You need to white-list the main IP of the server (on where the domain is hosted). The outgoing connection from the server goes via primary IP address of the server. If it's a Linux machine you can use the command hostname -i
to find out the primary IP address. Also you can check which IP is establishing connection to the MySQL using the command tcpdump -n dst 1.1.1.1 and port 3306
Change the port number & IP address according to the MySQL server.
Which IPs should I whitelist for a MySQL remote connection?
-
23-06-2023 - |
Pergunta
I am trying to remotely connect to SQL from another website. I did a whois lookup to get the IP address of the domain that's trying to connect and whitelisted it in cPanel. I also did a echo $_SERVER['SERVER_ADDR'];
and got a different IP address for some reason, so I whitelisted that as well. I also tried whitelisting by the domain name but MySQL is still refusing the connection.
If I allow access from all (%) it will work, but obviously I'm not gonna do that.. How can I find out for sure, which IP address needs to be whitelisted in order for SQL to allow the connection?
Solução 2
Outras dicas
Analysis for problem it more easy but it needs some work.
Access to console mysql for verify if Cpanel interface put correct credentials on mysql. After all WHM / Cpanel is simply a control panel that makes administration work for us, and therefore is susceptible to bugs
mysql > SELECT user, host FROM mysql.user WHERE user LIKE %user%;
+--------------------+----------------+
| user | host |
+--------------------+----------------+
| special_user | % |
| horde | 127.0.0.1 |
| zabbix | 127.0.0.1 |
| mysqlbackup | 163.XXX.XXX.31 |
| root | 176.XX.XXX.39 |
...
If user it's on mysql privilege tables, verify if my.cnf it's configured for access remotly
if exists must be 0.0.0.0
cat /etc/my.cnf |grep bind-address
bind-address=0.0.0.0
Also skip-networking
can't be on /etc/my.cnf
Check firewall for accesss to 3306 port
iptables -L -n |grep 3306
...
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306
It is also good to help, to indicate the error that showed the application as this determines the layer where the fault occurred.
Example
ERROR 1130 (HY000): Host ‘1.2.3.4’ is not allowed to connect to this MySQL server
And logs of mysql
cat /var/lib/mysql/[hostname].err 2016-04-06 0:26:19 140080907868928 [Warning] IP address '23.251.55.75' could not be resolved: Name or service not known
All paths examples are for WHM/Cpanel server.
[text] substitution for real name
In my case, I figured out that there was an incorrect password
entry in the mysql.user
table.
What I had done was added an incorrect password for a correct host. I was able to identify the incorrect password by looking at the password
field - the only password that was different belonged to this host I wanted to connect from.
SELECT * FROM mysql.user WHERE user LIKE '%username%' \G;
I deleted the entry and assigned the privileges again and the issue was fixed.
It was dev environment where I did the changes at MySQL level.