ERROR 2002 (HY000): Can't connect to MySQL server on 'myserverIP' (115)

mmohamed2

New member
Joined
Feb 1, 2020
Messages
27
i was trying to access remotly to mysql mariaDB

this is my my.cnf file
Code:
    #
    # This group is read both both by the client and the server
    # use it for options that affect everything
    #
    [client-server]
    
    #
    # include all files from the config directory
    #
    !includedir /etc/my.cnf.d
    
    [mysqld]
    #skip-networking
    #bind-address = <some ip-address>
something missing in client-server section maybe ?

i restarted mysqld with this command

systemctl restart mysqld



there's only one user (the one i used to connect from the other server) and % for thar user's host

i use this command in the other server

mysql -h 5.xxxx -P3306 -u myUsernameInTheOtherServer -pMYPASS -D myDatabaseNameThatHaveThatUser

i got: ERROR 2002 (HY000): Can't connect to MySQL server on '5.x' (115)

the weird thing is

i used this command for the first time

service iptables stop

and suddenly, it connected succeffuly with the same command i used



after i exit using ctrl+c, and tried to login again but i got the same error

when i try to connect on the server that have the mysql, using the user i created for the remote connection
i got

ERROR 1045 (28000): Access denied for user
'userIusedForRemoteConn'@'localhost' (using password: YES)

so, if i can't login using that user on the main server, i can't login remotly using it, right ?

here's that user(in red) that i used, can it be the problem from root ?

i'm using da_admin, to create that user and all other commands




Hope someone can help!
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
Hello,

Set:

Code:
bind-address = 0.0.0.0
and restart mysql server.

Open TCP incoming 3306 in a firewall.
 

mmohamed2

New member
Joined
Feb 1, 2020
Messages
27
That is netstat and has nothing to do with your firewall. ;)

Check if the port is opened in your firewall.
i did
sudo lsof -i -P -n | grep LISTE
and i got from a list
mysqld 13751 mysql 14u IPv4 1331139414 0t0 TCP *:3306 (LISTEN)

also
i did
sudo lsof -i:3306
and i got
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
mysqld 13751 mysql 14u IPv4 1331139414 0t0 TCP *:mysql (LISTEN)
 

mmohamed2

New member
Joined
Feb 1, 2020
Messages
27
for outgoing i did
iptables -A OUTPUT -o eth0 -p tcp --dport 3306-m state --state NEW,ESTABLISHED -j ACCEPT
for incoming i did
iptables -A INPUT -i eth0 -p tcp --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT

Is that correct ?
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
I don't know your setup. The commands look correct, but I won't guarantee they will work for your setup.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,448
Location
Maastricht
i did
sudo lsof -i -P -n | grep LISTE
Nope, that is only checking if a port is listening, not if the port is opened or not in the firewall.

I don't know if the iptables command is correctly, I make life easy and use CSF/LFD as firewall for Iptables.
You might try.

Try this from external system:
telnet your.server.ip.addres 3306
if you get a connection then the port is open, if you get a refused, then the port is still closed.
 

mmohamed2

New member
Joined
Feb 1, 2020
Messages
27
Nope, that is only checking if a port is listening, not if the port is opened or not in the firewall.

I don't know if the iptables command is correctly, I make life easy and use CSF/LFD as firewall for Iptables.
You might try.

Try this from external system:
telnet your.server.ip.addres 3306
if you get a connection then the port is open, if you get a refused, then the port is still closed.
i did yum install telnet
then
telnet 5.200.16.220 3306
i got
Trying 5.200.16.220...
Connected to 5.200.16.220.
Escape character is '^]'.
R
5.5.41-MariaDB▒RS-&r2=▒qHSKZdgW_Y},mysql_native_passwordConnection closed by foreign host.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
Code:
# telnet 5.200.16.220 3306
Trying 5.200.16.220...
telnet: connect to address 5.200.16.220: Connection refused

The port is closed. You need to open it. If you don't know how to do it your self, you'd better get someone who will do it for you. There is too much risk that you lock yourself out of the server if you try to modify iptables rules without having enough expirience.


To make the things easier you could install CSF/LFD. Search the help pages and forums for detailed instructions.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,448
Location
Maastricht
And i presume 5.200.16.220 is your server ip? I said "try from external system".

If I do try to connect it says:
[root@server: /etc/csf]# telnet 5.200.16.220 3306
Trying 5.200.16.220...
telnet: connect to address 5.200.16.220: Connection refused
so port is not open.

Edit: Posted at the same time with Zeiter. I would suggest to take Zeiter's advise.
 

mmohamed2

New member
Joined
Feb 1, 2020
Messages
27
@Richard G @zEitEr looks like the port is open
1582040205286.png

and someone respond: You did connect. You got no error message from telnet, and you got a response from MariaDB, as you can see for yourself. Ergo the port is open. Your problem lies elsewhere

maybe something in !includedir /etc/my.cnf.d in my.cnf file ?
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
Still the same:

Code:
$ telnet 5.200.16.220 3306
Trying 5.200.16.220...
telnet: connect to address 5.200.16.220: Connection refused
and

2020-02-18 23.24.40 www.yougetsignal.com 565ce6f20115.png

We post here results of tests from our sides. So that's up to you whether or not you take them into a consideration.
 

Xynchr

New member
Joined
Apr 27, 2020
Messages
2
@zEitEr Sadly, I got similiar issue. Outgoing from host to Remote MYSQL will be available for the host a brief moment(around 5 minutes)
when I stop iptables. and then just stop with Connection Refused Error.
It's not problem with MYSQL Server because It's still can be access anywhere else but host.
and when I stop iptables It's start working again before iptables kick back in.
**when iptables kick back in. I got its own configuration not the one that I save and apply

Maybe iptables block anything not included in its rules
these are the rules I tried so far but none working
-A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 3306 -j ACCEPT
-A OUTPUT -p tcp -d localhost --sport 3306 ! --syn -j ACCEPT
-A OUTPUT -o eth0 -p tcp --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT

If it can be solve with iptables rules would be nice or perhaps disable iptables permanently ?
Anyway to solve this issue ?
 

Xynchr

New member
Joined
Apr 27, 2020
Messages
2
Oh i see there is csf that control iptables and prevent any changes
there is csf configuration inside directadmin already.
Just put a new port in and it's works!

Solved :D
 
Top