note: CentOS 中 MySQL Client 連不上 server

2012123114:20

( CENTOS 6.6)
遠端主機連不上 MySQL Server 的情形

[user@box666 ~]$ mysql test -h192.168.1.199 -uuser -ppassword
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.1.199' (113)

八成跟 iptables 有關

修改一下
/etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 3306 -j ACCEPT  
(加入上面這行)
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

[root@box666 ~]# /etc/rc.d/init.d/iptables restart  重新啟動 iptables
  或
[root@box666 ~]# service iptables restart

iptables:正在清除防火牆規則:                             [  確定  ]
iptables:正在設定 chains 為 ACCEPT 政策:filter           [  確定  ]
iptables:正在卸載模組:                                   [  確定  ]
iptables:正在套用防火牆規則:                             [  確定  ]
[root@box666 ~]#




 另外
my.cnf 中若有打開 skip-networking 也要將之取消掉
使用 skip-networking 是讓 mysqld 只限本機存取
拒絕 TCP/IP port 來存取