| Access control [message #397054] |
Wed, 08 April 2009 13:54  |
danyromimd
Messages: 73
Registered: August 2008
|
Member |
|
|
Hi all!!
I'me trying to avoid access to my Db from a specified IP, so I added the following to my sqlnet.ora file...
# Enable node validation
tcp.validnode_checking = YES
# Prevent these client IP addresses from
# making connections to the Oracle listener.
tcp.excluded_nodes = 111.11.111.11
# Allow these IP addresses to connect.
#tcp.invited_nodes = {list of IP addresses}
... then I restarted the listener. The supposed avoided IP is my own IP, so I tried to connect and I could!
What do you think am I doing wrong??
Thanks in advance!!
Daniela.
|
|
|
|
|
|
|
|
| Re: Access control [message #397739 is a reply to message #397061] |
Mon, 13 April 2009 12:11  |
danyromimd
Messages: 73
Registered: August 2008
|
Member |
|
|
| Mahesh Rajendran wrote on Wed, 08 April 2009 16:13 | Try
tcp.excluded_nodes = (111.11.111.11)
And you are not connecting to a local database server. Right?
|
Thanks Mahesh!
I was using PuTty to connect to the server where the Db lives, and I thought it would realize the connection was not from the console itself.
... I tried to connect with a client from my Pc and it worked! ... but only after adding the parenthesis ...
Thank you again!!!
Daniela.
[Updated on: Mon, 13 April 2009 12:46] Report message to a moderator |
|
|
|
| Re: Access control [message #397752 is a reply to message #397739] |
Mon, 13 April 2009 15:14 |
danyromimd
Messages: 73
Registered: August 2008
|
Member |
|
|
Could you help me?
I do not much understand what's going on...
When I add an IP to the variable "tcp.invited_nodes" (no matter which...) it let's me stop the listener but it doesn't let me start it up again.
The "ps -ax" command shows there's a listener running, as if it had began to start it up but then could not end up the operation. If I comment the line on sqlnet.ora, I have to "kill -9" the running listener and then it starts up normally.
The startup errors are:
[oracle@test log]$ lsnrctl start
LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 13-APR-2009 16:53:59
Copyright (c) 1991, 2005, Oracle. All rights reserved.
Starting /home/oracle/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 10.2.0.1.0 - Production
System parameter file is /home/oracle/network/admin/listener.ora
Log messages written to /home/oracle/network/log/listener.log
Error listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=1.11.1.1)(PORT=1521)))
TNS-12542: TNS:address already in use
TNS-12560: TNS:protocol adapter error
TNS-00512: Address already in use
Linux Error: 98: Address already in use
Thank you!!
Daniela.
PS: About my tecnical info... all I know is I'm working with version 10.2.0.1.0 on a Redhat4 Linux server. How can I find some other info?
|
|
|
|
|
|
| Re: Access control [message #397756 is a reply to message #397754] |
Mon, 13 April 2009 15:23 |
danyromimd
Messages: 73
Registered: August 2008
|
Member |
|
|
It said...
[oracle@grisutest log]$ lsnrctl reload
LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 13-APR-2009 17:21:22
Copyright (c) 1991, 2005, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=10.11.12.15)(PORT=1521)))
TNS-12547: TNS:lost contact
TNS-12560: TNS:protocol adapter error
TNS-00517: Lost contact
Linux Error: 104: Connection reset by peer
|
|
|
|
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
