Network Access Security
1) open sqlnet.ora file and edit :
TCP.VALIDNODE_CHECKING = YES
TCP.EXCLUDED_NODES = (192.168.0.244,192.168.0.34)
#TCP.EXCLUDED_NODES = (172.20.211.25,172.20.210.0/24,192.168.1.0/24) --Full Network
#TCP.INVITED_NODES = (192.168.1.14)
#trace_level_server = support
#trace_directory_server = /tmp
2) lsnrctl restart
3 Access from Client End (From 192.168.0.244 ip):
[oracle@dataguard ~]$ sqlplus system/sys123@auditdb
SQL*Plus: Release 11.2.0.1.0 Production on Tue Jun 18 12:11:10 2013
Copyright (c) 1982, 2009, Oracle. All rights reserved.
ERROR:
ORA-12537: TNS:connection closed
Enter user-name:
source : http://www.solutionbeacon.com/best19.htm
Note :
[oracle@rptsvr ~]$ cat /u01/app/oracle/product/10.2.0/db_1/network/admin/sqlnet.ora
TCP.VALIDNODE_CHECKING = YES
#TCP.EXCLUDED_NODES = (192.168.1.3)
TCP.INVITED_NODES = (192.168.1.12,192.168.1.218)
You cannot specify a range, wildcard, partial IP or subnet mask (ouch!)
TCP.INVITED_NODES takes precedence over the TCP.EXCLUDED_NODES if both lists are present
(although if a range cannot be specified, you will likely only utilize the invited nodes
option).
Troubleshoot :
If the below error is occured ,
TNSLSNR for Linux: Version 10.2.0.1.0 - Production
System parameter file is /u01/app/oracle/product/10.2.0/db_1/network/admin/listener.ora
Log messages written to /u01/app/oracle/product/10.2.0/db_1/network/log/listener.log
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.1.12)(PORT=1521)))
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.12)(PORT=1521)))
TNS-12547: TNS:lost contact
TNS-12560: TNS:protocol adapter error
TNS-00517: Lost contact
Linux Error: 104: Connection reset by peer
Solution :
We need to add localhost entry with the INVITED HOST .
1) open sqlnet.ora file and edit :
TCP.VALIDNODE_CHECKING = YES
TCP.EXCLUDED_NODES = (192.168.0.244,192.168.0.34)
#TCP.EXCLUDED_NODES = (172.20.211.25,172.20.210.0/24,192.168.1.0/24) --Full Network
#TCP.INVITED_NODES = (192.168.1.14)
#trace_level_server = support
#trace_directory_server = /tmp
2) lsnrctl restart
3 Access from Client End (From 192.168.0.244 ip):
[oracle@dataguard ~]$ sqlplus system/sys123@auditdb
SQL*Plus: Release 11.2.0.1.0 Production on Tue Jun 18 12:11:10 2013
Copyright (c) 1982, 2009, Oracle. All rights reserved.
ERROR:
ORA-12537: TNS:connection closed
Enter user-name:
source : http://www.solutionbeacon.com/best19.htm
Note :
[oracle@rptsvr ~]$ cat /u01/app/oracle/product/10.2.0/db_1/network/admin/sqlnet.ora
TCP.VALIDNODE_CHECKING = YES
#TCP.EXCLUDED_NODES = (192.168.1.3)
TCP.INVITED_NODES = (192.168.1.12,192.168.1.218)
TCP.INVITED_NODES : All ip are blocked except those two (12 and 218)
TCP.EXCLUDED_NODES : All ip are accessed except this one (1.3)
You cannot specify a range, wildcard, partial IP or subnet mask (ouch!)
TCP.INVITED_NODES takes precedence over the TCP.EXCLUDED_NODES if both lists are present
(although if a range cannot be specified, you will likely only utilize the invited nodes
option).
Troubleshoot :
If the below error is occured ,
TNSLSNR for Linux: Version 10.2.0.1.0 - Production
System parameter file is /u01/app/oracle/product/10.2.0/db_1/network/admin/listener.ora
Log messages written to /u01/app/oracle/product/10.2.0/db_1/network/log/listener.log
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.1.12)(PORT=1521)))
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.12)(PORT=1521)))
TNS-12547: TNS:lost contact
TNS-12560: TNS:protocol adapter error
TNS-00517: Lost contact
Linux Error: 104: Connection reset by peer
Solution :
We need to add localhost entry with the INVITED HOST .
