View Single Post
Old 11th November 2009, 19:15
digitalage digitalage is offline
Junior Member
Join Date: Jun 2009
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts

About this time, a google result sent me to read README.Debian. (A bit embarrassing that I hadn't already, but there ya go.) The actual file on Lenny was /usr/share/doc/mysql-server-5.0/README.Debian.gz and it gave me the puzzle piece I needed:

If your connection is aborted immediately see if "mysqld: all" or similar is in /etc/hosts.allow and read hosts_access(5).

Sigh... I added mysqld: to hosts.allow and it all came good. The mail.log started complaining about the SQL syntax, which was really good news at the time, that was something I could fix!
Dipps, thank you for your post.

As far as I'm aware of, it makes sense to have a rule in /etc/hosts.allow when there is a rule in /etc/hosts.deny which blocks everything (ie: "all: all") or part of it ("mysql: all"). For the beginner, the explanation: first rule denies everything, in which case we need a rule in /etc/hosts.allow to allow mysql, the second blocks mysql from the public IP, in which case wee need a rule in /etc/hosts.allow to override this for the specific part we need mysql access (local -, or public_ip).

I find this link useful for those who need more informations about how hosts.deny/hosts.allow works:

In short, this is what we need to read from the link above:
The access control software consults two files. The search stops at the first match:

* Access will be granted when a (daemon,client) pair matches an entry in the /etc/hosts.allow file.

* Otherwise, access will be denied when a (daemon,client) pair matches an entry in the /etc/hosts.deny file.

* Otherwise, access will be granted.
Reply With Quote