@imambek

Как открыть 3306 порт, debian 10?

1.Установил MySQL сервер
2. Добавил
[mysqld]
bind-address = 0.0.0.0

3.Добавил правило в iptables
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT

4. Создал пользователя:
CREATE USER 'user0'@'%' IDENTIFIED BY '0000';
GRANT ALL PRIVILEGES ON * . * TO 'user0'@'%' ;
FLUSH PRIVILEGES;

5.Перезапустил сервис mysql
6.При попытке удаленного подключения к базе, выдаёт "unknown error", через telnet 3306 - нет ответа от сервера.

Правила iptables
spoiler

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere tcp dpt:http

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ufw-before-logging-forward all -- anywhere anywhere
ufw-before-forward all -- anywhere anywhere
ufw-after-forward all -- anywhere anywhere
ufw-after-logging-forward all -- anywhere anywhere
ufw-reject-forward all -- anywhere anywhere
ufw-track-forward all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql

Chain INPUT_direct (1 references)
target prot opt source destination

Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all -- anywhere anywhere [goto]

Chain FORWARD_direct (1 references)
target prot opt source destination

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all -- anywhere anywhere [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all -- anywhere anywhere [goto]

Chain OUTPUT_direct (1 references)
target prot opt source destination

Chain IN_public (1 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere

Chain IN_public_log (1 references)
target prot opt source destination

Chain IN_public_deny (1 references)
target prot opt source destination

Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql ctstate NEW,UNTRACKED

Chain FWDI_public (1 references)
target prot opt source destination
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere

Chain FWDI_public_log (1 references)
target prot opt source destination

Chain FWDI_public_deny (1 references)
target prot opt source destination

Chain FWDI_public_allow (1 references)
target prot opt source destination

Chain FWDO_public (1 references)
target prot opt source destination
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere

Chain FWDO_public_log (1 references)
target prot opt source destination

Chain FWDO_public_deny (1 references)
target prot opt source destination

Chain FWDO_public_allow (1 references)
target prot opt source destination

Chain ufw-before-logging-input (0 references)
target prot opt source destination

Chain ufw-before-logging-output (0 references)
target prot opt source destination

Chain ufw-before-logging-forward (1 references)
target prot opt source destination

Chain ufw-before-input (0 references)
target prot opt source destination

Chain ufw-before-output (0 references)
target prot opt source destination

Chain ufw-before-forward (1 references)
target prot opt source destination

Chain ufw-after-input (0 references)
target prot opt source destination

Chain ufw-after-output (0 references)
target prot opt source destination

Chain ufw-after-forward (1 references)
target prot opt source destination

Chain ufw-after-logging-input (0 references)
target prot opt source destination

Chain ufw-after-logging-output (0 references)
target prot opt source destination

Chain ufw-after-logging-forward (1 references)
target prot opt source destination

Chain ufw-reject-input (0 references)
target prot opt source destination

Chain ufw-reject-output (0 references)
target prot opt source destination

Chain ufw-reject-forward (1 references)
target prot opt source destination

Chain ufw-track-input (0 references)
target prot opt source destination

Chain ufw-track-output (0 references)
target prot opt source destination

Chain ufw-track-forward (1 references)
target prot opt source destination

  • Вопрос задан
  • 130 просмотров
Пригласить эксперта
Ответы на вопрос 3
alpik
@alpik
no I, no mine
Вы хотите открыть порт при помощи --drop 3306 ?
Ответ написан
fox_12
@fox_12
Расставляю биты, управляю заряженными частицами
sudo ufw allow 3306
Ответ написан
@Korben5E
То что вы добавили правило - ни о чем не говорит, выполните iptables-save, проверьте, наверняка ваше правило будет стоять последним, а перед ним будет стоять запрещающее правило.

Попробуйте добавить правило так:
iptables -A INPUT 1 -p tcp --dport 3306 -j ACCEPT
Ответ написан
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Войти через центр авторизации
Похожие вопросы