On Tue, 2005-01-11 at 15:22 +1100, Wayne Bastow wrote:
Hi,
Just installed CentOS 3.3. I said to allow only http and ssh when I did the install. I can ssh to the machine and until I compiled apache 2 and installed it seperately I could connect to the default web server. I am running oracle on the box and have found that I can't connect remotely to oracle from another linux box (sql*net works fine on the CentOS box itself). I think it is because the port (oracle is on 1521) is blocked. Can anyone give me an idea of where to start? I've looked at hosts.deny/allow and they both contain no entries and I can't find anything in /etc that seems to be involved in the problem.
Do you want all machines or just specific machines to be able to connect?
You current /etc/sysconfig/iptables should contain 2 lines like this (and other lines as well ... but these 2 are the remote connection allowed lines):
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
Add a line like this (just below the -dport 80 line) to allow all machines to make a NEW connection to the oracle machine:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1521 -j ACCEPT
If you would like only one one subnet to make NEW connections to the Oracle machine, make it like this instead (I'll assume you want the local class C network of 192.168.1.0/24 to connect ... that is IPs 192.168.1.1 to 192.168.1.254):
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 1521 -j ACCEPT
All the lines beginning with -A are single lines (in case the wrap).