Details
-
Bug
-
Status: Open (View Workflow)
-
Minor
-
Resolution: Unresolved
-
11.8.6
-
None
-
None
-
ubuntu 26.04 server and xubuntu 26.04 client
Description
With bind-address 0.0.0.0 ((in 50-server.cnf) my remote (local ethernet) client can connect with a specific user to a specific database, port 3306 with no problems.
Wanting to restrict such access to a few specific remote systems, I wanted to test it so I specified one remote address ('R') instead of 0.0.0.0
With the exact same mariadb client command I get:
Error 2002 Can't connect to server on IP-address (115)
When specifying the specific remote ip address, the ss command on the server shows:
sudo ss -tlnp | grep 3306
LISTEN 0 80 'R':3306 0.0.0.0:* users
("mariadbd",pid=29094,fd=142))
telnet from my remote client also fails to connect.
If I specify bind-address 127.0.0.1 and use a client local to the server, with a different user associated with the same database on the server, it works.
The only change I make between it working and failing is to the bind-address.
So the firewall must be OK. The database user must be OK, related to the correct remote IP address, and have access to the specific database, otherwise it would not work with bind-address 0.0.0.0.
My remote IP address must also be OK otherwise it would not work with bind-address 0.0.0.0 since the user is only associated with that IP address in the user database.
I know I could just use 0.0.0.0, but the mariadb documents say one can specify several IP addresses, separated by commas, to limit access.