Hi all, I have Oracle Server Installed on RHEL on an IBM Server.I want to restrict access to oracle from specific machines on the network.I tried denying access to the SQLNET service by adding an entry into the /etc/hosts.deny file,but it isn't working.Now I don't know how to achieve this.I'll be greatful if anyone on the list helps me out ith this. Regards, SD.
Sneh D wrote:
Hi all, I have Oracle Server Installed on RHEL on an IBM Server.I want to restrict access to oracle from specific machines on the network.I tried denying access to the SQLNET service by adding an entry into the /etc/hosts.deny file,but it isn't working.Now I don't know how to achieve this.I'll be greatful if anyone on the list helps me out ith this.
Sneh, try to block them with iptables. I am not aware about oracle, but I am sure there will be some access control within oracle for this.
Create $ORACLE_HOME/NETWORK/ADMIN/PROTOCOL.ORA
and specify which IP addresses to allow and deny. For example, to allow 192.168.255.1 and deny 192.168.255.2 and 192.168.255.3, add the following lines:
tcp.validnode_checking = YES tcp.invited_nodes = (192.168.255.1) tcp.excluded_nodes = (192.168.255.2, 192.168.255.3)
On 20 Dec 2004 07:07:19 -0000, Sneh D my_linux@rediffmail.com wrote:
Hi all, I have Oracle Server Installed on RHEL on an IBM Server.I want to restrict access to oracle from specific machines on the network.I tried denying access to the SQLNET service by adding an entry into the /etc/hosts.deny file,but it isn't working.Now I don't know how to achieve this.I'll be greatful if anyone on the list helps me out ith this. Regards, SD.
Morning Sneh,
There isn't anyway you can perform blocking of hosts by using host.allow/deny since they are only to be used with applications compiled with/configured with support for tcp_wrappers. Read the xinetd/inetd docs for more info.
As amish suggests your options are to look at iptables or look up the oracle ACL. I am very sure oracle provides a way of doing so. Google dear...!!!
Trevor
===== |------|____________________________________|------| ( >- / Scaling FreeSoftware & OpenSource \ -< ) /~\ / In the Enterprise \ /~\ | ) \ | www.fsf.org | www.opensource.org | / (/ | |_|_ ____________________________________/ _|_|
__________________________________ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo
--- Sneh D my_linux@rediffmail.com wrote:
Hi all, I have Oracle Server Installed on RHEL on an IBM Server.I want to restrict access to oracle from specific machines on the network.I tried denying access to the SQLNET service by adding an entry into the /etc/hosts.deny file,but it isn't working.Now I don't know how to achieve this.I'll be greatful if anyone on the list helps me out ith this. Regards, SD.
your approach should be....
1.you should deny for SQLNET service for all users in host.deny and then in host.allow give access to specific users.
2. make sure this service is under xinetd and if not then host.allow or deny file will not work as you want.
3. if 1 not work and this service is under xinetd.d then open file related to sqlnet service and there in section where disable = no is mentioned there in the list you can specify the directive--- only_from = host/network range.
i hoope this will work otherwise mail if required...
________________________________________________________________________ Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony
-
Amish Munshi -
crisppy f -
Mohd Shihabuddin -
Sneh D -
Trevor Warren