I’m not able to connect to mariadb port 3306 using nc or telnet or mysql, we have checked everything only its accepts connection from other mariadbs in the same cluster
- Ping from bastion server to Mariadb is working
<code># ping x.x.x.x
PING x.x.x.x (x.x.x.x) 56(84) bytes of data.
64 bytes from x.x.x.x: icmp_seq=1 ttl=64 time=0.495 ms
64 bytes from x.x.x.x: icmp_seq=2 ttl=64 time=0.511 ms
64 bytes from x.x.x.x: icmp_seq=3 ttl=64 time=0.537 ms
</code>
<code># ping x.x.x.x
PING x.x.x.x (x.x.x.x) 56(84) bytes of data.
64 bytes from x.x.x.x: icmp_seq=1 ttl=64 time=0.495 ms
64 bytes from x.x.x.x: icmp_seq=2 ttl=64 time=0.511 ms
64 bytes from x.x.x.x: icmp_seq=3 ttl=64 time=0.537 ms
</code>
# ping x.x.x.x
PING x.x.x.x (x.x.x.x) 56(84) bytes of data.
64 bytes from x.x.x.x: icmp_seq=1 ttl=64 time=0.495 ms
64 bytes from x.x.x.x: icmp_seq=2 ttl=64 time=0.511 ms
64 bytes from x.x.x.x: icmp_seq=3 ttl=64 time=0.537 ms
- Cloud Security Group and List are open, “ACCEPT” checked in Cloud Logs
<code>grep bind-address /etc/mysql/mariadb.conf.d/50-server.cnf
bind-address = 0.0.0.0
sudo netstat -plnt | grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 240696/mysqld
ufw status verbose
Status: inactive
</code>
<code>grep bind-address /etc/mysql/mariadb.conf.d/50-server.cnf
bind-address = 0.0.0.0
sudo netstat -plnt | grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 240696/mysqld
ufw status verbose
Status: inactive
</code>
grep bind-address /etc/mysql/mariadb.conf.d/50-server.cnf
bind-address = 0.0.0.0
sudo netstat -plnt | grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 240696/mysqld
ufw status verbose
Status: inactive
- tcpdump on maria db shows reply is blocked for unknown reason
<code>tcpdump host x.x.x.x
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes
11:00:18.671892 IP bastion-test > mariadb-1-dr: Flags [S], seq 39802800, win 62720, options [mss 8960,sackOK,TS val 356988797 ecr 0,nop,wscale 7], length 0
11:00:18.671941 IP mariadb-1-dr > bastion-test: ICMP host mariadb-1-dr unreachable - admin prohibited, length 68
</code>
<code>tcpdump host x.x.x.x
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes
11:00:18.671892 IP bastion-test > mariadb-1-dr: Flags [S], seq 39802800, win 62720, options [mss 8960,sackOK,TS val 356988797 ecr 0,nop,wscale 7], length 0
11:00:18.671941 IP mariadb-1-dr > bastion-test: ICMP host mariadb-1-dr unreachable - admin prohibited, length 68
</code>
tcpdump host x.x.x.x
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes
11:00:18.671892 IP bastion-test > mariadb-1-dr: Flags [S], seq 39802800, win 62720, options [mss 8960,sackOK,TS val 356988797 ecr 0,nop,wscale 7], length 0
11:00:18.671941 IP mariadb-1-dr > bastion-test: ICMP host mariadb-1-dr unreachable - admin prohibited, length 68
- apparmor has no profiles related to mariadb and tried to stop from systemctl but still same issue.
Note : Ubuntu “20.04.6 LTS (Focal Fossa)
<code>mysql -h x.x.x.x -u general -p'xxx' name_general_service
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2003 (HY000): Can't connect to MySQL server on 'x.x.x.x:3306' (113)
</code>
<code>mysql -h x.x.x.x -u general -p'xxx' name_general_service
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2003 (HY000): Can't connect to MySQL server on 'x.x.x.x:3306' (113)
</code>
mysql -h x.x.x.x -u general -p'xxx' name_general_service
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2003 (HY000): Can't connect to MySQL server on 'x.x.x.x:3306' (113)
was expecting to establish a connection or telnet to work
2