大家好,又见面了,我是你们的朋友全栈君。
问题描述:使用plsql连接数据库发现TNS报错,登录服务器发现防火墙开放,如果直接关闭防火墙,所有的端口都可以连接,但是实际中可能会遇到开启防火墙的库,这时候需要开放单一端口对某一服务器或者某一网段
1.开放1521端口对所有服务器
vi /etc/sysconfig/iptables
-A INPUT -m state –state NEW -m tcp -p tcp –dport 1521 -j ACCEPT
这句要放在 -A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT 后面,要不然不生效
重启防火墙
[root@orcl ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
[root@orcl~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination1 ACCEPT all — 0.0.0.0/0 0.0.0.0/0state RELATED,ESTABLISHED2 ACCEPT icmp — 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all — 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:1521
6 REJECT all — 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination1 REJECT all — 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
2.开放1521端口给指定网段,添加的指定IP,但是识别的是子网内的所有IP,其他同网段的IP都可以访问。如果去掉/24,指定IP的话,就访问不了。怎么指定单一端口给某一服务器?
-A INPUT -s 192.168.163.6/24 -p tcp -m tcp –dport 1521 -j ACCEPT
[root@orcl ~]# vi /etc/sysconfig/iptables
[root@orcl~]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
[root@orcl~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination1 ACCEPT all — 0.0.0.0/0 0.0.0.0/0state RELATED,ESTABLISHED2 ACCEPT icmp — 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all — 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 ACCEPT tcp — 192.168.163.0/24 0.0.0.0/0 tcp dpt:1521
6 REJECT all — 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination1 REJECT all — 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
发布者:全栈程序员-站长,转载请注明出处:https://javaforall.net/132627.html原文链接:https://javaforall.net
