firewall troubles
Hi folks,
I've posted a couple of times before but have not solved this yet.
I have a VM host with they hypervisor running. I have one guest OS which was created from the template downloaded from e-delivery for Oracle Enterprise Linux 5 (not the one with a database, just the OS). After I got this guest up and running, I've copied to it the Oracle 10g R2 software and have it patched to January 2011 levels. I just created a database. The listener is running on port 1521 on the guest.
From another machine on the same LAN, I can ssh and sftp to the guest. But, I cannot tnsping the database. I cannot connect to the listener port. If I turn of iptables on the guest, then I CAN successfully connect to the database from another machine on my LAN and I can tnsping the Listener port.
So it's obviously an IPTABLES setting on the OEL5 guest. However, I can't seem to see why port 1521 would be blocked.
Here are two listings, one is a cat of my /etc/sysconfig/iptables file and the other is the output of my iptables --list
[root@oel1 /]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state state NEW -m tcp -p tcp dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@oel1 /]#
[root@oel1 /]# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
[root@oel1 /]#
It looks to me from the rules that all traffic should be allowed via the first entry under the Chain RH-Firewall-1-INPUT which is:
ACCEPT all -- anywhere anywhere
Can someone see why 1521 traffic would be denied?
Thanks in advance.
John S.