Hi, Just installed CentOS 3.3. I said to allow only http and ssh when I did the install. I can ssh to the machine and until I compiled apache 2 and installed it seperately I could connect to the default web server. I am running oracle on the box and have found that I can't connect remotely to oracle from another linux box (sql*net works fine on the CentOS box itself). I think it is because the port (oracle is on 1521) is blocked. Can anyone give me an idea of where to start? I've looked at hosts.deny/allow and they both contain no entries and I can't find anything in /etc that seems to be involved in the problem. Thanks, Wayne
Wayne Bastow wrote:> Hi, > > Just installed CentOS 3.3. I said to allow only http and ssh when I > did the install. I can ssh to the machine and until I compiled apache > 2 and installed it seperately I could connect to the default web > server. I am running oracle on the box and have found that I can't > connect remotely to oracle from another linux box (sql*net works fine > on the CentOS box itself). I think it is because the port (oracle is > on 1521) is blocked. Can anyone give me an idea of where to start? > I've looked at hosts.deny/allow and they both contain no entries and > I can't find anything in /etc that seems to be involved in the > problem.it is that iptables firewall that you enabled during installation. I don't use the thing myself, but I'm sure you are getting blocked by that. As for your apache problem, I'd have no clue. I run a stock apache server as I trust RH to keep it patched. .dn
On Tue, 2005-01-11 at 15:22 +1100, Wayne Bastow wrote:> Hi, > > Just installed CentOS 3.3. I said to allow only http and ssh when I > did the install. I can ssh to the machine and until I compiled apache > 2 and installed it seperately I could connect to the default web > server. I am running oracle on the box and have found that I can't > connect remotely to oracle from another linux box (sql*net works fine > on the CentOS box itself). I think it is because the port (oracle is > on 1521) is blocked. Can anyone give me an idea of where to start? > I've looked at hosts.deny/allow and they both contain no entries and > I can't find anything in /etc that seems to be involved in the > problem. >Do you want all machines or just specific machines to be able to connect? You current /etc/sysconfig/iptables should contain 2 lines like this (and other lines as well ... but these 2 are the remote connection allowed lines): -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT Add a line like this (just below the -dport 80 line) to allow all machines to make a NEW connection to the oracle machine: -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1521 -j ACCEPT If you would like only one one subnet to make NEW connections to the Oracle machine, make it like this instead (I'll assume you want the local class C network of 192.168.1.0/24 to connect ... that is IPs 192.168.1.1 to 192.168.1.254): -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 1521 -j ACCEPT All the lines beginning with -A are single lines (in case the wrap). -- Johnny Hughes <http://www.HughesJR.com/>
On Tue, 2005-01-11 at 15:22 +1100, Wayne Bastow wrote:> Hi, > > Just installed CentOS 3.3. I said to allow only http and ssh when I > did the install. I can ssh to the machine and until I compiled apache > 2 and installed it seperately I could connect to the default web > server. I am running oracle on the box and have found that I can't > connect remotely to oracle from another linux box (sql*net works fine > on the CentOS box itself). I think it is because the port (oracle is > on 1521) is blocked. Can anyone give me an idea of where to start? > I've looked at hosts.deny/allow and they both contain no entries and > I can't find anything in /etc that seems to be involved in the > problem.BTW .. hosts.allow and hosts.deny don't have anything to do with the iptables firewall. Those files (hosts.allow/deny) are used to control services that are started from /etc/xinet.d/* (or /etc/xinetd.conf) ... or other programs that have tcpwrappers built in. -- Johnny Hughes <http://www.HughesJR.com/>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The stock RH apache2 is always a better way to go, security updates and all. But, if one must do a custom build, using a SRPM to do it is best. Having said that, run a lsof -i and make sure your src build is actually binding to port 80. Could its default be to listen of an off port, such as 8080? jrw Wayne Bastow wrote: | Hi, | | Just installed CentOS 3.3. I said to allow only http and ssh when I | did the install. I can ssh to the machine and until I compiled apache | 2 and installed it seperately I could connect to the default web | server. I am running oracle on the box and have found that I can't | connect remotely to oracle from another linux box (sql*net works fine | on the CentOS box itself). I think it is because the port (oracle is | on 1521) is blocked. Can anyone give me an idea of where to start? | I've looked at hosts.deny/allow and they both contain no entries and | I can't find anything in /etc that seems to be involved in the | problem. | | Thanks, | Wayne | _______________________________________________ | CentOS mailing list | CentOS at caosity.org | http://lists.caosity.org/mailman/listinfo/centos -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFB49R4X4FijV1/J7MRAvJrAJ4mM0/jbL7LmjPDmRYycLgg9jJQNACgirCE 4XC2IX2wq5gMnQRvt3gN57Q=NBJX -----END PGP SIGNATURE-----