?
Solved

Help with ipchains

Posted on 2003-02-21
3
Medium Priority
?
311 Views
Last Modified: 2013-12-15
I can't seem to get a simple Oracle SQL*Net connecting through my ipchains based firewall.  I must be missing something, but I can't figure out what.

All I want to do is let an Oracle database connection from outside my network through to a 9i database within my network(behind the firewall).  I have tried to be as least restrictive as I possibly can about these two rules.  Here are the two rules I have been trying to get right:

ipchains -A input  -s 0/0 -d 0/0 1521 -b -p tcp -j ACCEPT
ipchains -A output -s 0/0 1521 -d 0/0 -b -p tcp -j ACCEPT


I have tried putting these rules at the top of my rule set, so I don't think its being blocked by another rule.  Thanks for the help.
0
Comment
Question by:barthalamu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 9

Expert Comment

by:majorwoo
ID: 7993433
you will need to forward those ports to the machine with the database on it, or else it wont work

#this will redirect all web conections (port 80) to you intenal server (using the tcp protocal (proto))
ipmasqadm portfw -a -P tcp -L 194.160.1.1 80 -R 10.10.0.2 80

you should look into iptables, it's easier to use, newer and has more options in addition to being more secure

http://majorwoo.dynup.net:1024/pub/rc.firewall

is a nice iptables script with a port forwarding example

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 1521 -j DNAT --to 192.168.2.2:1521
iptables -A FORWARD -p tcp --dport 1521 -i eth1 -j ACCEPT

anythign coming in the interface eth1 (change yours to match) will be forwarded to the machine 192.168.2.2 on port 1521
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 1600 total points
ID: 7993896
ipchains -A forward -s 0/0 -i eth0 -j MASQ
ipchains -A forward -s 0/0 -d 0/0 1521 -b -p tcp -j ACCEPT
# feel free to substitute or remove eth0 as you need
0
 

Author Comment

by:barthalamu
ID: 8054305
Thank you.  Although this was not the problem, it got me thinking along the right track.  It turns out it was a routing problem with that machine.  For some reason the wrong /etc/defaultrouter was defined, so traffic was able to get in, but not out.  Thanks to both of you.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month9 days, 11 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question