Editing
Software setup for db-class
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Set up MySQL for remote access === MySQL supports TCP/IP for remote connectivity. I set up MySQL server to accept TCP connections (unsecure) on my local area network (trusted network) & SSH for remote connections. ==== Update firewall ==== By default iptables will not be allowing TCP port 3306 (default port for mysql server). Confirm if 3306 is in iptables <pre># # cat /etc/sysconfig/iptables | grep 3306 #</pre> Add rule to allow TCP connections from particular local area network [you insert your IP address & subnet for your setup] <pre># iptables -A INPUT -p tcp -s 192.168.1.0/24 -m state --state NEW -m tcp --dport 3306 -j ACCEPT</pre> If you want to allow TCP connections from any network you can use this command <pre># iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT</pre> '''NOTE: Use one of the rules above not both.''' Save the iptables rules to make them persistent [RHEL/CentOS/Fedora Core support this command] <pre># /etc/init.d/iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables: [ OK ]</pre> Confirm new rule was added to configuration file <pre># cat /etc/sysconfig/iptables | grep 3306 -A INPUT -s 192.168.1.0/24 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT</pre> Restart iptables <pre># service iptables restartiptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ]</pre> ===== Trouble shooting firewall ===== You may need to move your rule above another rule that rejects your MySQL traffic. Use text editor to move your new rule above other rule in /etc/sysconfig/iptables To quickly trouble shoot firewall issue simply disable firewall & test MySQL connection. If MySQL connectivity works then double check your firewall rules. Disable IPtables: <code># service iptables stop</code> Enable IPtables: <code># service iptables start</code> '''Enable iptables when you're done testing connection!!!''' ==== Update SSH server ==== SSH server must be configured to support TCP forwarding. Check that AllowTcpForwarding is enabled in ssh daemon configuration <pre>[root@robot ~]# cat /etc/ssh/sshd_config | grep -i tcpforwarding AllowTcpForwarding yes</pre> If AllowTcpForwarding is set to '''no''' use text editor to change & save setting then restart sshd <pre># vi /etc/ssh/sshd_config # service sshd restart Stopping sshd: [ OK ] Starting sshd: [ OK ]</pre> ==== Update SELinux ==== Unable to connect MySQL client over tunnel using SSH when firewall & SSH server configured? Check SELinux! The ssh client might produce some error with SSH_OPEN_ADMINISTRATIVELY_PROHIBITED message in it. You may also see an error message in /var/log/secure on the SSH server that looks like this: <pre>error: connect to 192.168.1.2 port 3306 failed: Permission denied</pre> Verify enforcement level of SELinux <pre>$ getenforce Enforcing</pre> Enforcing means SELinux is configured & enforcing SELinux policies Verify SELinux sshd forward port connections setting <pre># semanage boolean -l | grep sshd sshd_forward_ports -> off allow sshd to forward port connections</pre> Set SELinux sshd to allow forward port connections persistently <pre># setsebool -P sshd_forward_ports on</pre> Verify SELinux sshd forward port connections setting <pre># semanage boolean -l | grep sshd sshd_forward_ports -> on allow sshd to forward port connections</pre> ==== Test MySQL connectivity tunneling through SSH ==== On my Window clients I use a handy utility called [http://www.bitvise.com/tunnelier Bitvise Tunnelier]. Complete Login & C2S Forwarding tab in Bitvise. * Login tab ** Host = hostname or IP address of your SSH server ** Port = 22 ** Username = user name on SSH server ** Password = user name password on SSH server * C2S Forwarding tab (select Add) ** Status = enabled ** Listen Interface = 127.0.0.1 ** List. Port = 3307 ** Destination Host = hostname or IP address of MySQL server (mine was private IP address as I connect to public IP from Login tab then forward to private IP) On Linux clients use terminal. <pre>$ ssh -v -f -N -L 3307:192.168.1.2:3306 username@hostname_of_mysql_server</pre> Launch your MySQL client. Your MySQL client should connect to localhost or 127.0.0.1 over port 3307 (or any port you used in ssh command above). Your local machine will accept port 3307 traffic and forward that to MySQL server over secure encrypted SSH tunnel. SSH server will perform TCP forwarding of your 3307 port to 3306 on MySQL server. <center>[[My db-class.org notes|To My db-class.org notes]]</center>
Summary:
Please note that all contributions to GotOpinion may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
GotOpinion:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
Edit source
View history
More
Search
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Tools
What links here
Related changes
Special pages
Page information