Able to Ping Remote Server, Yet Unable to Connect
-
14-11-2019 - |
Question
I'm able to ping the remote server I am attempting to connect to successfully. However, when running the MySQL command:
mysql -u monty -h website.com -p
I receive the following error:
ERROR 2003 (HY000): Can't connect to MySQL server on 'website.com' (111)
I've followed the instructions found here that show how to create a user with necessary privileges:
mysql> CREATE USER 'monty'@'localhost' IDENTIFIED BY 'some_pass';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'monty'@'localhost'
-> WITH GRANT OPTION;
mysql> CREATE USER 'monty'@'%' IDENTIFIED BY 'some_pass';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'monty'@'%'
-> WITH GRANT OPTION;
I've also commented out the following line in /etc/mysql/my.cnf
# bind-address = 127.0.0.1
Even so, I'm still unable to connect remotely. Is there something I'm missing here? Thanks again all.
Solution
Error 111
is Connection refused
:
$ perror 111
111: Connection refused
There's a few common ways this happens:
- The server system, the client system, or a router in the middle is configured to administratively
REJECT
these packets. TCP packets are handled differently than ICMP packets, so being able toping
does not necessarily imply the ability to route any random TCP stream. Ask admins on the systems to checkufw
oriptables
for firewalling data. - The server system is running a mandatory access control tool such as AppArmor, SELinux, TOMOYO, or SMACK that is configured to forbid packets. These systems vary in how errors are reported, but check
/var/log/audit/audit.log
anddmesg(1)
output forreject
,denied
,AVC
, etc. - You may have removed only one
bind-address
configuration. Try adding an explicitbind-address=0.0.0.0
(Google cache link; I cannot contactdev.mysql.com
for some reason) to the configuration file to force binding to all addresses. Checknetstat -anp | grep -i mysql
to see which ports, if any, it is listening to.
OTHER TIPS
It is not a permission problem. If it were a permission problem, you would get a different error.
It is a connection problem.
Ensure that the line skip-networking
line is commented out or removed from your config file.
Ensure that the port
line is configured to the proper port (default is 3306).
If you're still unable to connect, then it's most likely a firewall/ISP issue.
Pinging is not really a good test because it only tests if the ICMP server is up. Using telnet to connect to the specific port would be a better test:
> telnet website.com 3306
There are many places that you can put a my.cnf
file, so search for the file to ensure another file isn't in effect.
This combined with sarnold's answer should get you on the right track.