本次演示是在linux防火墙开启的状态,开放端口(本次演示开启1521端口)
查看防火墙策略:
[root@localhost ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
开放1521端口:
[root@localhost~]# iptables -A INPUT -p tcp --dport 1521 -j ACCEPT
重启防火墙及保存更改
[root@localhost~]# service iptables restart
[root@localhost~]# /etc/rc.d/init.d/iptables save
查看防火墙策略:
[root@localhost~]# vi /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on SatNov 21 14:11:30 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5:556]
-A INPUT -m state --stateRELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp--dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-withicmp-host-prohibited
-A INPUT -p tcp -m tcp--dport 1521 -j ACCEPT
-A FORWARD -j REJECT --reject-withicmp-host-prohibited
COMMIT
# Completed on Sat Nov 21 14:11:30 2015
注:在上面的文件中,需要修改一下顺序,因为 INPUT -j REJECT是除了以上的规则,都拒绝的,所以要把 -A INPUT -p tcp -m tcp --dport 1521 -j ACCEPT 放置在INPUT -j REJECT的上面,使之规则有效,如下:
# Generated by iptables-save v1.4.7 on SatNov 21 14:11:30 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5:556]
-A INPUT -m state --stateRELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp--dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp--dport 1521 -j ACCEPT
-A INPUT -j REJECT --reject-withicmp-host-prohibited
-A FORWARD -j REJECT --reject-withicmp-host-prohibited
COMMIT
# Completed on Sat Nov 21 14:11:30 2015
在另一台linux服务器telnet,测试一下端口情况,没问题
[root@rac1 oracle]# telnet 192.168.103.110 1521
Trying 192.168.103.110...
Connected to 192.168.103.110.
Escape character is '^]'.