服务监听在127.0.0.1和0.0.0.0上,到底有什么区别呢?给个实际的例子,大家看看
今天发现在nb1380的mysql从nb1381连不上?
1、使用grant加权限,失败
<span style="color:#333333"><span style="color:#333333"><span style="color:black"><code class="language-bash">mysql<span style="color:#9a6e3a">></span> <span style="color:#0077aa">select</span> user,host,password from mysql.user<span style="color:#999999">;</span>
11 rows <span style="color:#0077aa">in</span> <span style="color:#0077aa">set</span> <span style="color:#999999">(</span>0.00 sec<span style="color:#999999">)</span>
mysql<span style="color:#9a6e3a">></span> grant all privileges on *.* to <span style="color:#669900">'root'</span>@<span style="color:#669900">'nb1381'</span> identified by <span style="color:#669900">' '</span> with grant option<span style="color:#999999">;</span></code></span></span></span>
2、telnet失败,考虑可能是iptables限制,加规则,无效
<span style="color:#333333"><span style="color:#333333"><span style="color:black"><code class="language-bash">root@nb1380:/var/log/mysql<span style="color:slategray"># iptables -I INPUT -p tcp --dport 3306 -j ACCEPT</span></code></span></span></span>
3、猜测可能是监听在127.0.0.1上,而不是0.0.0.0上,查看my.cnf,果然是这个原因
<span style="color:#333333"><span style="color:#333333"><span style="color:black"><code class="language-bash">root@nb1380:/var/log/mysql<span style="color:slategray"># vim /etc/mysql/my.cnf </span>
bind-address <span style="color:#9a6e3a">=</span> 127.0.0.1 改为:
bind-address <span style="color:#9a6e3a">=</span> 0.0.0.0</code></span></span></span>
重启mysql,果然telnet通了
<span style="color:#333333"><span style="color:#333333"><span style="color:black"><code class="language-bash">root@nb1381:~<span style="color:slategray"># telnet nb1380 3306</span>
Trying 192.168.64.43<span style="color:#999999">..</span>.
Connected to nb1380.
Escape character is <span style="color:#669900">'^]'</span><span style="color:#0077aa">.</span></code></span></span></span>
mysql也能连接了
<span style="color:#333333"><span style="color:#333333"><span style="color:black"><code class="language-bash">root@nb1381:~<span style="color:slategray"># mysql -uroot -p -hnb1380</span>
Enter password:
Welcome to the MySQL monitor. Commands end with <span style="color:#999999">;</span> or \g.
Your MySQL connection <span style="color:#dd4a68">id</span> is 40
Server version: 5.6.33-0ubuntu0.14.04.1 <span style="color:#999999">(</span>Ubuntu<span style="color:#999999">)</span>
Copyright <span style="color:#999999">(</span>c<span style="color:#999999">)</span> 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type <span style="color:#669900">'help;'</span> or <span style="color:#669900">'\h'</span> <span style="color:#0077aa">for</span> help. Type <span style="color:#669900">'\c'</span> to <span style="color:#dd4a68">clear</span> the current input statement.
mysql<span style="color:#9a6e3a">></span></code></span></span></span>
总结:
3306端口监听在127.0.0.1,只有本机客户端可以访问,其他服务器无法访问
3306端口如果监听在0.0.0.0上,如果没有端口限制,那么其他服务器则可以连接该服务器的该端口
或者:
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
default-character-set=utf8
user=mysql
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
skip-name-resolve #改成这样也可以
#bind-address = 127.0.0.1
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid