进行远程连接的源 IP 地址列入白名单来改善这一点.

My problem is similar to this question but since I don't have enough reputation to write a comment AND the answer to that question dindn’t help, I am starting a new question.

I have an GCE VM instance with LEMP with MySQL Ver 15.1 Distrib 10.1.18-MariaDB and I'm trying to connect remotely to it from my local machine.

I already tried all the suggestions in the question link that I mentioned before.

This is my firewall configuration:

In my.cnf file I have:

bind-address = 0.0.0.0

And about MySQL users privileges I have the following:

When I try to connect remotely with wkreport user I get the following result:

My question is, what am I missing ?!

解决方案

I just found the solution to my problem,

Special thanks to @Slava for pointing me the way, after all it was iptables.

So, I kept receiving a "MySQL connection refused" message when trying to connect remotely so I searched for a way to see TCP connection logs and I found the tcpdump command.

By running sudo tcpdump port 3306 -vvv -n I saw the following output every time I tried to connect remotely:

I searched the tcpdump man page and saw that R means for TCP RST (RESET) flag.

Searched a little bit and found this question and its accepted answer led me again into IPTABLES that @Slava suggested since the first comment.

That's when I looked closely and saw that my INPUT ACCEPT tcp:3306 was defined after the REJECT TCP reject-with tcp-reset rule hence the log was showing.

After this I just removed the rule to accept tcp:3306 and prepended it to the reject tcp rules and voila!

iptables -D INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
iptables -I INPUT {line number from the first reject tcp rule} -p tcp -m tcp --dport 3306 -j ACCEPT

IPTABLES now looks like this and finally I can connect to MySQL remotely:

To list the iptables with line numbers type:

sudo iptables -nL --line-numbers

Final toughts:

  • This can be improved by whitelisting the source IP address from where you're making the remote connection for security matters.

相关文章