How to open port 3306, debian 10?

I

imambek2020-06-03 09:50:01

linux

imambek, 2020-06-03 09:50:01

1. Installed MySQL server
2. Added
[mysqld]
bind-address = 0.0.0.0

3. Added a rule to iptables
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT

4. Created a user:

CREATE USER 'user0'@'%' IDENTIFIED BY '0000';
GRANT ALL PRIVILEGES ON * . * TO 'user0'@'%' ;
FLUSH PRIVILEGES;

5. Restarted the mysql service
6. When trying to connect to the database remotely, it gives "unknown error", via telnet 3306 - no response from the server.

iptables rules

spoiler

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere tcp dpt:http

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ufw-before-logging-forward all -- anywhere anywhere
ufw-before-forward all -- anywhere anywhere
ufw-after-forward all -- anywhere anywhere
ufw-after-logging-forward all -- anywhere anywhere
ufw-reject-forward all -- anywhere anywhere
ufw-track-forward all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql

Chain INPUT_direct (1 references)
target prot opt source destination

Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all -- anywhere anywhere [goto]

Chain FORWARD_direct (1 references)
target prot opt source destination

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all -- anywhere anywhere [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all -- anywhere anywhere [goto]

Chain OUTPUT_direct (1 references)
target prot opt source destination

Chain IN_public (1 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere

Chain IN_public_log (1 references)
target prot opt source destination

Chain IN_public_deny (1 references)
target prot opt source destination

Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql ctstate NEW,UNTRACKED

Chain FWDI_public (1 references)
target prot opt source destination
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere

Chain FWDI_public_log (1 references)
target prot opt source destination

Chain FWDI_public_deny (1 references)
target prot opt source destination

Chain FWDI_public_allow (1 references)
target prot opt source destination

Chain FWDO_public (1 references)
target prot opt source destination
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere

Chain FWDO_public_log (1 references)
target prot opt source destination

Chain FWDO_public_deny (1 references)
target prot opt source destination

Chain FWDO_public_allow (1 references)
target prot opt source destination

Chain ufw-before-logging-input (0 references)
target prot opt source destination

Chain ufw-before-logging-output (0 references)
target prot opt source destination

Chain ufw-before-logging-forward (1 references)
target prot opt source destination

Chain ufw-before-input (0 references)
target prot opt source destination

Chain ufw-before-output (0 references)
target prot opt source destination

Chain ufw-before-forward (1 references)
target prot opt source destination

Chain ufw-after-input (0 references)
target prot opt source destination

Chain ufw-after-output (0 references)
target prot opt source destination

Chain ufw-after-forward (1 references)
target prot opt source destination

Chain ufw-after-logging-input (0 references)
target prot opt source destination

Chain ufw-after-logging-output (0 references)
target prot opt source destination

Chain ufw-after-logging-forward (1 references)
target prot opt source destination

Chain ufw-reject-input (0 references)
target prot opt source destination

Chain ufw-reject-output (0 references)
target prot opt source destination

Chain ufw-reject-forward (1 references)
target prot opt source destination

Chain ufw-track-input (0 references)
target prot opt source destination

Chain ufw-track-output (0 references)
target prot opt source destination

Chain ufw-track-forward (1 references)
target prot opt source destination

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

V

Vladimir Kuts, 2020-06-03
@fox_12

sudo ufw allow 3306

K

Korben5E, 2020-06-03
@Korben5E

The fact that you added a rule means nothing, run iptables-save, check if your rule will be the last one, and it will be preceded by a deny rule.
Try adding a rule like this:
iptables -A INPUT 1 -p tcp --dport 3306 -j ACCEPT