Home » RDBMS Server » Networking and Gateways » Access control (Oracle 10.2.0.1.0 - Linux)
Access control [message #397054] Wed, 08 April 2009 13:54 Go to next message
danyromimd
Messages: 73
Registered: August 2008
Member
Hi all!!

I'me trying to avoid access to my Db from a specified IP, so I added the following to my sqlnet.ora file...


# Enable node validation
tcp.validnode_checking = YES

# Prevent these client IP addresses from
# making connections to the Oracle listener.
tcp.excluded_nodes = 111.11.111.11

# Allow these IP addresses to connect.
#tcp.invited_nodes = {list of IP addresses}



... then I restarted the listener. The supposed avoided IP is my own IP, so I tried to connect and I could!

What do you think am I doing wrong??

Thanks in advance!!
Daniela.
Re: Access control [message #397061 is a reply to message #397054] Wed, 08 April 2009 14:13 Go to previous messageGo to next message
Mahesh Rajendran
Messages: 10707
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
Try
tcp.excluded_nodes = (111.11.111.11)

And you are not connecting to a local database server. Right?
Re: Access control [message #397067 is a reply to message #397054] Wed, 08 April 2009 14:42 Go to previous messageGo to next message
BlackSwan
Messages: 26766
Registered: January 2009
Location: SoCal
Senior Member
You need to help us by following the Posting Guidelines as stated below.
http://www.orafaq.com/forum/t/88153/0/
Please, please, please Read & Follow Posting Guidelines above.
Go to the section labeled "Practice" & do as directed.


Please clarify what systems are involved with your environment.
Typically for SQL*Net to be involved at least 2 systems (DB server & client) exist.

Re: Access control [message #397739 is a reply to message #397061] Mon, 13 April 2009 12:11 Go to previous messageGo to next message
danyromimd
Messages: 73
Registered: August 2008
Member
Mahesh Rajendran wrote on Wed, 08 April 2009 16:13
Try
tcp.excluded_nodes = (111.11.111.11)

And you are not connecting to a local database server. Right?


Thanks Mahesh!
I was using PuTty to connect to the server where the Db lives, and I thought it would realize the connection was not from the console itself.
... I tried to connect with a client from my Pc and it worked! ... but only after adding the parenthesis ...

Thank you again!!!
Daniela.

[Updated on: Mon, 13 April 2009 12:46]

Report message to a moderator

Re: Access control [message #397752 is a reply to message #397739] Mon, 13 April 2009 15:14 Go to previous messageGo to next message
danyromimd
Messages: 73
Registered: August 2008
Member
Could you help me?
I do not much understand what's going on...
When I add an IP to the variable "tcp.invited_nodes" (no matter which...) it let's me stop the listener but it doesn't let me start it up again.
The "ps -ax" command shows there's a listener running, as if it had began to start it up but then could not end up the operation. If I comment the line on sqlnet.ora, I have to "kill -9" the running listener and then it starts up normally.

The startup errors are:

[oracle@test log]$ lsnrctl start

LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 13-APR-2009 16:53:59

Copyright (c) 1991, 2005, Oracle. All rights reserved.

Starting /home/oracle/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 10.2.0.1.0 - Production
System parameter file is /home/oracle/network/admin/listener.ora
Log messages written to /home/oracle/network/log/listener.log
Error listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=1.11.1.1)(PORT=1521)))
TNS-12542: TNS:address already in use
TNS-12560: TNS:protocol adapter error
TNS-00512: Address already in use
Linux Error: 98: Address already in use


Thank you!!
Daniela.

PS: About my tecnical info... all I know is I'm working with version 10.2.0.1.0 on a Redhat4 Linux server. How can I find some other info?
Re: Access control [message #397754 is a reply to message #397752] Mon, 13 April 2009 15:20 Go to previous messageGo to next message
Mahesh Rajendran
Messages: 10707
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
Did you try
lsnrctl reload

[Updated on: Mon, 13 April 2009 15:20]

Report message to a moderator

Re: Access control [message #397756 is a reply to message #397754] Mon, 13 April 2009 15:23 Go to previous messageGo to next message
danyromimd
Messages: 73
Registered: August 2008
Member
It said...


[oracle@grisutest log]$ lsnrctl reload

LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 13-APR-2009 17:21:22

Copyright (c) 1991, 2005, Oracle. All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=10.11.12.15)(PORT=1521)))
TNS-12547: TNS:lost contact
TNS-12560: TNS:protocol adapter error
TNS-00517: Lost contact
Linux Error: 104: Connection reset by peer

Re: Access control [message #397769 is a reply to message #397756] Mon, 13 April 2009 16:45 Go to previous messageGo to next message
Mahesh Rajendran
Messages: 10707
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
I Would make sure that the database server's IP is in the correct list.
Re: Access control [message #397891 is a reply to message #397769] Tue, 14 April 2009 07:55 Go to previous message
danyromimd
Messages: 73
Registered: August 2008
Member
Thanks a lot!!!
I've never thought it would need its own IP!!

Thanks again,
Daniela.
Previous Topic: Weird internet connection
Next Topic: parsing tnsnames.ora
Goto Forum:
  


Current Time: Tue Mar 19 05:16:54 CDT 2024