22:20:43 up 2:39, 1 user, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/1 192.168.1.7 21:35 3.00s 0.07s 0.01s w
--创建客户端用户
root@localhost 22:23:15[(none)]> create user 'zlm'@'192.168.1.7' identified by 'zlm';
Query OK, 0 rows affected (0.00 sec)
--用新创建的用户通过SQLyog客户端连接服务器
提示无法连接,"Can't connect to MySQL server"
--创建服务器上的本地账户
root@localhost 22:34:26[(none)]> create user 'zlm'@'192.168.1.11' identified by 'zlm';
Query OK, 0 rows affected (0.00 sec)
root@localhost 22:34:29[(none)]> exit
Bye
--测试是否可以连接
[root@mysql ~]# mysql --protocol=tcp -P 3306 -h192.168.1.11 -uzlm -pzlm
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 19
Server version: 5.5.39-log MySQL Community Server (GPL)
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
zlm@192.168.1.11 22:44:52[(none)]> exit
Bye
[root@mysql ~]# netstat -nalp | grep "3306"
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 3645/mysqld
tcp 0 0 192.168.1.11:3306 192.168.1.7:59783 ESTABLISHED 3645/mysqld
tcp 0 0 192.168.1.11:3306 192.168.1.7:59779 ESTABLISHED 3645/mysqld
[root@mysql ~]# netstat -nalp|grep "3306"|awk '{print $5}'|awk -F: '{print $1}'|sort |uniq -c|sort -nr
2 192.168.1.7
1 0.0.0.0
[root@mysql ~]#
本地用户可以用3306端口连接,说明网络没有问题,3306端口也开启着,其实问题还是出在iptables
刚才用chkconfig iptables off来关闭各终端的iptables需要重启后才生效,此时并未重启过
[root@mysql ~]# chkconfig iptables --list
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@mysql ~]# chkconfig iptables off
[root@mysql ~]# chkconfig iptables --list
iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off
--不重启直接关闭iptables服务
[root@mysql ~]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
[root@mysql ~]# /etc/init.d/iptables status
iptables: Firewall is not running.
--关闭iptables后,再次连接成功
如果不想关iptables也可以,把-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT添加到/etc/sysconfig/iptables即可
--在iptables中添加允许规则(注意不是添加在最后)
[root@mysql ~]# vim /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT --表示允许3306端口通过防火墙
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
--改完后重启iptables
[root@mysql ~]# /etc/init.d/iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
这次再通过SQLyog客户端连接MySQL服务器,依然成功连接!可见,之前无法连接的问题就是因为3306被防火墙给阻挡了。