Mysql Remote IP blocked

mysql-5.6remote

I have a peculiar issue with some database connections: I've got this (test) script on 2 different servers:

$link = mysql_connect($db_server, $db_user, $db_passwd);
if (!$link) {
    die('Could not connect: ' .mysql_errno().":". mysql_error());
} else {
    echo 'Connected successfully';
}
mysql_close($link);
exit;

On one server, there's no issue at all. On the other server, the connection is refused from time to time, with the following message:

Could not connect: 2002:Operation not permitted

Obviously, both hosts aren't blocked by the db server firewall (but I've explicitly whitelisted the problematic IP address anyway)

Most forums indicate it might be a problem with the lock file, mysql-server not running, or any global issues, but it seems like this specific remote host is blocked, all other websites and remote hosts connect perfectly.

I've attempted to set the global max_connect_errors to 10.000 , but that didn't help either. I do believe it has to do with connection errors from the offending server. It has some slow query issues already, and with the site being visited more often, the issue comes back more frequently. After (exactly) ten minutes, the remote host is unblocked again, and everything works as it should.

I've also tried restarting mysqld, rebooting the server.
But I'm running out of options. Any thoughts on how to prevent this, or at least resolve it when the issue occurs?

Best Answer

Well, it took a couple of years of my life, but I think I've figured it out.

I had to increase two mysql database configuration values (in /etc/mysql/my.ini) :

max_connections (from 100 to 500 , for now)
max_connect_errors (from 10 to 10.000)

After that, I ran flush hosts on the mysql prompt to clear any blocked hosts.

The forum experiencing these issues is generating some heavy database queries (mainly statistics into a table with over 1 million records - not sure why this would be "difficult", but that's another topic).

I assume this causes a temporary lockup and ultimately a lack of allowed connections. This in turn temporarily blacklists the webserver altogether!

After that, the database was accessible via the web interface again!

Give it a Try !!!

In your question, you said you ran this

GRANT ALL ON *.* to '%'@'%' WITH GRANT OPTION;

Wildcard characters are not allowed for the user. In fact, the MySQL Documentation on GRANT says

MySQL does not support wildcards in user names. To refer to an anonymous user, specify an account with an empty user name with the GRANT statement:

Your grant should say

GRANT ALL ON *.* to root@'%' WITH GRANT OPTION;

GRANT ALL ON *.* to remote_user@'10.20.30.%' IDENTIFIED WITH 'rootpass' WITH GRANT OPTION;

MySQL remote connection: Public vs. private IP address

The explanation here is a straightforward one: You can't bind a listening socket to an IP address that your machine's IP stack isn't aware of.

In AWS (whether EC2 Classic or EC2/VPC) as in many network environments these days, your external IP is not configured in your machine -- it's mapped through an external device (router, firewall) to your machine's private IP via NAT (network address translation).

You can confirm that your server itself has no idea about the external IP:

 $ ifconfig

The simplest solution, of course, is binding to 0.0.0.0 unless you have a specific reason not to.

http://en.m.wikipedia.org/wiki/Network_address_translation

Best Answer

Related Solutions

Mysql – remote connection to thesql

Give it a Try !!!

MySQL remote connection: Public vs. private IP address

Related Question