Hi,
Just installed CentOS 3.3. I said to allow only http and ssh when I did the install. I can ssh to the machine and until I compiled apache 2 and installed it seperately I could connect to the default web server. I am running oracle on the box and have found that I can't connect remotely to oracle from another linux box (sql*net works fine on the CentOS box itself). I think it is because the port (oracle is on 1521) is blocked. Can anyone give me an idea of where to start? I've looked at hosts.deny/allow and they both contain no entries and I can't find anything in /etc that seems to be involved in the problem.
Thanks, Wayne
Wayne Bastow wrote:
Hi,
Just installed CentOS 3.3. I said to allow only http and ssh when I did the install. I can ssh to the machine and until I compiled apache 2 and installed it seperately I could connect to the default web server. I am running oracle on the box and have found that I can't connect remotely to oracle from another linux box (sql*net works fine on the CentOS box itself). I think it is because the port (oracle is on 1521) is blocked. Can anyone give me an idea of where to start? I've looked at hosts.deny/allow and they both contain no entries and I can't find anything in /etc that seems to be involved in the problem.
it is that iptables firewall that you enabled during installation. I don't use the thing myself, but I'm sure you are getting blocked by that.
As for your apache problem, I'd have no clue. I run a stock apache server as I trust RH to keep it patched.
.dn
On Tue, 2005-01-11 at 15:22 +1100, Wayne Bastow wrote:
Hi,
Just installed CentOS 3.3. I said to allow only http and ssh when I did the install. I can ssh to the machine and until I compiled apache 2 and installed it seperately I could connect to the default web server. I am running oracle on the box and have found that I can't connect remotely to oracle from another linux box (sql*net works fine on the CentOS box itself). I think it is because the port (oracle is on 1521) is blocked. Can anyone give me an idea of where to start? I've looked at hosts.deny/allow and they both contain no entries and I can't find anything in /etc that seems to be involved in the problem.
Do you want all machines or just specific machines to be able to connect?
You current /etc/sysconfig/iptables should contain 2 lines like this (and other lines as well ... but these 2 are the remote connection allowed lines):
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
Add a line like this (just below the -dport 80 line) to allow all machines to make a NEW connection to the oracle machine:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1521 -j ACCEPT
If you would like only one one subnet to make NEW connections to the Oracle machine, make it like this instead (I'll assume you want the local class C network of 192.168.1.0/24 to connect ... that is IPs 192.168.1.1 to 192.168.1.254):
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 1521 -j ACCEPT
All the lines beginning with -A are single lines (in case the wrap).
On Tue, 2005-01-11 at 15:22 +1100, Wayne Bastow wrote:
Hi,
Just installed CentOS 3.3. I said to allow only http and ssh when I did the install. I can ssh to the machine and until I compiled apache 2 and installed it seperately I could connect to the default web server. I am running oracle on the box and have found that I can't connect remotely to oracle from another linux box (sql*net works fine on the CentOS box itself). I think it is because the port (oracle is on 1521) is blocked. Can anyone give me an idea of where to start? I've looked at hosts.deny/allow and they both contain no entries and I can't find anything in /etc that seems to be involved in the problem.
BTW .. hosts.allow and hosts.deny don't have anything to do with the iptables firewall. Those files (hosts.allow/deny) are used to control services that are started from /etc/xinet.d/* (or /etc/xinetd.conf) ... or other programs that have tcpwrappers built in.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The stock RH apache2 is always a better way to go, security updates and all. But, if one must do a custom build, using a SRPM to do it is best.
Having said that, run a lsof -i and make sure your src build is actually binding to port 80. Could its default be to listen of an off port, such as 8080?
jrw
Wayne Bastow wrote: | Hi, | | Just installed CentOS 3.3. I said to allow only http and ssh when I | did the install. I can ssh to the machine and until I compiled apache | 2 and installed it seperately I could connect to the default web | server. I am running oracle on the box and have found that I can't | connect remotely to oracle from another linux box (sql*net works fine | on the CentOS box itself). I think it is because the port (oracle is | on 1521) is blocked. Can anyone give me an idea of where to start? | I've looked at hosts.deny/allow and they both contain no entries and | I can't find anything in /etc that seems to be involved in the | problem. | | Thanks, | Wayne | _______________________________________________ | CentOS mailing list | CentOS@caosity.org | http://lists.caosity.org/mailman/listinfo/centos
Thanks for your help - working fine now. I'll have to read up on iptables.
Regards, Wayne
On Tue, 11 Jan 2005 08:28:24 -0500, Jacob Robert Wilkins jrw@nplus1.net wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The stock RH apache2 is always a better way to go, security updates and all. But, if one must do a custom build, using a SRPM to do it is best.
Having said that, run a lsof -i and make sure your src build is actually binding to port 80. Could its default be to listen of an off port, such as 8080?
jrw
Wayne Bastow wrote: | Hi, | | Just installed CentOS 3.3. I said to allow only http and ssh when I | did the install. I can ssh to the machine and until I compiled apache | 2 and installed it seperately I could connect to the default web | server. I am running oracle on the box and have found that I can't | connect remotely to oracle from another linux box (sql*net works fine | on the CentOS box itself). I think it is because the port (oracle is | on 1521) is blocked. Can anyone give me an idea of where to start? | I've looked at hosts.deny/allow and they both contain no entries and | I can't find anything in /etc that seems to be involved in the | problem. | | Thanks, | Wayne | _______________________________________________ | CentOS mailing list | CentOS@caosity.org | http://lists.caosity.org/mailman/listinfo/centos -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFB49R4X4FijV1/J7MRAvJrAJ4mM0/jbL7LmjPDmRYycLgg9jJQNACgirCE 4XC2IX2wq5gMnQRvt3gN57Q= =NBJX -----END PGP SIGNATURE----- _______________________________________________ CentOS mailing list CentOS@caosity.org http://lists.caosity.org/mailman/listinfo/centos