Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED]: Connection from Windows to Gentoo
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
ONEEYEMAN
Advocate
Advocate


Joined: 01 Mar 2005
Posts: 2570

PostPosted: Sun Jun 18, 2017 4:02 am    Post subject: [SOLVED]: Connection from Windows to Gentoo Reply with quote

Hi, ALL,
I'm trying to connect from my Windows 8 machine to the mySQL server which is running on my Gentoo box.
I can successfully connect locally either from mySQL Workbench or thru my software. However trying the connection from Windows I'm getting "Connection refused"

Everything is local and connected to the router which is 192.168.1.1. On the router I enabled "Port-Forwarding" for 3306 (mySQL default port). Windows does have a FW - Comodo. But even if it is shut down - I still get the same results.

I also tried to do a basic telnet connection - that is how I got the error message.

Gentoo is just a basic installation - no security/firewall is installed. That's why it is surprising to see the rejection.

What can I check on the Gentoo side (as I believe this is the one refusing the connection) in order to achieve my goal?

I can deal with the Comodo and Windows side later.

Thank you.


Last edited by ONEEYEMAN on Mon Jun 19, 2017 2:56 am; edited 1 time in total
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 5870
Location: almost Mile High in the USA

PostPosted: Sun Jun 18, 2017 4:37 am    Post subject: Reply with quote

Just ruling out some issues here:

On the Gentoo box, can you connect to the MySQL server explicitly through the ethernet IP address instead of localhost? Perhaps MySQL isn't listening to ethernet. Check /etc/mysql/my.cnf and ensure

bind-address = 0.0.0.0

to listen to all networks.
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
ONEEYEMAN
Advocate
Advocate


Joined: 01 Mar 2005
Posts: 2570

PostPosted: Sun Jun 18, 2017 5:48 am    Post subject: Reply with quote

OK, it did show "127.0.0.1".
I did change it to be "0.0.0.0".

After restarting the server, trying the telnet gives:

Quote:

C♦Host 'fordanwork' is not allowed to connect to this MySQL server

Connection to host lost.

Press any key to continue...


Thank you.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 5870
Location: almost Mile High in the USA

PostPosted: Sun Jun 18, 2017 6:16 am    Post subject: Reply with quote

I guess your initial problem is solved, now this goes to the usual mysql security which is completely disjoint from your regular passwd file. Unfortunately I have no clue how to set up accounts on mysql, but i think something like this is needed:

(first login to mysql first as "root" (which you don't have to actually be "root" to do))
mysql> GRANT ALL PRIVILEGES ON yourdatabase.* TO 'fordanwork'@'%' ;
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1400

PostPosted: Sun Jun 18, 2017 11:55 am    Post subject: Reply with quote

Create user first.
You can get the list of already existing users by calling something along the lines:
Code:
SELECT User,Host from mysql.user;

Sql handbook will be a great help. There are some examples on using any command you may need, which will help you get started quickly.

Connection to localhost often uses unix socket rather than IP, which allows you bypass mysql's internal security and rely on socket's permissions. Anything that goes through the socket is assumed to be invoked as root.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 5870
Location: almost Mile High in the USA

PostPosted: Sun Jun 18, 2017 3:05 pm    Post subject: Reply with quote

szatox wrote:
Connection to localhost often uses unix socket rather than IP, which allows you bypass mysql's internal security and rely on socket's permissions. Anything that goes through the socket is assumed to be invoked as root.

I'm not 100% sure that's true or not. I have a MySQL database that (innocent whistle) doesn't have any protection on the MySQL "root" user.

Any regular unix user can access MySQL with full root access apparently (since I have no password assigned). I had a password on root from mysqladmin and it still prompted for it regardless of the user connecting locally via socket.

I found that the user/mysql user passwords were different and actually forgot the mysql root password once. After recovering it with --skip-grant-tables, I opted to just run without a password for any root use from the local machine... really unsafely bad I know, but I didn't want to go through that pain again.

(BTW, this MySQL server is both a "play" MySQL server, and also the database backend for... MythTV...)
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
ONEEYEMAN
Advocate
Advocate


Joined: 01 Mar 2005
Posts: 2570

PostPosted: Sun Jun 18, 2017 10:00 pm    Post subject: Reply with quote

Hi,
eccerr0r wrote:

I guess your initial problem is solved, now this goes to the usual mysql security which is completely disjoint from your regular passwd file. Unfortunately I have no clue how to set up accounts on mysql, but i think something like this is needed:

(first login to mysql first as "root" (which you don't have to actually be "root" to do))
mysql> GRANT ALL PRIVILEGES ON yourdatabase.* TO 'fordanwork'@'%' ;


Yes, the initial problem is solved.
However, I still can't connect remotely.
The command you gave above didn't work.

Any idea?
ATM I keep the Comodo off just for testing.

Thank you.
Back to top
View user's profile Send private message
ONEEYEMAN
Advocate
Advocate


Joined: 01 Mar 2005
Posts: 2570

PostPosted: Sun Jun 18, 2017 10:02 pm    Post subject: Reply with quote

Hi,
szatox wrote:

Create user first.
You can get the list of already existing users by calling something along the lines:
Code:

SELECT User,Host from mysql.user;

Sql handbook will be a great help. There are some examples on using any command you may need, which will help you get started quickly.

Connection to localhost often uses unix socket rather than IP, which allows you bypass mysql's internal security and rely on socket's permissions. Anything that goes through the socket is assumed to be invoked as root.


I don't need to create a new user as my program is trying to connect as root.

Thank you.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 5870
Location: almost Mile High in the USA

PostPosted: Mon Jun 19, 2017 2:16 am    Post subject: Reply with quote

How about (very dangerous, even I didn't do this despite not having a root password):

mysql> CREATE USER 'root'@"%' ;
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION ;

Yes the problem is that mysql treats localhost root and remote root differently and it necessarily needs to be another account.

*danger*will*robinson* if you do this... DROP TABLE * by random unscrupulous users...
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
ONEEYEMAN
Advocate
Advocate


Joined: 01 Mar 2005
Posts: 2570

PostPosted: Mon Jun 19, 2017 2:57 am    Post subject: Reply with quote

eccerr0r,
The "GRANT..." command against "root" account solved the issue.
I can now connect from Windows remotely even with the Comodo running.

Thank you.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 5870
Location: almost Mile High in the USA

PostPosted: Mon Jun 19, 2017 3:26 am    Post subject: Reply with quote

Great!

Okay for the record, hopefully nobody will think of my "solution" as a real solution, it's the kind of thing following guides on the internet and treating it as gospel will get people into big trouble...

... but it did get the ball moving, and sometimes that's all that's needed to get the real solution.
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum