Mysql

are you using iptables?
if so, you may need to create a rule to allow connectivity

iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
service iptables save

Select allOpen in new window

then try connecting again
system error 110 is connection timeout

Seth dealt with the connection issue.

After you ran the grant command, make sure you run flush privileges?

If your 192.168.0.11 is not a static IP (either configured as static or reserved within DHCP), when the IP changes, that system will no longer be able to access the 192.168.0.6 system's mysql instance.


To allow auction from anywhere use '%' for the host.

I am not using iptables.  The two machines are set with static ips.  I was rather excited when you mentioned the flush privileges command as I remembered it from the past when you mentioned it arnold.  I did it and still have the same problem.

hi,

you can try from this command

mysql -u root -p
mysql>GRANT ALL ON databasename.* TO databaseuser@'192.168.0.11'      IDENTIFIED BY 'databaseuserpassword;

mysql>FLUSH PRIVILEGES;

can you from system on 192.168.0.11 connect to 192.168.0.6 port 3306?

on the mysql system, run netstat -an | find ":3306"

do you have a line item response?
if not, check /etc/my.cnf to see whether your instance of mysql is configured with a different TCP port on which it listens. Or you may have bound mysqld to the local interface (127.0.0.1) i.e. local connections only.

ps -ef | grep mysqld
once you see the PID, where ppid is not 1.
run lsof -p <PID from mysqld above>  | grep -i tcp
This will tell you the resources including the port on which mysqld is listening if at all.

if it is listening on a different port, you would need to account for this on your 192.168.0.11 setup or make an adjustment on the mysql server side.

i assume you mean grep instead of find on the netstat command :)

rajeev2353  I have done exactly what you suggest earlier and no results but thanks.  arnold, I will do what you suggest. and report back.

arnold, At the mysql prompt I enter

netstat -an | grep ":3306";

and the results were

tcp         0         0 0.0.0.0:3306         0.0.0.0:*         LISTEN

How are you trying to connect?  What language or connection string are you using?  

Why do you say you are not using 'iptables'?  A static IP has nothing to do with that.  Every distribution I know of installs 'iptables' automatically.  What distribution are you using?

arnold, here is my results;

linux-66l0:/home/auction # ps -ef | grep mysqld
root      5505     1  0 08:12 ?        00:00:00 /bin/sh /usr/bin/mysqld_safe --mysqld=mysqld --user=mysql --pid-file=/var/lib/mysql/mysqld.pid --socket=/var/lib/mysql/mysql.sock --datadir=/var/lib/mysql
mysql     5543  5505  0 08:12 ?        00:00:22 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/lib/mysql/mysqld.pid --skip-external-locking --port=3306 --socket=/var/lib/mysql/mysql.sock
root      7251  4144  0 19:02 pts/1    00:00:00 grep mysqld


I am now sure what ppid I should use in the lsof command.

Seth,right. Locked in on the wrong environment.

The earlier netstat -an, points out that mysqld is listening on all interfaces port 3306
lsof  -p 5543

As Seth pointed out that the error is connection related, run iptables -L INPUT --line-numbers
That may point out/confirm that youhave iptables running

The only modification I would make to Seth's iptables
iptables -I INPUT 5 -p tcp -m tcp --dport 3306 -J ACCEPT

-A appends while -I inserts the rule (in the case the rule will be on the 5th line of the INPUT chain.
An alternative is to stop iptables.

Everyone, It is just after midnight and I am going to have to turn in.  I will pick back up early in the AM.  Thanks you all very much and I will report my results later in the AM.

WELL IT IS SAT AM AND I FINALLY AM ABLE TO GET BACK AT IT.  arnold, I AM ASSUMING YOU ARE SUGGESTING I RUN A COUPLE OF COMMANDS SO THE RESULTS ARE BELOW:

linux-66l0:/home/auction # lsof  -p 5543
lsof: WARNING: can't stat() fuse.gvfs-fuse-daemon file system /home/auction/.gvfs
      Output information may be incomplete.

linux-66l0:/home/auction # iptables -I INPUT 5 -p tcp -m tcp --dport 3306 -JACCEPT
iptables v1.4.2-rc1: Unknown arg `-J'
Try `iptables -h' or 'iptables --help' for more information.

