The title says it all.
There is an odd request from the security team to make all necessary connections through port 443. This is not that difficult as most of the apps do this by default. NO OTHER PORTS MAY BE OPENED.
We have a new requirement to give devs access to a small database in our cloud. The database normally listens to port 50000 which they will not open to give the reporting team access.
The short-term solution is to onboard the team to a VPN so that they can get access on their desktops, long-term.... could I force fit DB2 to connect through port 443? I haven't been able to try it. I know its an odd requirement but at this point, I am curious if anyone has and the result.
That should be doable. The port (or its name) is set in the SVCENAME configuration option. If SSL is used, the option is SSL_SVCENAME.
A quick test would be to change the configuration, restart Db2 and open up a connection to that port (telnet or Db2 client).
Note 1: HTTPS is usually on port 443, but if there is no web server it is ok.
Note 2: Root privileges are needed to set up and use such privileged ports.
I can't tune ODBC connection in ODBC Data Source Administrator using IP or host name of server. Only with localhost using.
Although I can successfully ping the server via IP or host name.
Firewall is tuned-of.
OpenEdge 10.2B is installed at Win Server 2003
The error I got:
[DataDirect][ODBC Progress OpenEdge Wire Protocol driver]Connection refused. Verify host name and port number ErrNum=10038
I am sssuming you clicked "Test Connect"? Is your database really named TEMP? That seems unlikely.
"Administrator" is also an unusual name for a user of the db. "sysprogress" is more typical (although you should certainly setup a non-default userid.)
So far you have shown roughly half of the configuration required to make this work. Your DSN setup isn't obviously wrong but if it does not match a running database that is listening on port 3333 at that IP address then you will get this error.
The next useful thing that you could do to clarify the problem is to show the database configuration and demonstrate that you have a properly configured broker running and listening for connections on port 3333.
check list:
1、you must start your openEdge database
$DLC/bin/_mprosrv {database-full-path} -L 8000 -c 350 -B 1000 -N TCP -S {Port} -n 100
2、check Firewalls rule
3、use userID : SYSPROGRESS password :SYSPROGRESS to test odbc connect
I am getting error:
"Lost connection to MySQL server at 'reading initial communication packet, system error: 0"
while I am going to connect my db.
If I am using localhost everything is working fine.
But when I am using my live IP address like below, it's getting error:
mysql_connect("202.131.xxx.106:xxxx", "xxxx", "xxxxx") or die(mysql_error());
Someone here suggests that it might be a firewall problem:
I have just had this problem and found it was my firewall. I use PCTools Firewall Plus and it wasn't allowing full access to MySQL. Once I changed that it was fine.
Could that be it?
Also, someone here suggests that it might be because the MySQL server is bound to the loop-back IP (127.0.0.1 / localhost) which effectively cuts you off from connecting from "outside".
If this is the case, you need to upload the script to the webserver (which is probably also running the MySQL server) and keep your server host as 'localhost'
Open mysql configuration file named my.cnf and try to find "bind-address", here replace the setting (127.0.0.1 OR localhost) with your live server ip (the ip you are using in mysql_connect function)
This will solve the problem definitely.
Allow remote connect to MySQL.
Edit file:
>sudo nano /etc/mysql/my.cnf
Comment line:
#bind-address = 127.0.0.1
Restart MySQL:
>sudo service mysql restart
Create user for remote connection.
>mysql -uroot -p
CREATE USER 'developer'#'localhost' IDENTIFIED BY 'dev_password';
CREATE USER 'developer'#'%' IDENTIFIED BY 'dev_password';
GRANT ALL ON *.* TO 'developer'#'localhost';
GRANT ALL ON *.* TO 'developer'#'%';
In my case I need to connect remotely from Windows to VirtualBox machine with Ubuntu. So I need to allow port 3306 in iptables:
>iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
Had this problem when setting up a new slave server. Found it was the slave server IP address was missing from the master server /etc/hosts.allow file. Added the IP address and it let me connect to the master server.
Note that I use hosts.allow and hosts.deny to control access.
I had this problem and it ended up being the prior sys admin changed the port MySQL was running on. MySQL Workbench was trying to connect to the default 3306 but the server was running on 20300.
The error means that it didn't receive a response from the port it expected to find the server on. The causes range from contacting the wrong machine (For one of a number of reasons) to the server not being on the expected port.
Check which port your server is bound to in /etc/mysql/my.cnf. Does that correspond to what is in your connect statement. If they match then try connecting with mysql from the server itself and from the command line of the machine where you are running the client. If it works form one place and not another then you may have a firewall / router configuration issue.
One more reason...
I ran into an Ubuntu server where everything was customized and could not connect because of that same error.
This setting was inside /etc/ssh/sshd_config
PermitTunnel no
After turning into
PermitTunnel yes
I was able to connect remotely to my MySQL DB
The problem on my case was MySQL being bind only to the lo on linux.
in order to solve the problem i have edited the my.cnf (found at /etc/mysql/my.cnf) removing the line bind-address=127.0.0.1
this allows mysql to bind to any network interface
I just set up mysql on a windows box. I got the OP's error when trying to connect with the Navicat MySql client on the same box. I had to specify 127.0.0.1 as the host, and that got it.
localhost, or the servers actual ip address both did not work.
