[root@mysqld ~]# mysql -uroot -h 192.168.1.35 -p

Enter password:

ERROR 1130 (HY000): Host '192.168.1.66' is not allowed to connect to this MySQL server

下表可见3306端口没打开:

[root@v01-svn-test-server online]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

2    ACCEPT     all  --  127.0.0.1            127.0.0.1

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED

2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED

[root@v01-svn-test-server online]# iptables -A INPUT -p tcp -s 192.168.1.66 --dport 3306 -j ACCEPT

[root@v01-svn-test-server online]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

2    ACCEPT     all  --  127.0.0.1            127.0.0.1

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80

4    ACCEPT     tcp  --  192.168.1.66         0.0.0.0/0           tcp dpt:3306 

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED

2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED

建个远程账户:

mysql> select user,host,password from user;

+------+-----------+-------------------------------------------+

| user | host      | password                                  |

+------+-----------+-------------------------------------------+

| root | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |

+------+-----------+-------------------------------------------+

1 row in set (0.06 sec)

mysql> grant select on *.* to "select_user"@"%" identified by "123";

Query OK, 0 rows affected (0.10 sec)

mysql> select user,host,password from user;

+-------------+-----------+-------------------------------------------+

| user        | host      | password                                  |

+-------------+-----------+-------------------------------------------+

| root        | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |

| select_user | %         | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |

+-------------+-----------+-------------------------------------------+

2 rows in set (0.00 sec)

成功连入远程连入mysql服务器:

[root@mysqld ~]# mysql -uselect_user -h192.168.1.35 -p

Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 13

Server version: 5.5.40-log MySQL Community Server (GPL)

Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

关掉3306端口,再次测试:

[root@v01-svn-test-server online]# iptables -D INPUT -p tcp -s 192.168.1.66 --dport 3306 -j ACCEPT

[root@v01-svn-test-server online]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

2    ACCEPT     all  --  127.0.0.1            127.0.0.1

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED

2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED

[root@v01-svn-test-server online]# iptables -P INPUT DROP

[root@v01-svn-test-server online]# iptables -P OUTPUT DROP

[root@v01-svn-test-server online]# iptables -P FORWARD DROP

[root@v01-svn-test-server online]# service iptables status

Table: filter

Chain INPUT (policy DROP)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

2    ACCEPT     all  --  127.0.0.1            127.0.0.1

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy DROP)

num  target     prot opt source               destination         

Chain OUTPUT (policy DROP)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED

2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED

[root@mysqld ~]# mysql -uselect_user -h192.168.1.35 -p

Enter password: 

#卡主无法链接

重新开启3306端口:

[root@v01-svn-test-server online]# service iptables status

Table: filter

Chain INPUT (policy DROP)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:3306

2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

3    ACCEPT     all  --  127.0.0.1            127.0.0.1

4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy DROP)

num  target     prot opt source               destination         

Chain OUTPUT (policy DROP)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:3306

2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED

3    ACCEPT     all  --  127.0.0.1            0.0.0.0/0

4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED 

[root@v01-svn-test-server online]# cat /etc/sysconfig/ip

ip6tables         ip6tables.old     iptables-config   iptables.save

ip6tables-config  iptables          iptables.old

[root@v01-svn-test-server online]# cat /etc/sysconfig/iptables

# Generated by iptables-save v1.4.7 on Wed Jun  1 22:15:41 2016

*filter

:INPUT DROP [24:3081]

:FORWARD DROP [0:0]

:OUTPUT DROP [0:0]

-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT

-A OUTPUT -p tcp -m tcp --sport 3306 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

-A OUTPUT -p tcp -m tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

-A OUTPUT -s 127.0.0.1/32 -j ACCEPT

-A OUTPUT -p tcp -m tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

COMMIT

# Completed on Wed Jun  1 22:15:41 2016

iptables 开启3306端口的更多相关文章

  1. linux mysql 授权以及 iptables开启3306

    mysql授权ip段访问mysql grant all privileges on *.* to 'yang'@'192.168.1.%' identified by '123456'; linux ...

  2. centos7开启3306端口,liunx查看防火墙是否开启

    Can't connect to MySQL server on localhost (10061)这个就属于下面要说的情况 启动服务 systemctl start mariadb.service ...

  3. linux下如何修改iptables开启80端口

    linux下如何修改iptables开启80端口   最近在做本地服务器的环境,发现网站localhost能正常访问,用ip访问就访问不了,经常使用CentOS的朋友,可能会遇到和我一样的问题.开启了 ...

  4. memcache和iptables开启11211端口

    linux下安装完memcached后,netstat -ant | grep LISTEN 看到memcache用的11211端口已在监听状态,但建立php文件连接测试发现没有输出结果,iptabl ...

  5. Centos7防火墙开启3306端口

    CentOS7的默认防火墙为firewall,且默认是不打开的. systemctl start firewalld # 启动friewall systemctl status firewalld # ...

  6. linux中用iptables开启指定端口

    linux中用iptables开启指定端口   centos默认开启的端口只有22端口,专供于SSH服务,其他端口都需要自行开启. 1.修改/etc/sysconfig/iptables文件,增加如下 ...

  7. windows开启3306端口并用可视化工具访问远程mysql(授权访问)

    开启 MySQL 的远程登陆帐号有两大步: 1.确定服务器上的防火墙没有阻止 3306 端口. MySQL 默认的端口是 3306 ,需要确定防火墙没有阻止 3306 端口,否则远程是无法通过 330 ...

  8. CentOs7 使用iptables开启关闭端口

    介绍 iptables命令是Linux上常用的防火墙软件,是netfilter项目的一部分 iptables文件设置路径:命令:vim /etc/sysconfig/iptables-config 注 ...

  9. ubuntu开启mysql远程连接,并开启3306端口

    mysql -u root -p 修改mysql库的user表,将host项,从localhost改为%.%这里表示的是允许任意host访问,如果只允许某一个ip访问,则可改为相应的ip mysql& ...

随机推荐

  1. HD 1533 Going Home(最小费用最大流模板)

    Going Home Time Limit: 10000/5000 MS (Java/Others)    Memory Limit: 65536/32768 K (Java/Others)Total ...

  2. ThinkPad紧凑型蓝牙键盘(0B47189)鼠标滚轮用法,F1到F12功能键的功能切换以及其他技巧

    入手小红点蓝牙键盘(ThinkPad Compact Bluetooth),手感极佳,小红点特别适合程序员工作,双手无需离开键盘就可以操作鼠标,完全解决肩部.腕部疲劳酸痛问题,程序员健康的大福音! 使 ...

  3. The mean shift clustering algorithm

    The mean shift clustering algorithm MEAN SHIFT CLUSTERING Mean shift clustering is a general non-par ...

  4. C语言时间函数

    #include "time.h" #include "stdio.h" #include "stdlib.h" int main() { ...

  5. 远程桌面连接不上|windows server 2003 sp2 termdd.sys(转载)

    远程桌面连接不上|windows server 2003 sp2 termdd.sys.请教一个问题,为什么 Windows Server 2003 打上SP2补丁,就不能通过远程桌面连接上去了?服务 ...

  6. 移动端学习系列1--meta标签

    <!-- 是否启动webapp功能,会删除默认的苹果工具栏和菜单栏 --><meta name="apple-mobile-web-app-capable" co ...

  7. 用LoadRunner实现接口测试

    接口测试的两种方法 其实无论用那种测试方法,接口测试的原理是通过测试程序模拟客户端向服务器发送请求报文,服务器接收请求报文后对相应的报文做出处理然后再把应答报文发送给客户端,客户端接收应答报文这一个过 ...

  8. Sixth scrum meeting - 2015/10/31

    概述 今天是周末,我们小组由于之前拖延的比较久,所以今天仍然在努力的开发…… 目前开发已经到了中期阶段,今天遇到了一个问题就是,由于小组的某些同学对git的使用不太熟悉,导致在git push的时候遇 ...

  9. Android EditText的设置

    1.输入法Enter键图标的设置: 软件盘的界面替换只有一个属性android:imeOptions,这个属性的可以取的值有normal,actionUnspecified,actionNone,ac ...

  10. JSON: property "xxx" has no getter method in class "..."

    Exception in thread "main" net.sf.json.JSONException: java.lang.NoSuchMethodException: Pro ...