Shulou(Shulou.com)05/31 Report--

This article introduces you how to analyze the RHEL 5 firewall settings, the content is very detailed, interested friends can refer to, hope to be helpful to you.

As we all know, firewall is an important guarantee of computer security, so it is also very important in the setting of RHEL 5 firewall, and it is precisely because it is very important that this important and tedious RHEL 5 firewall setting is described in detail here.

With Oracle installed on RHEL5.2, you are ready to start the Oracle exercise. Since my RHEL is installed on a virtual machine, it is not so convenient to operate in the virtual machine and the response time is slow. Fortunately, the Oracle 10g already has the management interface of Bhand S, so it is easy and fast to operate on the Host of VM! Virtual machine (VM) IP:10.10.10.197, virtual machine host (HOST) IP:10.10.10.198, bridge mode (Bridged) connection. But when I typed the address http://10.10.10.197:1158/em in the browser's address bar, it prompted that "Firefox cannot establish a connection to the 10.10.10.1915 server." But it is very powerful in VM, and Ping 10.10.10.197 is no problem on 10.10.10.198. Start looking for a solution. Enter from [System- > Administration- > Security Level and Firewall]. The RHEL 5 firewall is in the Enabled state. But it is clear that there is WWW (HTTP) service in Trusted Services, why not?

(security and Firewall menu)

(firewall status and settings)

Then look at the service from [System- > Administration- > Server Settings- > Services] and find a service called iptables, which turns out to be a firewall service.

(firewall Services)

If there is a stop, it's the same as Services under Windows, then Stop drops. Refresh the http://10.10.10.197:1158/em on 10.10.10.198. Everything was expected, and the interface came out! It seems that it is still a problem of firewall configuration. After searching the network, you can configure it as follows (see: http://linux.ccidnet.com/art/9513/20070601/1098119_1.html):

1. View the existing configuration of RHEL 5 firewall

[root@RHEL] # iptables-L-n

Chain INPUT (policy ACCEPT)

Target prot opt source destination

RH-Firewall-1-INPUT all--0.0.0.0Universe 00.0.0.0Universe 0

ACCEPT tcp-- 0.0.0.0Universe 00.0.0.0Uniplex 0 tcp dpt:1158

Chain FORWARD (policy ACCEPT)

Target prot opt source destination

RH-Firewall-1-INPUT all--0.0.0.0Universe 00.0.0.0Universe 0

Chain OUTPUT (policy ACCEPT)

Target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)

Target prot opt source destination

ACCEPT all-- 0.0.0.0Universe 00.0.0.0Universe 0

ACCEPT icmp-0.0.0. 0. 0. 0. 0. 0. 0. 0.

ACCEPT esp-- 0.0.0.0Universe 00.0.0.0Universe 0

ACCEPT ah-- 0.0.0.0Universe 00.0.0.0Universe 0

ACCEPT udp-0.0.0.0 udp dpt:5353 0224.0.0.251

ACCEPT udp-- 0.0.0.0Universe 00.0.0.0Uniplex 0 udp dpt:631

ACCEPT tcp-- 0.0.0.0Universe 00.0.0.0Uniplex 0 tcp dpt:631

ACCEPT all-- 0.0.0.0Universe 00.0.0.0Uniplex 0 state RELATED,ESTABLISHED

ACCEPT tcp-- 0.0.0.0Universe 00.0.0.0Uniplex 0 state NEW tcp dpt:21

ACCEPT tcp-- 0.0.0.0Universe 00.0.0.0Uniplex 0 state NEW tcp dpt:22

ACCEPT tcp-- 0.0.0.0Universe 00.0.0.0Uniplex 0 state NEW tcp dpt:443

ACCEPT tcp-- 0.0.0.0Universe 00.0.0.0Uniplex 0 state NEW tcp dpt:23

ACCEPT tcp-- 0.0.0.0Universe 00.0.0.0Uniplex 0 state NEW tcp dpt:80

REJECT all-- 0.0.0.0Universe 00.0.0.0Uniplex 0 reject-with icmp-host-prohibited

two。 Clear RHEL 5 Firewall configuration

[root@RHEL] # iptables-F

[root@RHEL] # iptables-X

[root@RHEL ~] # / etc/rc.d/init.d/iptables save

Saving firewall rules to / etc/sysconfig/iptables: [OK]

[root@RHEL] # iptables-L-n

Chain INPUT (policy ACCEPT)

Target prot opt source destination

Chain FORWARD (policy ACCEPT)

Target prot opt source destination

Chain OUTPUT (policy ACCEPT)

Target prot opt source destination

3. Add RHEL 5 Firewall configuration

Add specific ports to the allow list. For example, 1158 is used by EM, 23 is used by telnet and 1521 is used by Litener.

[root@RHEL] # iptables-An INPUT-p tcp-- dport 1158-j ACCEPT

[root@RHEL] # iptables-An INPUT-p tcp-- dport 23-j ACCEPT

[root@RHEL] # iptables-An INPUT-p tcp-- dport 1521-j ACCEPT

Save the configuration:

[root@RHEL ~] # / etc/rc.d/init.d/iptables save

Saving firewall rules to / etc/sysconfig/iptables: [OK]

Check the current configuration:

[root@RHEL] # iptables-L-n

Chain INPUT (policy ACCEPT)

Target prot opt source destination

ACCEPT tcp-- 0.0.0.0Universe 00.0.0.0Uniplex 0 tcp dpt:1158

ACCEPT tcp-- 0.0.0.0Universe 00.0.0.0Uniplex 0 tcp dpt:23

ACCEPT tcp-- 0.0.0.0Universe 00.0.0.0Uniplex 0 tcp dpt:1521

Chain FORWARD (policy ACCEPT)

Target prot opt source destination

Chain OUTPUT (policy ACCEPT)

Target prot opt source destination

Restart the firewall service:

[root@RHEL ~] # service iptables restart

Flushing firewall rules: [OK]

Setting chains to policy ACCEPT: nat filter [OK]

Unloading iptables modules: [OK]

Applying iptables firewall rules: [OK]

Loading additional iptables modules: ip_conntrack_netbios_n [OK] ntrack_ftp

After this configuration, it is normal to access EM on 10.10.10.198, and it is possible to connect using PL/SQL Developer and so on.

On how to parse the RHEL 5 firewall settings to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.