This error occurred to me while trying to connect to the Google Cloud SQL using MySQL Workbench 6.3.
After a little research I found that my IP address has been changed by the internet provider and he was not allowed in the Cloud SQL.
I authorized it and went back to work.
I faced the same problem. I checked and tried to set AllowTcpForwarding Yes but it was missing in my sshd_config so no help.I didn't change sshd_config or my.cnf. Make sure the ssh hostname is NOT the same with the mysql hostname(use localhost).
In workbench, choose + to add new connection and set the following:
connection method: standard TCP/IP over SSH
SSH Hostname: 192.168.0.50:22 (replace remote SSH server IP and port(optional))
SSH Username: sshuser
You can set password or add at the prompt
MYSQL Hostname: localhost or 127.0.0.1
MYSQL Server port:3306
You can set password or add at the prompt
Test connection. It should be successful then hit OK.Viola!
I ran into this exact same error when connecting from MySQL workbench. Here's how I fixed it. My /etc/my.cnf configuration file had the bind-address value set to the server's IP address. This had to be done to setup replication. Anyway, I solved it by doing two things:
create a user that can be used to connect from the bind address in the my.cnf file
e.g.
CREATE USER 'username'#'bind-address' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON schemaname.* TO 'username'#'bind-address';
FLUSH PRIVILEGES;
change the MySQL hostname value in the connection details in MySQL workbench to match the bind-address
The problem for me was that DNS queries were blocked by the FW within the subnet. The solution was to disable DNS lookups within MySQL.
The problem was quite stupid for me.
I used to get the same issue on AWS EC2 Ubuntu machine (MariaDB is installed locally for the time being), so I tried to make SSH tunneling, and had the same issue. So I tried to ssh tunnel over terminal:
ssh -L13306:127.0.0.1:3306 root#ip.address -i my/private/key.pem
And it told me this:
Please login as the user "ubuntu" rather than the user "root".
I changed ssh user from root to ubuntu, just like my ssh config, and it connected just fine.
So check your SSH connecting user.
I oversaw this, so this too half an hour of my time, so I hope this will be useful for you.
For me the config file was found "/etc/mysql/mysql.conf.d/mysqld.cnf" commenting out bind address did the trick.
As we can see here:
Instead of skip-networking the default is now to listen only on
localhost which is more compatible and is not less secure.
I am trying to connect my db docker container on Ubuntu 18.04, same problem.
First check your device by run nmcli dev to check if device docker0 is connected.
If it is not connected, try to restart docker service:
sudo service docker restart
I tried make a telnet over remote server on port 3306.
The error message is clear
Host 'x.x.x.x' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'Connection closed by foreign host.
As root at server mysqladmin flush-hosts worked at all!
I had the same error when using localhost. I restarted the MySQL service and it worked fine.
in my case, I had ALL: ALL in hosts.deny. Changing this to ALL: PARANOID solved my problem when connecting over ssh
Ran into this same issue, Bind Address back and forth to no avail. Solution for me was flushing privileges.
mysql> FLUSH PRIVILEGES;
Firewalld blocks the IP address. so to give access, use these commands:
firewall-cmd --permanent --zone=trusted --add-source=YOUR_IP/32
firewall-cmd --permanent --zone=trusted --add-port=3306/tcp
firewall-cmd --reload
For me setting bind-address = 0.0.0.0 in mysql/my.cnf worked. It basically listens to all addresses (but still one port) then.
And don't forget restart your server: systemctl restart mysql
I just had the same problem, but in my case I solved it with
service mysqld start
In my case it was the university wifi blocking port 3306. I was able to connect by using a mobile hotspot.
Change to a mobile hotspot or another network, and if it works there, then you know that original network is blocking port 3306. If you get the same error on more than 1 network, then you know it's specific to your machine.
I had port 3306 in Docker container but in Dockerfile it was 33060. I edited the port in Docker container to 33060
Must have been added to the Dockerfile
ENV MYSQL_ROOT_HOST 172.17.0.1
I have done below 3 steps then working for me.
bind-address = "YOUR MACHINE IP" in my.cnf file at /etc/my.cnf
Restart service by command : service mysql restart
GRANT ALL PRIVILEGES ON yourDB.* TO 'username'#'YOUR_APPLICATION_IP' IDENTIFIED BY 'YOUR_PASSWORD' WITH GRANT OPTION;
I had the same issue installing MySQL docker image then trying to connect from WSL2 MySQL client.
As it was stated in the accepted answer that it should be a firewall issue, in my case this error was caused due to not allowing docker for windows to communicate to private network.
I changed the settings on "Firewall & network protection", "allow an app through firewall", "change settings" (need administrator rights) and allowed "Docker desktop backend" to connect to private network.
I had the same error on my Mac with a local MySQL installation. The problem was that the number files that MySQL was opening was too high for MacOS.
To see if you have the same problem you can run this command and look for File Descriptor errors:
tail -200 /usr/local/var/mysql/$(whoami).err | grep "Warning"
I added this line to my.cnf file and the problem was fixed:
table_open_cache = 200
Had the same problem, what worked for me was:
Go to Windows Firewall where you allow applications.
mysql probably won't be in the list, so you need to add it, its path is typically C:/Program Files (x86)/MySQL/bin/mysql
Mark both private and public networks, apply.
When connecting to Mysql remotely, I got the error.
I had this warning in /var/log/mysqld.log:
[Warning] IP address 'X.X.X.X' could not be resolved: Temporary failure in name resolution
I just added this line to /etc/hosts file:
X.X.X.X some_name
Problem solved! Not using skip-name-resolve caused some errors in my local app when connecting to MySQL.
I want to setup monit on a server which is going to be a centralized server to monitor processes running on remote servers. I checked many docs related to setup monit but could not find how to setup for remote server processes. For example a centralized monit server should monitor nginx running on A server, mongod running on B server and so on. Any suggestion how to do this?
In the documentation, Monit can be able to test the connection remotely, using tcp or udp, what you can do is to provide a small status file that gets refreshed for each technology you are intending to monitor, and let Monit hit that status file through http, etc. and can be used as follows:
check host nginxserver with address www.nginxserver.com
if failed port 80 protocol http
and request "/some_file"
then alert
Since you are testing a web server that can be easily accomplished with the above. as a note , below is the part about Monit connection testing:
CONNECTION TESTING Monit is able to perform connection testing via
networked ports or via Unix sockets. A connection test may only be
used within a check process or within a check host service entry in
the Monit control file.
If a service listens on one or more sockets, Monit can connect to the
port (using either tcp or udp) and verify that the service will accept
a connection and that it is possible to write and read from the
socket. If a connection is not accepted or if there is a problem with
socket i/o, Monit will assume that something is wrong and execute a
specified action. If Monit is compiled with openssl, then ssl based
network services can also be tested.
The full syntax for the statement used for connection testing is as
follows (keywords are in capital and optional statements in
[brackets]),
IF FAILED [host] port [type] [protocol|{send/expect}+] [timeout]
[retry] [[] CYCLES] THEN action [ELSE IF SUCCEEDED [[]
CYCLES] THEN action]
or for Unix sockets,
IF FAILED [unixsocket] [type] [protocol|{send/expect}+] [timeout]
[retry] [[] CYCLES] THEN action [ELSE IF SUCCEEDED [[]
CYCLES] THEN action]
host:HOST hostname. Optionally specify the host to connect to. If the
host is not given then localhost is assumed if this test is used
inside a process entry. If this test was used inside a remote host
entry then the entry's remote host is assumed. Although host is
intended for testing name based virtual host in a HTTP server running
on local or remote host, it does allow the connection statement to be
used to test a server running on another machine. This may be useful;
For instance if you use Apache httpd as a front-end and an
application-server as the back-end running on another machine, this
statement may be used to test that the back-end server is running and
if not raise an alert.
port:PORT number. The port number to connect to
unixsocket:UNIXSOCKET PATH. Specifies the path to a Unix socket.
Servers based on Unix sockets always run on the local machine and do
not use a port.
I've been trying to set up a server using Google Compute Engine but find myself being stuck.
I've installed everything that needs to be installed, I can start the server, no problem. Only thing is, i'm unable to connect to the server.
I've opened the required ports in a firewall rule (udp:16261; tcp:16262-16270) for all source IP as normal, but when I try to connect, i get this message on the server's console :
User jet is trying to connect.
Connected new client jet ID # 0 and assigned DL port 16262
testing TCP download port 16262
And it waits and waits, nothin happens. I'm pretty sure it's because no connection has been requested from the outsite of the network on that specific port (16262) that the outgoing traffic can't be sent, but I was wondering if anyone else has tried to make it work.
Thanks for your help guys !
According to the documentation; in the "Forwarding Required Ports" Section:
Project Zomboid dedicated servers require the following open ports to successfully connect to clients:
8766 UDP
16261 UDP
If the client's public ip address is known, you can perform a basic troubleshooting whitin Google Compute Engine using Cloud Logging. A basic query returning all the logs containing that ip address as source or destination would be:
jsonPayload.connection.src_ip="public-ip-address" OR jsonPayload.connection.dest_ip="public-ip-address"
Firewall Rules Logging has to be "on" for every rule involved in the connection. Follow these steps for Enabling firewall rules logging.
For troubleshooting purposes an "allow all" Firewall rule can be created and logging enabled on it, that would allow you to see exactly what ports are involved.
Note: If the traffic hitting the firewall rule(s) is too much, it can lead to unanticipated storage costs. Please enable the firewall rules logging just for troubleshooting purposes, don't forget to disable it after you're done.