ERROR 2003 (HY000): Can't connect to MySQL server on 'ip'(111)

问题描述：

从一台linux远程连接另一台linux上的MySQL, 出现ERROR 2003 (HY000): Can‘t connect to MySQL server on ‘ip‘(111)错误。

[[email protected] ~]$ mysql -hxxx.xxx.xxx.85 -uroot -p

Enter password: 123456

ERROR 2003 (HY000): Can‘t connect to MySQL server on ‘xxx.xxx.xxx.85‘ (111)

问题分析：

1.可能网络连接问，远程ping xxx.xxx.xxx.85 ，能ping通，排除此情况

[[email protected] ~]$ ping xxx.xxx.xxx.85

PING xxx.xxx.xxx.85 (xxx.xxx.xxx.85) 56(84) bytes of data.

64 bytes from xxx.xxx.xxx.85: icmp_seq=1 ttl=63 time=0.230 ms

2. 排查可能由于85上my.cnf里配置了skip_networking或者bind_address，只允许本地socket连接

2.1 在[mysqld]下设置skip_networking,

知识说明：这使用MySQL只能通过本机Socket连接(socket连接也是本地连接的默认方式），放弃对TCP/IP的监听

当然也不让本地java程序连接MySQL(Connector/J只能通过TCP/IP来连接）。

2.2 可能使用了bind_address=127.0.0.1(当然也可以是其他ip)

[mysqld]

bind_address=127.0.0.1

请把这行注释掉 #bind_address=127.0.0.1

3.排查DNS解析问题,检查是否设置了： skip_name_resolve。这个情况肯定不可能，因为我用的是ip,不是主机名。

[mysqld]

skip_name_resolve

知识说明：这个参数加上后，不支持主机名的连接方式。

4. 排查用户和密码问题，其实用户和密码的错误，不会出现111的，所以排除用户密码问题

ERROR 1045 (28000): Access denied for user ‘root‘@‘XXXX‘ (using password: YES)

5. 排查--port问题，有可能85的MySQL port不是默认3306，这样我远程连接时，没有指定--port，用的是3306, 而85上没有对3306进行监听。

netstat -nplt | grep mysql

tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 11107/mysqld

测试连接： mysql -u root -p -h xxx.xxx.xxx.85 --port 3306

6.最坑的防火墙：

1.检查防火墙状态

[[email protected] ~]# service iptables status

Redirecting to /bin/systemctl status iptables.service

iptables.service - IPv4 firewall with iptables

Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled)

Active: active (exited) since Wed 2016-11-02 23:10:51 CST; 14min ago

Process: 12024 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=0/SUCCESS)

Process: 12078 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)

Main PID: 12078 (code=exited, status=0/SUCCESS)

Nov 02 23:10:51 iZ288zn7gymZ iptables.init[12078]: iptables: Applying firewall rules: [ OK ]

Nov 02 23:10:51 iZ288zn7gymZ systemd[1]: Started IPv4 firewall with iptables.

正常启动。

查看是否放开mysql端口

[[email protected] ~]# iptables -L -n (或者： iptables --list )

Chain INPUT (policy DROP)

target prot opt source destination

ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443

ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 100/sec burst 100

ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 10

syn-flood tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02

REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

如果没有 3306 加入防火墙规则：

iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT

注意这样只能临时加入防火墙需要把规则save到 /etc/sysconfig/iptables 文件下

[[email protected] ~]# service iptables save

iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、
或者简单粗暴
直接vim /etc/sysconfig/iptables
增加一行 -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT

完成后我的如下：

# Generated by iptables-save v1.4.21 on Thu Jan 28 19:16:55 2016

*filter

:INPUT DROP [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [1:152]

:syn-flood - [0:0]

-A INPUT -i lo -j ACCEPT

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

-A INPUT -p icmp -m limit --limit 100/sec --limit-burst 100 -j ACCEPT

-A INPUT -p icmp -m limit --limit 1/sec --limit-burst 10 -j ACCEPT

-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN

-A syn-flood -j REJECT --reject-with icmp-port-unreachable

COMMIT

# Completed on Thu Jan 28 19:16:55 2016

然后重启防火墙：

[[email protected] ~]# service iptables restart

Redirecting to /bin/systemctl restart iptables.service

PS. 请保证mysql 进程正常启动的前提下逐一排查以上几点。
参考： MySQL远程连接ERROR 2003 (HY000):Can‘t connect to MySQL server on‘XXXXX‘的问题
mysql权限及密码问题见：http://www.cnblogs.com/wangdaijun/p/5312424.html

ERROR 2003 (HY000): Can't connect to MySQL server on 'ip'(111)

时间： 2024-12-19 14:39:41

ERROR 2003 (HY000): Can't connect to MySQL server on 'ip'(111)

ERROR 2003 (HY000): Can't connect to MySQL server on 'ip'(111)的相关文章

[转]MySQL远程连接ERROR 2003 (HY000):Can't connect to MySQL server on'XXXXX'(111) 的问题

ERROR 2003 (HY000): Can't connect to MySQL server on 'ip address' (111)的处理办法

ERROR 2003 (HY000): Can't connect to MySQL server

[MYSQL] 使用 mysql-5.6.10-win32 (MySQL 5.6纯净版 ) 出现ERROR 2003 (HY000): Can't connect to MySQL server on 'localhost' (10061)

mysql报错ERROR 2003 (HY000): Can't connect to MySQL server on 'localhost' (10061)

ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.56.105' (113)

mysql绿色版安装问题解决(ERROR 2003 (HY000): Can't connect to MySQL server on 'localhost' (10061))

MYSQL服务 ERROR 2003 (HY000): Can't connect to MySQL server on "********" 的问题解决

ERROR 2003 (HY000): Can't connect to MySQL server on '' (10060) CentOS7 安装二进制包mysql5.7.19