Mysql
apache / mysql 無法使用 PF 防火牆連接監獄
我在 FreeBSD11 上設置了兩個監獄環境
root@ns312773:/etc # jls JID IP Address Hostname Path 1 10.6.6.6 www /usr/jails/www 2 10.6.6.7 dbs /usr/jails/dbs
這就是我的 /etc/pf.conf 中的內容
### Interfaces ### ExtIf ="igb0" IntIf ="lo666" ### Hosts ### IP_WEB ="192.168.0.1" IP_JAIL = "{10.6.6.6, 10.6.6.7, 10.6.6.8, 10.6.6.9}" IP_JAIL_WWW = "10.6.6.6" IP_JAIL_DBS = "10.6.6.7" IP_JAIL_APP = "10.6.6.8" NET_JAIL="10.6.6.0/24" ### Ports ### PORT_WWW="{80,443}" PORT_MYSQL="{3306}" # WWW rdr pass on $ExtIf proto tcp from any to $IP_WEB port $PORT_WWW -> $IP_JAIL_WWW # MYSQL rdr pass on $ExtIf proto tcp from any to $IP_JAIL_WWW port $PORT_MYSQL -> $IP_JAIL_DBS
當我試圖檢查埠是否從
$IP_JAIL_WWW
# ezjail-admin console www Last login: Thu Aug 13 13:30:14 on pts/0 FreeBSD 11.0-CURRENT (GENERIC) #0 r286285: Tue Aug 4 15:12:53 UTC 2015 Welcome to FreeBSD! Release Notes, Errata: https://www.FreeBSD.org/releases/ Security Advisories: https://www.FreeBSD.org/security/ FreeBSD Handbook: https://www.FreeBSD.org/handbook/ FreeBSD FAQ: https://www.FreeBSD.org/faq/ Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/ FreeBSD Forums: https://forums.FreeBSD.org/ Documents installed with the system are in the /usr/local/share/doc/freebsd/ directory, or can be installed later with: pkg install en-freebsd-doc For other languages, replace "en" with a language code like de or fr. Show the version of FreeBSD installed: freebsd-version ; uname -a Please include that output and any error messages when posting questions. Introduction to manual pages: man man FreeBSD directory layout: man hier Edit /etc/motd to change this login announcement. root@www:~ # telnet 10.6.6.7 3306 Trying 10.6.6.7... Connected to 10.6.6.7. Escape character is '^]'. AHost '10.6.6.6' is not allowed to connect to this MySQL serverConnection closed by foreign host. root@www:~ #
據我所知,
rdr pass on $ExtIf proto tcp from any to $IP_JAIL_WWW port $PORT_MYSQL -> $IP_JAIL_DBS
應該通過兩個監獄之間的交通,任何建議都非常感謝。
我明白了,我必須創建一個 MySQL 使用者才能連接
mysql> use mysql; mysql> CREATE USER 'web'@'10.6.6.6' IDENTIFIED BY 'password'; mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER ON *.* TO 'web'@'10.6.6.6'; mysql> FLUSH PRIVILEGES;
然後從網路監獄:
# ezjail-admin console www root@www:~ # vi /usr/local/www/apache24/data/mysql.php <?php $servername = "10.6.6.7"; $username = "web"; $password = "password"; // Create connection $conn = new mysqli($servername, $username, $password); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } echo "Connected successfully"; ?>
然後去http://192.168.0.1/mysql.php你應該得到
Connected successfully