Can you do something along the lines of: iptables -I INPUT -p tcp --dport 3306 -m comment --comment "Allow_remote" -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
you can also as source ip to make it more harden.. Alvaro On Tue, Sep 30, 2014 at 4:32 AM, Joe Elizondo <[email protected]> wrote: > Thank you. Your post led me to the solution. It turned out there WAS an > iptables rule that was blocking the mysql port but it was in the input > chain not the forward chain. This command unblocked the port. And I added > the lines below it to my Anisble playbook. > > iptables -I INPUT -p tcp --dport 3306 -j ACCEPT -m comment --comment > "Allow_remote" > > > - name: MySQL | get iptables rules > shell: iptables -L > register: iptablesrules > always_run: yes > changed_when: false # Never report as changed > sudo: true > > - name: MySQL | add mysql iptable rule > command: /sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT -m > comment --comment "Allow_remote" > sudo: true > when: iptablesrules.stdout.find("Allow_remote") == -1 > > - name: save iptables > command: iptables-save > sudo: true > > - name: restart iptables > service: name=ufw state=restarted > sudo: true > > On Friday, September 26, 2014 3:39:17 PM UTC-5, Alvaro Miranda Aguilera > wrote: >> >> does the mysql machine have a private ip ? >> >> if you can telnet from one vm to port 3306 then is no networking firewall >> and must be something on mysql configuration >> >> if you get timeout or conection rejected, could be firewall >> refused, could be also mysql setup >> >> On Sat, Sep 27, 2014 at 4:06 AM, Joe Elizondo <[email protected]> >> wrote: >> >>> Posting a little late to this thread but I'm having the exact same issue >>> in my multi machine vagrant setup. One of the machines has mysql running >>> and the other vm cannot connect to it. Though it can communicate with the >>> machine because I can curl certain endpoints from one VM to the other and >>> get the expected response. >>> >>> I've tried: >>> 1) Setting bind-address to 0.0.0.0 >>> 2) Creating the mysql user with '%' as host >>> 3) Creating the mysql user with the other VMs ip as host (just incase) >>> 4) Running iptables -A FORWARD -p tcp -m tcp --dport 3306 -j ACCEPT >>> >>> Like the OP I can login just fine when I'm on the VM with the mysql >>> database, but I cannot make a connection to the DB from the other VM. Can >>> anyone provide more advice or another possible solution? I do have apparmor >>> running on the DB machine but I don't know enough about it to know how to >>> check if it could be blocking port 3306. >>> >>> -Joe >>> >>> On Monday, February 25, 2013 11:55:09 AM UTC-6, Andrew Havens wrote: >>>> >>>> On Sunday, February 24, 2013 4:21:20 PM UTC-8, Terrance Shepherd wrote: >>>> >>>>> I believe that mysql by default on most installs will only listen on >>>>> the ip address 127.0.0.1 which mean nothing but the data vm can access the >>>>> server? Can you confirm that mysql is listening at least on 192.168.33.2 >>>>> so >>>>> that the web box will be able to access it. This setting is usually found >>>>> in my.cnf. >>>>> >>>> >>>> Thank you Terrance. That was exactly the problem. The mysql cookbook >>>> provides a way to specify the bind address. So I set it to the IP that I >>>> specified in the Vagrantfile. >>>> >>>> chef.json = { >>>> :mysql => { :bind_address => '192.168.33.20' } >>>> } >>>> >>>> The other problem was that the user that I created to connect to it did >>>> not have privileges to connect from the other VM. >>>> >>>> GRANT ALL PRIVILEGES ON my_database.* TO 'my_user'@'localhost' >>>> IDENTIFIED BY 'mypassword'; >>>> >>>> I had to change that to the IP of the web vm: >>>> >>>> GRANT ALL PRIVILEGES ON my_database.* TO 'my_user'@'192.168.33.10' >>>> IDENTIFIED BY 'mypassword'; >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Vagrant" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "Vagrant" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Vagrant" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
