FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 12-22-2009, 01:34 PM
ML
 
Default Frustrations with MySQL loss, tcpdump, netstat, etc

Hi All,

Hi All,

MySQL 5.0.77 on CentOS 5.4

MySQL is running, my Wordpress stuff is working, but I cannot connect to the server from my house. This server is in my house, however, but on a public IP, behind a firewall, etc.

I checked my hardware firewall (a dedicated UnTangle system) and that is successfully allowing the passage. I know this because the firewall shows:

2009-12-22 6:29:41 am passed <my IP>:35606 <server IP>:3306

I checked the firewall (system-config-securitylevel-tui) on the server and that has 3306:tcp allowed.

When I try to connect I get an error (4) which when I google says: "Interrupted System call"
I have tried using the MySQL Workbench and other client software.

If I look in /var/log/mysqld.log I dont see anything but the fact the server started.

I tried stopping mysql with /etc/init.d/mysqld stop

Then starting with mysqld_safe --init-file=/tmp/code.txt &

Where code.txt contains:

UPDATE mysql.user SET Password=PASSWORD('mypassword') WHERE User='root';
GRANT ALL ON mysql.* to 'root'@'127.0.0.1';
GRANT ALL ON mysql.* TO 'root'@'localhost';
GRANT ALL ON mysql.* TO 'root'@'my home IP';
FLUSH PRIVILEGES;
commit;

and I still cannot connect. But the database starts and this code executes because If I go to the console and run /usr/bin/mysql -u root -p and use this password from the update statement that password gets me in.

So, on my server I run tcpdump host <my ip> and I dont think I see anything where 3306 is coming through.

if I run a test MySQL connection from the MySQL Workbench and they run netstat on my server
and I dont see a entry where 3306 is used in what netstat is dumping.

What am I doing wrong? What can I check for? I am stumped!

-Jason

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-22-2009, 02:00 PM
John Kienitz
 
Default Frustrations with MySQL loss, tcpdump, netstat, etc

UPDATE mysql.user SET Password=PASSWORD('mypassword') WHERE User='root';
GRANT ALL ON mysql.* to 'root'@'127.0.0.1';
GRANT ALL ON mysql.* TO 'root'@'localhost';
GRANT ALL ON mysql.* TO 'root'@'my home IP';
FLUSH PRIVILEGES;
commit;

and I still cannot connect. But the database starts and this code executes because If I go to the console and run /usr/bin/mysql -u root -p and use this password from the update statement that password gets me in.

So, on my server I run tcpdump host <my ip> and I dont think I see anything where 3306 is coming through.

if I run a test MySQL connection from the MySQL Workbench and they run netstat on my server
and I dont see a entry where 3306 is used in what netstat is dumping.

What am I doing wrong? What can I check for? I am stumped!

-Jason
----------------------

Try to telnet to port 3306 and see if you get thru.

Try changing the password after you have added the users with the GRANTS. If you have run your script more than once that has probably been done. Commit should probably be before the flush also.

John





_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-22-2009, 03:03 PM
Kwan Lowe
 
Default Frustrations with MySQL loss, tcpdump, netstat, etc

On Tue, Dec 22, 2009 at 9:34 AM, ML <mailinglists@mailnewsrss.com> wrote:
[snip]
>
> I checked my hardware firewall (a dedicated UnTangle system) and that is successfully allowing the passage. I know this because the firewall shows:
>
> 2009-12-22 6:29:41 am passed <my IP>:35606 <server IP>:3306
>
> I checked the firewall (system-config-securitylevel-tui) on the server and that has 3306:tcp allowed.

Can you post the outputs of:
netstat -tlnw

itpables -L

grep bind-address /etc/my.cnf
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-22-2009, 03:03 PM
Les Mikesell
 
Default Frustrations with MySQL loss, tcpdump, netstat, etc

ML wrote:
>
> MySQL 5.0.77 on CentOS 5.4
>
> MySQL is running, my Wordpress stuff is working, but I cannot connect to the server from my house. This server is in my house, however, but on a public IP, behind a firewall, etc.
>
> I checked my hardware firewall (a dedicated UnTangle system) and that is successfully allowing the passage. I know this because the firewall shows:
>
> 2009-12-22 6:29:41 am passed <my IP>:35606 <server IP>:3306
>
[...]
>
> So, on my server I run tcpdump host <my ip> and I dont think I see anything where 3306 is coming through.
>
> if I run a test MySQL connection from the MySQL Workbench and they run netstat on my server
> and I dont see a entry where 3306 is used in what netstat is dumping.
>
> What am I doing wrong? What can I check for? I am stumped!

Where does the client connection originate? Is it behind the same
firewall but on a NATed address? Or is NAT involved in some other way
that might keep you from seeing the source you expect in your tcpdump?

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-22-2009, 03:32 PM
ML
 
Default Frustrations with MySQL loss, tcpdump, netstat, etc

Hi Les,

>> MySQL is running, my Wordpress stuff is working, but I cannot connect to the server from my house. This server is in my house, however, but on a public IP, behind a firewall, etc.
>>
>> I checked my hardware firewall (a dedicated UnTangle system) and that is successfully allowing the passage. I know this because the firewall shows:
>>
>> 2009-12-22 6:29:41 am passed <my IP>:35606 <server IP>:3306
>>
> [...]

>> What am I doing wrong? What can I check for? I am stumped!
>
> Where does the client connection originate? Is it behind the same
> firewall but on a NATed address? Or is NAT involved in some other way
> that might keep you from seeing the source you expect in your tcpdump?

OK, I have a comcast modem as pass through.

I have a firewall and behind it is the mysql server (public IP)

I have an Apple Time Capsule that is NOT behind the firewall, but does have a public IP on the same network as the firewall and MySQL Server. The Time Capsule nats and give clients behind it a private IP.

-Jason
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-22-2009, 03:35 PM
ML
 
Default Frustrations with MySQL loss, tcpdump, netstat, etc

>> I checked the firewall (system-config-securitylevel-tui) on the server and that has 3306:tcp allowed.
Sure:

> netstat -tlnw

[root@indie ~]# netstat -tnlw
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 173.13.167.209:389 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:10663 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3310 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 173.13.167.209:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:921 0.0.0.0:* LISTEN
tcp 0 0 :::7072 :::* LISTEN
tcp 0 0 :::7777 :::* LISTEN
tcp 0 0 :::993 :::* LISTEN
tcp 0 0 :::995 :::* LISTEN
tcp 0 0 :::7780 :::* LISTEN
tcp 0 0 :::5222 :::* LISTEN
tcp 0 0 :::5223 :::* LISTEN
tcp 0 0 :::7335 :::* LISTEN
tcp 0 0 :::110 :::* LISTEN
tcp 0 0 :::143 :::* LISTEN
tcp 0 0 :::8080 :::* LISTEN
tcp 0 0 :::7025 :::* LISTEN
tcp 0 0 :::5269 :::* LISTEN
tcp 0 0 :::2966 :::* LISTEN
tcp 0 0 :::443 :::* LISTEN
tcp 0 0 :::10015 :::* LISTEN
tcp 0 0 :::7071 :::* LISTEN
[root@indie ~]#

>
> itpables -L

[root@indie ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ntp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:idp-infotrieve
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:webcache
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:7071
ACCEPT tcp -- anywhere anywhere state NEW tcp dptop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere state NEW tcp dptop3s
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap4-ssl
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
[root@indie ~]#

>
> grep bind-address /etc/my.cnf

[root@indie ~]# grep bind-address /etc/my.cnf
[root@indie ~]#

nothing here

-J

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-22-2009, 03:49 PM
ML
 
Default Frustrations with MySQL loss, tcpdump, netstat, etc

Rick,

> have you tried to telnet to port 3306 of the machine where the mysql
> server is located, from your home machine? if so, what do you get?
> If you're successful you'll get a connect bit that includes a string
> that will show your mysql server version number. if you don't have
> mysql access you'll likely see a mysqld reject of some nature. if
> there's a network issue you'll just get a hang or you could get an
> unreachable error.

Yup, it works:

$ telnet 173.13.167.209 3306
Trying 173.13.167.209...
Connected to mail.mailnewsrss.com.
Escape character is '^]'.

4
5.0.77aWqQ!OMq,slG]|xft5L[fConnection closed by foreign host.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-22-2009, 04:00 PM
Les Mikesell
 
Default Frustrations with MySQL loss, tcpdump, netstat, etc

ML wrote:
> Hi Les,
>
>>> MySQL is running, my Wordpress stuff is working, but I cannot connect to the server from my house. This server is in my house, however, but on a public IP, behind a firewall, etc.
>>>
>>> I checked my hardware firewall (a dedicated UnTangle system) and that is successfully allowing the passage. I know this because the firewall shows:
>>>
>>> 2009-12-22 6:29:41 am passed <my IP>:35606 <server IP>:3306
>>>
>> [...]
>
>>> What am I doing wrong? What can I check for? I am stumped!
>> Where does the client connection originate? Is it behind the same
>> firewall but on a NATed address? Or is NAT involved in some other way
>> that might keep you from seeing the source you expect in your tcpdump?
>
> OK, I have a comcast modem as pass through.
>
> I have a firewall and behind it is the mysql server (public IP)
>
> I have an Apple Time Capsule that is NOT behind the firewall, but does have a public IP on the same network as the firewall and MySQL Server. The Time Capsule nats and give clients behind it a private IP.

I still don't understand the exact relationship - or which address you
are expecting in the tcpdump. From this description I'd guess you would
see the time capsule's public IP as the source for your connections. Is
that what you were expecting, but not seeing, in your tcpdump? Are
there other connections to mysql through this interface or can you just
look for anything on port 3306? And is the firewall running as an
unnumbered bridge? I'd make sure packets are going back and forth before
looking further. Also, comcast modems can overlay a private range on
the same subnet as the assigned public set. It would be possible for
your time capsule to use a dhcp-assigned private address on it's public
facing side which would be NATted by the comcast modem.

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-22-2009, 04:05 PM
Les Mikesell
 
Default Frustrations with MySQL loss, tcpdump, netstat, etc

ML wrote:
> Rick,
>
>> have you tried to telnet to port 3306 of the machine where the mysql
>> server is located, from your home machine? if so, what do you get?
>> If you're successful you'll get a connect bit that includes a string
>> that will show your mysql server version number. if you don't have
>> mysql access you'll likely see a mysqld reject of some nature. if
>> there's a network issue you'll just get a hang or you could get an
>> unreachable error.
>
> Yup, it works:
>
> $ telnet 173.13.167.209 3306
> Trying 173.13.167.209...
> Connected to mail.mailnewsrss.com.
> Escape character is '^]'.
>
> 4
> 5.0.77aWqQ!OMq,slG]|xft5L[fConnection closed by foreign host.

Does the source address that the server sees (check with netstat or
tcpdump) match what you've permitted in mysql?

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-22-2009, 04:31 PM
Kai Schaetzl
 
Default Frustrations with MySQL loss, tcpdump, netstat, etc

MySQL is *not* listening on TCP 3306 since *long* unless you tell it to in
the my.cf. It uses a local Unix socket by default.

Kai

--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 07:25 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org