04-15-2014 05:29 AM - last edited on 04-15-2014 07:43 PM by maikoro
Running HP 11.31 on blade servers. Running a 3 server cluster hosting a oracle database.
I have a db person comlaining that a port is blocked (1583) for client connections thru SQL*PLus (from their desktop). I do find the following but not sure how to "unblock" his connection attempt. Sorry have limited knowledge on ports. This is from server hdr2tst1. Thanks
tcp 0 0 hdr2tst1.1583 *.* LISTEN
tcp 0 0 hdrtdb1v.1583 *.* LISTEN
tcp 0 0 hdr2tst1.57928 hdr2tst1.1583 ESTABLISHED
tcp 0 0 hdr2tst1.1583 hdr2tst1.57928 ESTABLISHED
P.S. This thread has been moved from HP-UX > System Administration to Databases. - HP forum moderator
04-17-2014 04:23 AM
Apparently you posted a part of "netstat" command output. It seems to indicate that there is a program listening on port 1583, and that another program has successfully established a local connection to it. So, I'm assuming that the listener on port 1583 works, unless proven otherwise.
You mentioned SQL*Plus, so I assume this is about a network connection to an Oracle database.
An Oracle database listener is not normally controlled by inetd.sec or tcpwrappers/libwrap, so there are basically three things that might be blocking the connection:
- Configuration settings in the Oracle listener process
- a local IPFilter in the HP-UX operating system on each node
- something in the network between the workstation and the HP-UX server blocking the connection (typically a network firewall).
A database administrator would probably know about 1), so it probably isn't the problem here.
2.) To check for IPFilter, run "ll /etc/opt/ipf". If the directory does not exist or is empty, then IPFilter is not installed and certainly not configured. If IPFilter has been installed but not configured, the directory should contain a sub-directory named "rpc.ipf" and three zero-length files named "ipf.conf", "ipf6.conf" and "ipnat.conf". Since you have a 3-server cluster, you have to check all 3 servers: all of them should be configured the same way.
If "ipf.conf" exists and has a non-zero length, your system may have IPFilter configured for IPv4; respectively "ipf6.conf" for IPv6. In that case, you must read and understand the current IPFilter configuration and then modify it to allow traffic from the DB person's desktop to port 1583 on this server.
If this is the case, you might want to read these:
http://www.phildev.net/ipf/ (IPFilter Frequently Asked Questions)
http://www.hp.com/go/ipfilter -> HP-UX IPFilter Administrator Guide
3.) If there is no IPFilter, the last possible cause is a firewall or something else outside your server blocking the connection. In this case, you will probably have to contact a network administrator at your site and either follow your site's firewall opening procedure (if the network administrator knows that there is a firewall and that it is definitely blocking the connection), or troubleshoot the problem together with the network administrator (if there is no firewall or an existing firewall should already pass this traffic to your cluster).