I run an instance of MySQL server (5.6), port 3306, on an Ubuntu (14.04 LTS) VM. Employees use a client application to interact with the database.
Periodically, I get a troubleshooting call where the user cannot connect, with the error:
Unable to connect to any of the specified MySQL hosts.
The MySQL error log does not contain a refused or denied connection for the user.
Restarting the machine (not just MySQL) resolves the problem.
I've determined that this appears to be due to client machines being assigned a different IP address. I've also determined that restarting the Ubuntu networking service also resolves the problem.
I am suspicious that there is a network security feature at work here, but I am unable to figure out what it is. I would like to know:
- Can I disable this "feature" or at least configure it to trust clients on the LAN?
- Is there a way to view client machines' IP addresses that are being blocked by this mechanism?
Edit:
Firewall setup: ufw is inactive, iptables I believe is "factory default"
Hmm, most setups I’ve seen use
ufwas the default. But that saidYes, with ufw, it’s:
With iptables it’s:
With ufw (assuming your LAN is on 192.168.1.0/24:
With iptables
As an aside, in my experience, ubuntu 14.04 has a flaky network stack. On a couple of our servers, the network kept dying and we ended up trashing the machines in favor of centos 7. YMMV.