Home > Developer > Database Administrator

Configure sqlnet. ora to restrict IP Access to Oracle

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

-- ======================================
-- Configure sqlnet. ora to restrict IP Access to Oracle
-- ======================================

Similar to the firewall function, Oracle limits and allows a specific IP address or host name to access the database through Oracle Net. This function is implemented by the sqlnet. ora configuration file. This file is usually under the $ ORACLE_HOME/network/admin/directory, which is in the same path as tnsnames. ora and listener. ora. It is easy to use. By using listeners, lightweight access is more efficient than using triggers inside the database.

1. Implementation Method

Add the following records to the sqlnet. ora file.

Tcp. validnode_checking = yes
Tcp. invited_nodes = (hostname1, hostname2, ip1, ip2)
Tcp. excluded_nodes = (10.103.11.17, hostname1, hostname2)

When invited_nodes is used, all IP addresses or hosts that are not included in the invited_nodes value cannot connect to the database through mongoel Net. If you use

In excluded_nodes, except for the IP addresses listed in the excluded_nodes value and the host cannot be accessed, other nodes can access the database. Generally

Use the excluded_nodes parameter.

2. Notes

Use some features of excluded_nodes and invited_nodes
Wildcards are not supported (for example, hostname cannot be written as svhs0 * and IP address cannot be written as 10.103.11 .*)
Excluded_nodes and invited_nodes are mutually exclusive, either using the former or using the latter
If both tcp. invited_nodes and tcp. excluded_nodes exist, tcp. invited_nodes takes precedence.
Add the local address or the address of other nodes in the Cluster to the allowed list. Otherwise, the listener may fail to start.
After modification, you must restart the listener or reload to take effect, instead of restarting the database.
Only support for TCP/IP protocol

3. Practice drills

--> Use tnsping demo92. The connection is normal.
C: \> tnsping demo92

TNS Ping Utility for 32-bit Windows: Version 11.2.0.1.0-Production on 25-JUN-2011 18:55:39
Copyright (c) 1997,201 0, Oracle. All rights reserved.
Used parameter files:
D: \ app \ Robinson \ Oracle_client \ product \ 11.2.0 \ client_1 \ network \ admin \ sqlnet. ora

Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP) (HOST = 10.103.11.20
9) (PORT = 1521) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = demo92 )))
OK (0 msec)

--> View the configuration file
[Oracle @ test admin] $ more sqlnet. ora
# SQLNET. ORA Network Configuration File:/oracle/92/network/admin/sqlnet. ora
# Generated by Oracle configuration tools.

NAMES. DIRECTORY_PATH = (ONAMES, TNSNAMES, HOSTNAME)

# Added by Robinson
Tcp. validnode_checking = yes
Tcp. excluded_nodes = (10.103.11.17)

--> Reload
[Oracle @ test admin] $ lsnrctl reload listener_demo92

LSNRCTL for Linux: Version 9.2.0.8.0-Production on 26-JUN-2011 10:03:11

Copyright (c) 1991,200 6, Oracle Corporation. All rights reserved.

Connecting to (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP) (HOST = test) (PORT = 1521 )))
The command completed successfully

--> When tnsping again, the TNS-12547 error is received
C: \> tnsping demo92

TNS Ping Utility for 32-bit Windows: Version 11.2.0.1.0-Production on 25-JUN-2011 19:01:21
Copyright (c) 1997,201 0, Oracle. All rights reserved.
Used parameter files:
D: \ app \ Robinson \ Oracle_client \ product \ 11.2.0 \ client_1 \ network \ admin \ sqlnet. ora

Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP) (HOST = 10.103.11.20
9) (PORT = 1521) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = demo92 )))
TNS-12547: TNS: lost contact

--> In the following example, if both excluded_nodes and invited_nodes exist, invited_nodes takes precedence over
[Oracle @ test admin] $ more sqlnet. ora
# SQLNET. ORA Network Configuration File:/oracle/92/network/admin/sqlnet. ora
# Generated by Oracle configuration tools.

NAMES. DIRECTORY_PATH = (ONAMES, TNSNAMES, HOSTNAME)

# Added by Robinson
Tcp. validnode_checking = yes
Tcp. excluded_nodes = (10.103.11.17)
Tcp. invited_nodes = (10.103.11.17)

  • 1
  • 2
  • Next Page

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
sqlnet ora file location configure dns to reverse ip sqlnet ora parameters 11g ora 03114 not connected to oracle solution connect access to oracle how to configure cisco ip phone 7942 how to configure ip address in ubuntu
Related Article
Database Administrator DBA
Alibaba DBA (database administrator) pen question __ Database
Level of DBA (database administrator)
The personality characteristics of the DBA (database administ...
Recover database administrator password, user authorization, ...
Sort common DB2 scripts

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More