Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Help with ipchains

Posted on 2003-02-21
Medium Priority
Last Modified: 2013-12-15
I can't seem to get a simple Oracle SQL*Net connecting through my ipchains based firewall.  I must be missing something, but I can't figure out what.

All I want to do is let an Oracle database connection from outside my network through to a 9i database within my network(behind the firewall).  I have tried to be as least restrictive as I possibly can about these two rules.  Here are the two rules I have been trying to get right:

ipchains -A input  -s 0/0 -d 0/0 1521 -b -p tcp -j ACCEPT
ipchains -A output -s 0/0 1521 -d 0/0 -b -p tcp -j ACCEPT

I have tried putting these rules at the top of my rule set, so I don't think its being blocked by another rule.  Thanks for the help.
Question by:barthalamu

Expert Comment

ID: 7993433
you will need to forward those ports to the machine with the database on it, or else it wont work

#this will redirect all web conections (port 80) to you intenal server (using the tcp protocal (proto))
ipmasqadm portfw -a -P tcp -L 80 -R 80

you should look into iptables, it's easier to use, newer and has more options in addition to being more secure


is a nice iptables script with a port forwarding example

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 1521 -j DNAT --to
iptables -A FORWARD -p tcp --dport 1521 -i eth1 -j ACCEPT

anythign coming in the interface eth1 (change yours to match) will be forwarded to the machine on port 1521
LVL 51

Accepted Solution

ahoffmann earned 1600 total points
ID: 7993896
ipchains -A forward -s 0/0 -i eth0 -j MASQ
ipchains -A forward -s 0/0 -d 0/0 1521 -b -p tcp -j ACCEPT
# feel free to substitute or remove eth0 as you need

Author Comment

ID: 8054305
Thank you.  Although this was not the problem, it got me thinking along the right track.  It turns out it was a routing problem with that machine.  For some reason the wrong /etc/defaultrouter was defined, so traffic was able to get in, but not out.  Thanks to both of you.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month15 days, 4 hours left to enroll

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question