Allowing Internal Network Access to MariaDB Server

Answered using GPT-4o Mini by GPT4oMini.app

Question:

I have two VM, one is a database mariaDB server(10.0.0.1). How can I allow address from my internal network to connect to this DB?

Answer:

To allow connections from your internal network to your MariaDB server (located at IP address 10.0.0.1), you need to follow these steps:

Step 1: Configure MariaDB to Allow Remote Connections

  1. Edit the MariaDB Configuration File: Open the MariaDB configuration file, typically located at /etc/mysql/my.cnf or /etc/my.cnf. You may also find it in /etc/mysql/mariadb.conf.d/50-server.cnf depending on your installation.

    sudo nano /etc/mysql/my.cnf

  2. Bind Address: Look for the line that starts with bind-address. By default, it may be set to 127.0.0.1, which means it only accepts local connections. Change it to 0.0.0.0 to allow connections from any IP address, or specify your internal network range.

    bind-address = 0.0.0.0

    Alternatively, if you want to restrict access to a specific subnet (e.g., 10.0.0.0/24), you can use firewall rules instead.

  3. Save and Exit: Save the changes and exit the text editor.

Step 2: Create a User for Remote Access

  1. Log into MariaDB: Use the following command to log into the MariaDB server:

    mysql -u root -p

  2. Create a User: Create a user that can connect from your internal network. Replace username, password, and 10.0.0.% with your desired username, password, and the appropriate IP range.

    CREATE USER 'username'@'10.0.0.%' IDENTIFIED BY 'password';

  3. Grant Privileges: Grant the necessary privileges to the user:

    GRANT ALL PRIVILEGES ON *.* TO 'username'@'10.0.0.%' WITH GRANT OPTION;

  4. Flush Privileges: Make sure to flush the privileges to apply the changes:

    FLUSH PRIVILEGES;

  5. Exit MariaDB:

    EXIT;

Step 3: Configure Firewall Rules

If you have a firewall running (like ufw or iptables), you need to allow traffic on the MariaDB port (default is 3306).

  1. Using UFW: If you are using UFW, you can allow access with the following command:

    sudo ufw allow from 10.0.0.0/24 to any port 3306

  2. Using iptables: If you are using iptables, you can add a rule like this:

    sudo iptables -A INPUT -p tcp -s 10.0.0.0/24 --dport 3306 -j ACCEPT

Step 4: Restart MariaDB

After making these changes, restart the MariaDB service to apply the configuration:

sudo systemctl restart mariadb

Step 5: Test the Connection

From a machine in your internal network, try to connect to the MariaDB server using the credentials you created:

mysql -u username -p -h 10.0.0.1

If everything is set up correctly, you should be able to connect to the MariaDB server from your internal network.

Troubleshooting

  • If you cannot connect, check the following:
    • Ensure the MariaDB service is running.
    • Verify that the firewall rules are correctly set.
    • Check the MariaDB logs for any error messages (usually found in /var/log/mysql/ or /var/log/mariadb/).
    • Ensure that the user has the correct privileges and is allowed to connect from the specified IP range.