Linode Forum
https://forum.linode.com/

Having trouble adding localhost to iptables
https://forum.linode.com/viewtopic.php?f=19&t=10210
Page 1 of 1

Author:  ferodynamics [ Wed Jul 03, 2013 9:35 pm ]
Post subject:  Having trouble adding localhost to iptables

Here are my rules:

Code:
[root@blah ~]# iptables -L INPUT --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  localhost            anywhere            tcp dpt:mysql
2    ACCEPT     tcp  --  blah.members.linode.com  anywhere            tcp dpt:mysql
3    ACCEPT     tcp  --  blah.net  anywhere            tcp dpt:mysql
4    DROP       tcp  --  anywhere             anywhere            tcp dpt:mysql
[root@blah ~]#


I can access mysql from home (blah.net) and from my other Linode (blah.members...) with "mysql -u username -ppassword -hx.x.x.x"

But localhost doesn't work...

Code:
[root@blah ~]# mysql -u username -ppassword
ERROR 1045 (28000): Access denied for user 'username'@'localhost' (using password: YES)
[root@blah ~]#

Author:  jcurry [ Wed Jul 03, 2013 9:57 pm ]
Post subject:  Re: Having trouble adding localhost to iptables

This is not a result of the connection being blocked by iptables, but rather an authentication failure from MySQL.

In order to log in as user@localhost, you need to add a row and the appropriate privileges to the mysql.user table as user@localhost, or modify your existing account to user@% (% meaning all hosts) instead of user@<explicit host>.

The MySQL manual has more information on how connections are verified: http://dev.mysql.com/doc/refman/5.7/en/ ... ccess.html

Author:  ferodynamics [ Wed Jul 03, 2013 10:01 pm ]
Post subject:  Re: Having trouble adding localhost to iptables

jcurry wrote:
This is not a result of the connection being blocked by iptables, but rather an authentication failure from MySQL.

In order to log in as user@localhost, you need to add a row and the appropriate privileges to the mysql.user table as user@localhost, or modify your existing account to user@% (% meaning all hosts) instead of user@<explicit host>.

The MySQL manual has more information on how connections are verified: http://dev.mysql.com/doc/refman/5.7/en/ ... ccess.html


Awesome @jcurry that's exactly what I wanted to "rule" out.

Author:  Wader [ Wed Jul 03, 2013 10:04 pm ]
Post subject:  Re: Having trouble adding localhost to iptables

Just to add on to jcurry's post, with some builds of mysql, user@% will allow a connection from all external hosts, but will still refuse localhost. You need to explicitly add a row for localhost too.

Page 1 of 1 All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/