[root@mysqld ~]# mysql -uroot -h 192.168.1.35 -p

Enter password:

ERROR 1130 (HY000): Host '192.168.1.66' is not allowed to connect to this MySQL server

下表可见3306端口没打开:

[root@v01-svn-test-server online]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

2    ACCEPT     all  --  127.0.0.1            127.0.0.1

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED

2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED

[root@v01-svn-test-server online]# iptables -A INPUT -p tcp -s 192.168.1.66 --dport 3306 -j ACCEPT

[root@v01-svn-test-server online]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

2    ACCEPT     all  --  127.0.0.1            127.0.0.1

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80

4    ACCEPT     tcp  --  192.168.1.66         0.0.0.0/0           tcp dpt:3306 

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED

2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED

建个远程账户:

mysql> select user,host,password from user;

+------+-----------+-------------------------------------------+

| user | host      | password                                  |

+------+-----------+-------------------------------------------+

| root | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |

+------+-----------+-------------------------------------------+

1 row in set (0.06 sec)

mysql> grant select on *.* to "select_user"@"%" identified by "123";

Query OK, 0 rows affected (0.10 sec)

mysql> select user,host,password from user;

+-------------+-----------+-------------------------------------------+

| user        | host      | password                                  |

+-------------+-----------+-------------------------------------------+

| root        | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |

| select_user | %         | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |

+-------------+-----------+-------------------------------------------+

2 rows in set (0.00 sec)

成功连入远程连入mysql服务器:

[root@mysqld ~]# mysql -uselect_user -h192.168.1.35 -p

Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 13

Server version: 5.5.40-log MySQL Community Server (GPL)

Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

关掉3306端口,再次测试:

[root@v01-svn-test-server online]# iptables -D INPUT -p tcp -s 192.168.1.66 --dport 3306 -j ACCEPT

[root@v01-svn-test-server online]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

2    ACCEPT     all  --  127.0.0.1            127.0.0.1

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED

2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED

[root@v01-svn-test-server online]# iptables -P INPUT DROP

[root@v01-svn-test-server online]# iptables -P OUTPUT DROP

[root@v01-svn-test-server online]# iptables -P FORWARD DROP

[root@v01-svn-test-server online]# service iptables status

Table: filter

Chain INPUT (policy DROP)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

2    ACCEPT     all  --  127.0.0.1            127.0.0.1

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy DROP)

num  target     prot opt source               destination         

Chain OUTPUT (policy DROP)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED

2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0

3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED

[root@mysqld ~]# mysql -uselect_user -h192.168.1.35 -p

Enter password: 

#卡主无法链接

重新开启3306端口:

[root@v01-svn-test-server online]# service iptables status

Table: filter

Chain INPUT (policy DROP)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:3306

2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

3    ACCEPT     all  --  127.0.0.1            127.0.0.1

4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy DROP)

num  target     prot opt source               destination         

Chain OUTPUT (policy DROP)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:3306

2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED

3    ACCEPT     all  --  127.0.0.1            0.0.0.0/0

4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED 

[root@v01-svn-test-server online]# cat /etc/sysconfig/ip

ip6tables         ip6tables.old     iptables-config   iptables.save

ip6tables-config  iptables          iptables.old

[root@v01-svn-test-server online]# cat /etc/sysconfig/iptables

# Generated by iptables-save v1.4.7 on Wed Jun  1 22:15:41 2016

*filter

:INPUT DROP [24:3081]

:FORWARD DROP [0:0]

:OUTPUT DROP [0:0]

-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT

-A OUTPUT -p tcp -m tcp --sport 3306 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

-A OUTPUT -p tcp -m tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

-A OUTPUT -s 127.0.0.1/32 -j ACCEPT

-A OUTPUT -p tcp -m tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

COMMIT

# Completed on Wed Jun  1 22:15:41 2016

iptables 开启3306端口的更多相关文章

  1. linux mysql 授权以及 iptables开启3306

    mysql授权ip段访问mysql grant all privileges on *.* to 'yang'@'192.168.1.%' identified by '123456'; linux ...

  2. centos7开启3306端口,liunx查看防火墙是否开启

    Can't connect to MySQL server on localhost (10061)这个就属于下面要说的情况 启动服务 systemctl start mariadb.service ...

  3. linux下如何修改iptables开启80端口

    linux下如何修改iptables开启80端口   最近在做本地服务器的环境,发现网站localhost能正常访问,用ip访问就访问不了,经常使用CentOS的朋友,可能会遇到和我一样的问题.开启了 ...

  4. memcache和iptables开启11211端口

    linux下安装完memcached后,netstat -ant | grep LISTEN 看到memcache用的11211端口已在监听状态,但建立php文件连接测试发现没有输出结果,iptabl ...

  5. Centos7防火墙开启3306端口

    CentOS7的默认防火墙为firewall,且默认是不打开的. systemctl start firewalld # 启动friewall systemctl status firewalld # ...

  6. linux中用iptables开启指定端口

    linux中用iptables开启指定端口   centos默认开启的端口只有22端口,专供于SSH服务,其他端口都需要自行开启. 1.修改/etc/sysconfig/iptables文件,增加如下 ...

  7. windows开启3306端口并用可视化工具访问远程mysql(授权访问)

    开启 MySQL 的远程登陆帐号有两大步: 1.确定服务器上的防火墙没有阻止 3306 端口. MySQL 默认的端口是 3306 ,需要确定防火墙没有阻止 3306 端口,否则远程是无法通过 330 ...

  8. CentOs7 使用iptables开启关闭端口

    介绍 iptables命令是Linux上常用的防火墙软件,是netfilter项目的一部分 iptables文件设置路径:命令:vim /etc/sysconfig/iptables-config 注 ...

  9. ubuntu开启mysql远程连接,并开启3306端口

    mysql -u root -p 修改mysql库的user表,将host项,从localhost改为%.%这里表示的是允许任意host访问,如果只允许某一个ip访问,则可改为相应的ip mysql& ...

随机推荐

  1. POJ2387 Til the Cows Come Home(SPFA + dijkstra + BallemFord 模板)

    Til the Cows Come Home Time Limit: 1000MS   Memory Limit: 65536K Total Submissions: 37662   Accepted ...

  2. 深入理解 Javascript 面向对象编程

    一:理解构造函数原型(prototype)机制 prototype是javascript实现与管理继承的一种机制,也是面向对象的设计思想.构造函数的原型存储着引用对象的一个指针,该指针指向与一个原型对 ...

  3. 初学JDBC,防SQL注入简单示例

    在JDBC简单封装的基础上实现 public class UserDao{ public static void testGetUser(String userName) throws Excepti ...

  4. Glut 回调函数小结

    2014-04-08  16:25:50   void glutDisplayFunc(void (*func)(void)); 注册当前窗口的显示回调函数 参数: func:形为void func( ...

  5. JS自动格式化输入的数字/千位分隔符VIEW:858

    <script> function cc(s){ if(/[^0-9\.]/.test(s)) return "invalid value"; ss=s.replace ...

  6. Bootstrap速学教程之简要介绍

    Bootstrap是Twitter推出的一个用于前端开发的开源工具包,由Twitter的设计师Mark Otto和Jacob Thornton合作开发,是一个CSS/HTML框架,不用请UI设计师也能 ...

  7. 探讨关于C#中Foreach的本质

    一.为什么数组和集合可以使用foreach遍历 01. 因为数组和集合都实现了IEnumerable接口,该接口中只有一个方法,GetEnumerator() 02.数组类型是从抽象基类型 Array ...

  8. sql中文字符串获取拼音首字母

    SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO )) ) as begin ),) set @PY='' begin ) --如果非汉字字符,返回原字 ...

  9. [Unity3D]关于Assets资源目录结构管理

    原地址:http://www.cnblogs.com/hisiqi/p/3203515.html 分享个我们项目常用的目录结构,微调过很多次,最终到了这个版本.个人认为这种管理资源方式是不错的.欢迎探 ...

  10. 鸟哥的linux私房菜学习笔记 __ 命令与文件的搜寻

    连续输入两次[tab]按键就能够知道使用者有多少命令可以下达.那你知不知道这些命令的完整档名放在哪里?举例来说,ls 这个常用的命令放在哪里呢? 就透过 which 或 type 来找寻吧! 范例一: ...