1

When I am trying to connect to RDS from my vps, it says connection refused. When I tried connecting it from local or other vps, it worked fine.

I figured out that it must be a firewall issue on my vps. 

sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I get this output when I run iptables -L.

this command - netstat -ntlp | grep 3306 gives - 

tcp6       0      0 :::3306                 :::*                    LISTEN

What is it that went wrong here?

EDIT: As mentioned by Andrey, I tried to telnet. This is the output that I get.

Trying <<ip_address>>...
telnet: connect to address <<ip_address>>: Connection timed out

EDIT2: Result of netstat on other instance where things are working fine. 

tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      28864/mysqld

I am guessing the problem is with IPv4 and v6? How can I move that port to listen to v4?

nirvair
  • 109
  • 5
  • 1
    Please confirm how you are trying to connect and the exact error message you get. The best way to rule out networking issues is by running "telnet 3306" on the server you are trying to connect from. Also when you say VPS, do you mean EC2 instances in AWS? If so you might want to check security group rules and/or network ACLs. – Andrey Feb 18 '16 at 22:07
  • Something here can't be right, if the question is about RDS. There is no way to access the shell on an RDS machine, so no way to run `netstat` on an RDS machine, and the output of `netstat` above has to be from a different system and not relevant to the question. Also, security group settings on the RDS will never trigger "connection refused" -- only "connection timed out." – Michael - sqlbot Feb 18 '16 at 23:51
  • I never mentioned I was doing all these things on RDS. I was doing on an EC2 instance. I checked the security group rules. Both EC2 instance have same security group. One is able to connect, the other is not. – nirvair Feb 19 '16 at 04:17
  • You said "trying to connect to RDS from my vps" so I assumed its Amazon RDS and not MySQL instance on an EC2. Please run the telnet command I mentioned but replace instance hostname with an IP address of your EC2 instance running MySQL and paste output here. – Andrey Feb 19 '16 at 07:20
  • @phantomphoenix are you sure your ec2 machine is resolving the host correctly. Is it pointing to some internal dns server. – Gaurav Pundir Feb 19 '16 at 09:36
  • @GauravPundir: The problem is somewhere with my EC2 machine. Because I could connect to RDS with my other EC2 machine. – nirvair Feb 20 '16 at 08:07
  • @Andrey: This is the output - connection timed out. `Trying <>... telnet: connect to address <>: Connection timed out` – nirvair Feb 20 '16 at 08:10
  • Possible duplicate of [What causes the 'Connection Refused' message?](http://serverfault.com/questions/725262/what-causes-the-connection-refused-message) – user9517 Feb 20 '16 at 08:15
  • 1
    Are both your EC2 instances in the same security group, with the same ACLs, and the same routing? How about your RDS security group, which is separate? Have you locked something down by individual IP (a /32) instead of a range? If one works and the other doesn't it's really up to you to track down what you've done differently with the non-working one, an annoying job. Spin up a spot instance to try. To diagnose this you'd have to post your IPs, all security groups details, ACL, and routing, which could compromise your security. If you can't work it out you have have to pay a pro to help. – Tim Feb 20 '16 at 08:19
  • @Tim This instance where I could not connect to RDS, is a replica of an instance through which I can connect to RDS. Security groups for both the instance are same. And nothing is locked by individual IP. – nirvair Feb 24 '16 at 07:00
  • Unfortunately if you can't track it down with the various suggestions people have made I think it's time to pay a professional to track it down for you. – Tim Feb 24 '16 at 07:08
  • @Tim The only difference between two instance is the result of `netstat -ntlp | grep 3306`. This instance where things are not working, it is listening to `tcp6`; whereas on other instance where things are working, is listening to `tcp`. – nirvair Feb 24 '16 at 07:20

0 Answers0