环境:
oracle服务端:
oracle 10.2.0.5
rhel 5.4 32bit
ip 192.168.0.221
数据库相关信息
SQL> show parameter name
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
db_file_name_convert string
db_name string orcl
db_unique_name string orcl
global_names boolean FALSE
instance_name string orcl
lock_name_space string
log_file_name_convert string
service_names string orcl
oracle客户端(ip:192.168.0.121,主机名:odb1.test.com)
tns:
ORCL_192.168.0.221 =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.0.221)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = orcl)
)
)
==================================================================================================
故障现象:
客户端tnsping服务端报错
odb1.test.com-PROD1>tnsping ORCL_192.168.0.221
TNS Ping Utility for Linux: Version 11.2.0.3.0 - Production on 23-JAN-2016 12:05:21
Copyright (c) 1997, 2011, Oracle. All rights reserved.
Used parameter files:
/u01/app/oracle/product/11.2.0/db_1/network/admin/sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.0.221)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl)))
TNS-12543: TNS:destination host unreachable
客户端连接服务 端报错
odb1.test.com-PROD1>sqlplus sys/oracle@ORCL_192.168.0.221 as sysdba
SQL*Plus: Release 11.2.0.3.0 Production on Sat Jan 23 12:12:29 2016
Copyright (c) 1982, 2011, Oracle. All rights reserved.
ERROR:
ORA-12543: TNS:destination host unreachable
Enter user-name:
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name:
ERROR:
ORA-01017: invalid username/password; logon denied
SP2-0157: unable to CONNECT to ORACLE after 3 attempts, exiting SQL*Plus
odb1.test.com-PROD1>
分析诊断后,发现是 服务端主机的防火墙开启,阻塞1521端口,导致1521端口不通。
odb1.test.com-PROD1>ping -c 3 192.168.0.221
PING 192.168.0.221 (192.168.0.221) 56(84) bytes of data.
64 bytes from 192.168.0.221: icmp_seq=1 ttl=64 time=0.486 ms
64 bytes from 192.168.0.221: icmp_seq=2 ttl=64 time=0.346 ms
64 bytes from 192.168.0.221: icmp_seq=3 ttl=64 time=0.348 ms
--- 192.168.0.221 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.346/0.393/0.486/0.067 ms
odb1.test.com-PROD1>
[root@rhel ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:23
12 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
[root@rhel ~]#
临时解决方法:关闭防火墙。
[root@rhel ~]# service iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
再次tnsping,成功ping通。
odb1.test.com-PROD1>tnsping ORCL_192.168.0.221
TNS Ping Utility for Linux: Version 11.2.0.3.0 - Production on 23-JAN-2016 12:17:44
Copyright (c) 1997, 2011, Oracle. All rights reserved.
Used parameter files:
/u01/app/oracle/product/11.2.0/db_1/network/admin/sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.0.221)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl)))
OK (0 msec)
odb1.test.com-PROD1>
再次连接,成功连接数据库。
odb1.test.com-PROD1>sqlplus sys/oracle@ORCL_192.168.0.221 as sysdba
SQL*Plus: Release 11.2.0.3.0 Production on Sat Jan 23 12:17:24 2016
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.5.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> show parameter name
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
db_file_name_convert string
db_name string orcl
db_unique_name string orcl
global_names boolean FALSE
instance_name string orcl
lock_name_space string
log_file_name_convert string
service_names string orcl
SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.5.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
odb1.test.com-PROD1>
永久解决方法:
检查发现1521端口没有在 /etc/sysconfig/iptables列表。假如重启了操作系统,防火墙再次开启,1521端口又会被阻塞。
于是把1521端口加入 /etc/sysconfig/iptables列表,这样1521端口永远不会被阻塞。
[root@rhel ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 1521 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@rhel ~]#
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/24626891/viewspace-2122469/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/24626891/viewspace-2122469/