cannot remote access to Mariadb

Simon Leung
Simon Leung used Ask the Experts™
on
Enable mariadb on Centos8. It seems that I can't access to port 3306.
Already enable the firewall : firewall-cmd --permanent --add-port=3306/tcp
Beside, 3306 port is show as listen on Centos
[root@centos8 etc]# netstat -anp | grep 3306
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Tip: Be sure you've wrapped all MariaDB port access using a TLS cert, else you'll be hacked... if any of your packets leak through any public IPs.

Easy way to determine this is working.

1) Disable your firewall (flush all rules).

2) Test connecting to 127.0.0.1:3306

3) Test connecting to IP:3306

4) Then enable your firewall (activate all rules).

5) Then retest #2 + #3 again.

6) Next you'll have to check your routing.

7) Then go through the equivalent of #2 + #3 on every piece of gear between your database instance IP + your application code IP.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Aside: There's rarely any good reason to access a database instance over an IP.

This creates massive problems

1) Packet flow must by TLS wrapped to maintain security.

2) Since #1 is required, if you're running a CMS, for example WordPress, which does a connect/disconnect for every SQL statement, visitors will see this as slowness on their end.

3) Speed/Stability of database access becomes set by the speed/quality of packet flow over all networks involved, rather than using a local domain socket, so this creates slow visitor experience + every time a network has a slight problem (normally all day, every day)... TCP will recover from the problem + the connection will normally remain stable. Problem is, this can cause increased slowness, just like #2.

4) You're only prayer for this to work well, will be to run dedicated servers on fast networks where physical machines/containers (for your database instance + application code instance) are very close to each other.

Be sure you understand all the considerations of working with IP based database instances, before you invest much time into fixing all this.

Suggestion: After you close this question, open a new question describing your specific database/code + asking for design suggestions.

Likely you'll have some great suggestions, as there are some very smart people posting to EE.
Distinguished Expert 2017
Commented:
You are not specifying the zone public, relying ........
Add --zone=public to the command you ran.

On the remore try
Telnet mariadbserver 3306
Does the connection gets established?

Do you get a message when you attempt to remotely connect?
Did you add a new user authorized to connect from the remote system, or using % to connect from anywhere.

Double check IPs in use, to confirm they are on the same segment, if not there is a path from one to the other.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial