![]() Don’t worry, any security breach is covered through Firewall and MySQL user’s privileges. Given the statments above, if we bind our MySQL directly to one of our network interfaces such as 192.160.0.10, it is going to start refusing connections from localhost! Then our best shot is to use the wildcard “*” or just disable this parameter to use its default value in order to accept connections from both localhost and all the network interfaces. If the address is a “regular” IPv4 or IPv6 address (such as 127.0.0.1 or ::1), the server accepts TCP/IP connections only for that IPv4 or IPv6 address. If the address is an IPv4-mapped address, the server accepts TCP/IP connections for that address, in either IPv4 or IPv6 format. If the address is ::, the server accepts TCP/IP connections on all server host IPv4 and IPv6 interfaces. If the address is 0.0.0.0, the server accepts TCP/IP connections on all server host IPv4 interfaces. Use this address to permit both IPv4 and IPv6 connections on all server interfaces. If the address is *, the server accepts TCP/IP connections on all server host IPv6 and IPv4 interfaces if the server host supports IPv6, or accepts TCP/IP connections on all IPv4 addresses otherwise. We needed to bind MySQL to both localhost and a network interface, but according to the official documentation, MySQL can be bound to just one address at once in order to accept connections, this address’ value being one of the following: The Explanation About binding MySQL to external interfaces Grant the privileges you need to this user on the desired schemas and tables, or just grant all (strongly not recommended for production environments, select just the needed privileges instead): GRANT ALL PRIVILEGES ON *.* TO would be all. Optionally, create an user to give remote access to, or just skip this step and use an existing one: CREATE USER IDENTIFIED BY 'barpassword' Then reload the firewall configuration firewall-cmd -reloadĪs stated above, if it didn’t work because of command not found errors, open the port with the command below, replacing and with your system setup: iptables -I INPUT -i -p tcp -destination-port -j ACCEPTĮxample: iptables -I INPUT -i eth0 -p tcp -destination-port 3306 -j ACCEPT 3 – Grant remote access to a MySQL user Run the command below for any zone shown on the screen, replacing and with your system’s current setup: firewall-cmd -zone= -add-port=/tcp -permanentĮxample: firewall-cmd -zone=public -add-port=3306/tcp -permanent ![]() Which could print a single public zone or a few, like public and dmz. The first thing here is to find your active zone(s), this can be done by the following command: firewall-cmd -get-active-zones If your operational system is CentOS 7 or superior, you might be able to control your firewall rules through firewall-cmd commands, but if it fails with a command not found error, move straight to the iptables command. MySQLs default port is 3306, but if you are running your MySQL installation on a different port, replace 3306 at the next steps with your current port. Save and close the file, then restart MySQL: service mysqld restart 2 – Open MySQL firewall port
0 Comments
Leave a Reply. |