zoukankan      html  css  js  c++  java
  • mysql绑定多个ip地址

    http://jpuyy.com/2013/07/mysql-bind-multi-address.html

    mysql绑定多个ip地址

    my.cnf中有选项bind-address=127.0.0.1,是说mysql server监听的是本地发来的请求,如果是任意主机都可以请求,则写为0.0.0.0,但是这样又不太安全。监听某ip,指定此ip地址即可,但是要保证mysql的user中有允许此ip访问,否则不能对数据库操作。那么是否可以在配置里只规定几个ip呢?

    简单直接回答:不可能

    请参考:http://dev.mysql.com/doc/refman/5.1/en/server-options.html#option_mysqld_bind-address

    The MySQL server listens on a single network socket for TCP/IP connections. This socket is bound to a single address, but it is possible for an address to map onto multiple network interfaces. The default address is 0.0.0.0. To specify an address explicitly, use the –bind-address=addr option at server startup, where addr is an IPv4 address or a host name. If addr is a host name, the server resolves the name to an IPv4 address and binds to that address. The server treats different types of addresses as follows:

    If the address is 0.0.0.0, the server accepts TCP/IP connections on all server host IPv4 interfaces.
    If the address is a “regular” IPv4 address (such as 127.0.0.1), the server accepts TCP/IP connections only for that particular IPv4 address.

    但是有此需求,就会到访问控制,那么使用防火墙iptables可实现此效果

    mysql-server为192.168.1.3,只允许192.168.1.4,  192.168.1.5,  192.168.1.6来访问3306端口

    在my.cnf中

    bind-address = 0.0.0.0

    在访问3306端口的主机中,只允许192.168.1.4-6,其他ip一律DROP掉

    /sbin/iptables -A INPUT -p tcp -s 192.168.1.4 --dport 3306 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp -s 192.168.1.5 --dport 3306 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp -s 192.168.1.6 --dport 3306 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp --dport 3306 -j DROP

    /sbin/iptables -A INPUT -p tcp --dport 3306 ! -s 192.168.1.4 -j DROP
    /sbin/iptables -A INPUT -p tcp --dport 3306 ! -s 192.168.1.5 -j DROP
    /sbin/iptables -A INPUT -p tcp --dport 3306 ! -s 192.168.1.6 -j DROP

    保存防火墙规则

    service iptables save

    查看INPUT链包含3306的规则

    echo -e "target prot opt source destination
    $(iptables -L INPUT -n | grep 3306)"

    这样就实现了mysql只允许指定ip访问。

    参考:

    http://www.cyberciti.biz/faq/unix-linux-mysqld-server-bind-to-more-than-one-ip-address/

  • 相关阅读:
    勇气
    Node.js的安装和配置
    jekins构建时,远程执行shell的问题
    CDMA系统原理二
    详解Android定位
    Docker 简介
    Polly+HttpClientFactory
    K8s-Helm
    k8s-部署应用
    K8S-Pod
  • 原文地址:https://www.cnblogs.com/diyunpeng/p/8592054.html
Copyright © 2011-2022 走看看