If your Mysql database is installed on a centos7 system, and your operating system has a firewall enabled. The application wants to access the mysql database, you have 2 solutions.
Option 1: Stop the firewall service
Option 2: Add a policy in the firewall to allow applications to access the mysql service port normally
Stop the Centos7 firewall to
check the running status of the firewall
[root@mysql ~]# firewall-cmd --state
running
Stop the firewall service
[root@mysql ~]# systemctl stop firewalld.serviceProhibit firewall startup
[root@mysql ~]# systemctl disable firewalld.service
Start the Centos7 firewall to
view the running status of the firewall
[root@mysql ~]# firewall-cmd --state
not runningStart the firewall service
[root@mysql ~]# systemctl start firewalld.service
Configure the firewall to start up
[root@mysql ~]# systemctl enable firewalld.service
Access Mysql service test
Connect to Mysql service
[mysql@mysql ~]$ mysql -utony -ptony -h 192.168.112.131 -P 3306
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.112.131' (113)
主从复制连接测试[root@localhost] 15:23:46 [(none)]>show slave status\G;
*************************** 1. row ***************************
Slave_IO_State: Connecting to master
Master_Host: 192.168.112.131
Master_User: repl
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: binlog.000034
Read_Master_Log_Pos: 194
Relay_Log_File: mysql-relay-bin.000007
Relay_Log_Pos: 401
Relay_Master_Log_File: binlog.000034
Slave_IO_Running: Connecting
Slave_SQL_Running: Yes
.....
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno: 2003
Last_IO_Error: error connecting to master '[email protected]:3306' - retry-time: 60 retries: 1
Last_SQL_Errno: 0
The IO thread of the master and slave has been disconnected and a 2003 error is reported. Here, it is confirmed that the network is blocked and the service of the master library cannot be accessed.
Add Mysql service access policy to the
firewall to view the firewall policy
[root@mysql ~]# iptables -L -n --line-number|grep 3306
Because there is no access policy for port 3306 in the firewall, external applications cannot be served by mysql.
[mysql@mysql ~]$ mysql -utony -ptony -h 192.168.112.131 -P 3306
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.112.131' (113)
Add 3306 port access policy
[root@mysql ~]# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
[root@mysql ~]# iptables -L -n --line-number|grep 3306
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306
You can see that an access strategy for port 3306 has been added, and external applications can access port 3306 through the TCP protocol.
Delete firewall policy
[root@mysql ~]# iptables -D INPUT 1
[root@mysql ~]# iptables -L -n --line-number|grep 3306