I RAN SETHS COMMAND AND IT RETURNED A PROMPT.

linux-66l0:/home/auction # iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
linux-66l0:/home/auction #

linux-66l0:/home/auction # service iptables save
service: no such service iptables

NOW WHEN I RUN MY PROGRAM THE ERROR MESSAGE IS:

MySQL error: Access denied for user 'auction'@'192.168.0.6' (using password:YES)

AND A DIALOG BOX COMES UP AND SAYS:

Could not initilize the database interface,
check that the mysql server is running
if the mysql server is running but is on a
seperate computer, check the physical connection

I CAN EXECUTE mysql ON BOTH MACHINES.  HOPE THIS HELP SHED A LITTLE LIGHT ON THE MATTER AND I DID THINGS RIGHT.  THANKS!!

SORRY I MISSED ONE AND IT IS BELOW:

linux-66l0:/home/auction # iptables -L INPUT --line-numbers
Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:mysql
2    ACCEPT     all  --  anywhere             anywhere
3    ACCEPT     all  --  anywhere             anywhere            state ESTABLISHED
4    ACCEPT     icmp --  anywhere             anywhere            state RELATED
5    input_ext  all  --  anywhere             anywhere
6    input_ext  all  --  anywhere             anywhere
7    LOG        all  --  anywhere             anywhere            limit: avg3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
8    DROP       all  --  anywhere             anywhere
9    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:mysql
10   ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:mysql
11   ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:mysql
12   ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:mysql
13   ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:mysql
linux-66l0:/home/auction #

First, because of delays between your question/subsequent post and responses, things change such that running suggested commands should be done following the same process of the post.
In the case of lsof, you need to run ps -ef |grep mysql.
Using your posted data and my suggestion you need to look at the equivalent line you receive with the set of responses you posted.  then using the suggestion I had in that case was 5543 you need to select the equivalent data point from the current information.

In case of iptables, you need to first look at what you have, the error you received from running the command in my example deals with the -j ACCEPT being as -JACCEPT.


The error you get seems to be that you are running the test from the server on which mysql is running while you added the user with the hostname as 192.168.0.11.

username@192.168.0.11 is not the same as username@192.168.0.6
You were trying to make sure the username/password you were trying from the 192.168.0.11 is correct.

Please post the output of iptables -t nat -L --line-numbers, iptables -t filter -L --line-numbers

Are the two systems on the same network/within the same location?

Note, you had an explicit drop in the INPUT tables (line number 8)
The suggestion Seth provided while valid, was adding the entry below the drop which means the drop directive was seen first and the packet was dropped.

Run the following command 5 times which will remove the lines below the drop entry.
iptables -R INPUT 9

Before making changes to iptables, always check the current settings first.
iptables -L INPUT --line-numbers

Only commit the iptables rules after you confirm that what you wanted to achieve is functional and is not affecting something else.  The use of iptables command is to dynamically update the firewall rules, such that if anything goes wrong,I.e. the wrong rule/wrong interpretation of the rule caused a problem a reboot of the system will revert the rules.(mainly deals with remote/lockout) I.e. a change broke your ssh session......

Your second rule defeats the firewall settings by allowing. Everything, you might be better of disabling iptables altogether. There is no benefit to have each packet to be checked given you have currently no intention of filtering.

In you last post you suggest I not use iptables.  If that is the case and I disable iptables what would I have?  All I want to do is give auction@192.168.0.11 access to a mysql database at 192.168.0.6.  I don't need anything fancy.

I have to run down to my office to do that.  I'll give it a go.  Thank you very much for all your help.  I will report back.  Again Thanks!

It was the firewall on the 0.6 machine.  I turned it off and all is well.  Thanks for your patients.

You should turn it back on and allow incoming and outgoing network traffic on port 3306.

Sargent,
Seth should have gotten the points.  His suggestion to deal with iptables was/is the solution to the issue you were facing.
I think you should reconsider the award of points.