Summary of Oracle listener connection

Summary of Oracle listener problems:

1) Oracle listeners cannot be started normally after the system is shut down and restarted abnormally. You can manually modify the settings and use static registration listening:
For example:
# Listener. ora Network Configuration File:/var/local/u01/app/oracle/product/11.2.0/db_1/network/admin/listener. ora
# Generated by Oracle configuration tools.
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME =/home/u01/app/oracle/product/11.2.0/dbhome_2)
(PROGRAM = extproc)
)
The following content is added:
(SID_DESC =
(GOLBAL_DBNAME = orcl)
(ORACLE_HOME =/home/u01/app/oracle/product/11.2.0/dbhome_2)
(SID_NAME = orcl)
)
)
The above is the added content

LISTENER =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP) (HOST = 127.0.0.1) (PORT = 1521 ))
)

2) ora-3136
How to modify the inbound_connect_timeout parameter of listener

Method 1:
LSNRCTL> show inbound_connect_timeout

Connecting to (ADDRESS = (PROTOCOL = tcp) (HOST =) (PORT = 1521 ))
LISTENER parameter "inbound_connect_timeout" set to 60
The command completed successfully

LSNRCTL> set inbound_connect_timeout 0
Connecting to (ADDRESS = (PROTOCOL = tcp) (HOST =) (PORT = 1521 ))
LISTENER parameter "inbound_connect_timeout" set to 0
The command completed successfully

LSNRCTL> show inbound_connect_timeout
Connecting to (ADDRESS = (PROTOCOL = tcp) (HOST =) (PORT = 1521 ))
LISTENER parameter "inbound_connect_timeout" set to 0
The command completed successfully

LSNRCTL> set save_config_on_stop on # indicates that the modification of the parameter takes effect permanently. Otherwise, the modification takes effect temporarily and is restored to the original value after the listener is restarted next time.

Method 2:
Modify the listener. ora file and add: INBOUND_CONNECT_TIMEOUT_LISTENER_NAME = 0.

3) For database security, we can not only restrict the ip addresses that remotely log on to the operating system, but also restrict the ip addresses that connect to the database server through monitoring.
Add the following configuration in sqlnet. ora [helper house http://www.bkjia.com]
Tcp. validnode_checking = yes
Tcp. invited_nodes = (192.168.1.102, 192.168.1.222, 192.168.1.0/24) # indicates that only the addresses of 192.168.1.102, 192.168.1.222, 192.168.1.0, and 24 CIDR blocks can be connected to the database through a listener.
The following error will be reported when other addresses are connected.
ERROR:
ORA-12537: TNS: Connection closed

4) do not connect to the database through operating system authentication (sqlplus/as sysdba)
Add the following content to sqlnet. ora:
SQLNET. AUTHENTICATION_SERVICES = NONE
Or SQLNET. AUTHENTICATION_SERVICES = (CNT)
At this time using sqlplus/as sysdba login, The ORA-01031 will be reported: insufficient permission Error

5) My online security listening service configuration file is as follows:
-- Cat sqlnet. ora
# Sqlnet. ora Network Configuration File:/home/faxc/app/faxc/product/11.2.0/dbhome_1/network/admin/sqlnet. ora
# Generated by Oracle configuration tools.
SQLNET. INBOUND_CONNECT_TIMEOUT = 0
SQLNET. RECV_TIMEOUT = 30
SQLNET. SEND_TIMEOUT = 30
DIAG_ADR_ENABLED = OFF
NAMES. DIRECTORY_PATH = (TNSNAMES, EZCONNECT)
Tcp. validnode_checking = yes
Tcp. invited_nodes = (192.168.1.102, 192.168.1.222, 192.168.1.0/24)
ADR_BASE =/home/faxc/app/faxc

-- Cat listener. ora
# Listener. ora Network Configuration File:/home/faxc/app/faxc/product/11.2.0/dbhome_1/network/admin/listener. ora
# Generated by Oracle configuration tools.

SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME =/home/faxc/app/faxc/product/11.2.0/dbhome_1)
(PROGRAM = extproc)
)
(SID_DESC =
(GOLBAL_DBNAME = orcl)
(ORACLE_HOME =/home/faxc/app/faxc/product/11.2.0/dbhome_1)
(SID_NAME = orcl)
)
)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP) (HOST = 192.168.1.222) (PORT = 1521 ))
)
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC) (KEY = EXTPROC ))
)
)
)

ADR_BASE_LISTENER =/home/faxc/app/faxc

-- Cat tnsnames. ora
ORCL =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP) (HOST = 192.168.1.222) (PORT = 1521 ))
)
(CONNECT_DATA =
(SERVICE_NAME = orcl)
)
)
200 =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP) (HOST = 192.168.1.200) (PORT = 1521 ))
)
(CONNECT_DATA =
(SERVICE_NAME = orcl)
)
)

6) if allowed, you can use iptables to disable External access through port 1521. You only need to access the local machine through port 1521.

-A RH-Firewall-1-INPUT-s 127.0.0.1-p tcp-m state -- state NEW-m tcp -- dport 1521-j ACCEPT # Only allow access from the local machine through port 1521
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport 1521-j ACCEPT # Allow access from the Internet and the local machine through port 1521.