Able to Ping Remote Server, Yet Unable to Connect

StackOverflow https://stackoverflow.com/questions/9490900

Question

I'm able to ping the remote server I am attempting to connect to successfully. However, when running the MySQL command:

mysql -u monty -h website.com -p

I receive the following error:

ERROR 2003 (HY000): Can't connect to MySQL server on 'website.com' (111)

I've followed the instructions found here that show how to create a user with necessary privileges: 

mysql> CREATE USER 'monty'@'localhost' IDENTIFIED BY 'some_pass';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'monty'@'localhost'
->     WITH GRANT OPTION;
mysql> CREATE USER 'monty'@'%' IDENTIFIED BY 'some_pass';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'monty'@'%'
->     WITH GRANT OPTION;

I've also commented out the following line in /etc/mysql/my.cnf

# bind-address      = 127.0.0.1

Even so, I'm still unable to connect remotely. Is there something I'm missing here? Thanks again all.

Was it helpful?

Solution

Error 111 is Connection refused:

$ perror 111
111: Connection refused

There's a few common ways this happens:

  • The server system, the client system, or a router in the middle is configured to administratively REJECT these packets. TCP packets are handled differently than ICMP packets, so being able to ping does not necessarily imply the ability to route any random TCP stream. Ask admins on the systems to check ufw or iptables for firewalling data.
  • The server system is running a mandatory access control tool such as AppArmor, SELinux, TOMOYO, or SMACK that is configured to forbid packets. These systems vary in how errors are reported, but check /var/log/audit/audit.log and dmesg(1) output for reject, denied, AVC, etc.
  • You may have removed only one bind-address configuration. Try adding an explicit bind-address=0.0.0.0 (Google cache link; I cannot contact dev.mysql.com for some reason) to the configuration file to force binding to all addresses. Check netstat -anp | grep -i mysql to see which ports, if any, it is listening to.

OTHER TIPS

It is not a permission problem. If it were a permission problem, you would get a different error.

It is a connection problem.

Ensure that the line skip-networking line is commented out or removed from your config file.

Ensure that the port line is configured to the proper port (default is 3306).

If you're still unable to connect, then it's most likely a firewall/ISP issue.

Pinging is not really a good test because it only tests if the ICMP server is up. Using telnet to connect to the specific port would be a better test:

> telnet website.com 3306

There are many places that you can put a my.cnf file, so search for the file to ensure another file isn't in effect.

This combined with sarnold's answer should get you on the right track.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top