Which IPs should I whitelist for a MySQL remote connection?

StackOverflow https://stackoverflow.com/questions/22721061

문제

I am trying to remotely connect to SQL from another website. I did a whois lookup to get the IP address of the domain that's trying to connect and whitelisted it in cPanel. I also did a echo $_SERVER['SERVER_ADDR']; and got a different IP address for some reason, so I whitelisted that as well. I also tried whitelisting by the domain name but MySQL is still refusing the connection.

If I allow access from all (%) it will work, but obviously I'm not gonna do that.. How can I find out for sure, which IP address needs to be whitelisted in order for SQL to allow the connection?

도움이 되었습니까?

해결책 2

You need to white-list the main IP of the server (on where the domain is hosted). The outgoing connection from the server goes via primary IP address of the server. If it's a Linux machine you can use the command hostname -i to find out the primary IP address. Also you can check which IP is establishing connection to the MySQL using the command tcpdump -n dst 1.1.1.1 and port 3306 Change the port number & IP address according to the MySQL server.

다른 팁

Analysis for problem it more easy but it needs some work.

Access to console mysql for verify if Cpanel interface put correct credentials on mysql. After all WHM / Cpanel is simply a control panel that makes administration work for us, and therefore is susceptible to bugs

mysql > SELECT user, host FROM mysql.user WHERE user LIKE %user%;
+--------------------+----------------+
| user               | host           |
+--------------------+----------------+
| special_user       | %              |
| horde              | 127.0.0.1      |
| zabbix             | 127.0.0.1      |
| mysqlbackup        | 163.XXX.XXX.31 |
| root               | 176.XX.XXX.39  |
...

If user it's on mysql privilege tables, verify if my.cnf it's configured for access remotly

if exists must be 0.0.0.0

cat /etc/my.cnf |grep bind-address
bind-address=0.0.0.0

Also skip-networking can't be on /etc/my.cnf

Check firewall for accesss to 3306 port

iptables -L -n |grep 3306
...
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:3306

It is also good to help, to indicate the error that showed the application as this determines the layer where the fault occurred.

Example

ERROR 1130 (HY000): Host ‘1.2.3.4’ is not allowed to connect to this MySQL server

And logs of mysql

cat /var/lib/mysql/[hostname].err 2016-04-06 0:26:19 140080907868928 [Warning] IP address '23.251.55.75' could not be resolved: Name or service not known

All paths examples are for WHM/Cpanel server.

[text] substitution for real name

In my case, I figured out that there was an incorrect password entry in the mysql.user table.

What I had done was added an incorrect password for a correct host. I was able to identify the incorrect password by looking at the password field - the only password that was different belonged to this host I wanted to connect from.

SELECT * FROM mysql.user WHERE user LIKE '%username%' \G;

I deleted the entry and assigned the privileges again and the issue was fixed.

It was dev environment where I did the changes at MySQL level.

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top