I have a MySQL instance running on a Debian server and I can connect to it locally with no problems. However, I am unable to connect to it remotely. When I try this from my command line I get the following error:
ERROR 2003 (HY000): Can't connect to MySQL server on '<server-ip>' (110)
I've added the user to mysql as 'user'@'*' and 'user'@'localhost'. skip-networking in this server is set to false and the bind-address is commented out in my.cnf. I've also attempted to open port 3306 in iptables using the following command:
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT
Here is a listing of all my iptable firewall rules, which I retreived using iptables -L:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable
ACCEPT icmp -- anywhere anywhere icmp type 8 code 0 state NEW,RELATED,ESTABLISHED,UNTRACKED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ftp state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ssh state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:www state NEW
ACCEPT tcp -- <my-server> anywhere tcp spts:1024:65535 dpt:mysql state NEW
ACCEPT tcp -- anywhere anywhere tcp dpts:49152:65534 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix `iptables denied: '
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
LOG tcp -- anywhere anywhere tcp dpt:mysql LOG level debug
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Does anyone have any idea where I should go from here?
Based on your response, you need to find if there is a device between you and the server that blocks your connection. You should also ensure that you can telnet to 3306 on that server's ethernet address when logged into the server... if not, you probably have not got the service bound to the ethernet in my.cnf
... see the bind-address
parameter.