- Opening port 80 on Oracle Cloud Infrastructure Compute node [closed]
- 7 Answers 7
- Permitting Access for Oracle Database Ports in Oracle Compute Cloud Service Instances
- Context
- What Do You Need?
- Creating Security Lists
- Creating Security Rules
- Adding Instances to the Security Lists
- Want to Learn More?
- Linux open oracle port
Opening port 80 on Oracle Cloud Infrastructure Compute node [closed]
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This is an elementary question however one I cannot seem to resolve by perusing the Oracle Cloud Infrastructure documentation. I’ve created an Ubuntu-based compute node, and it’s attached to a subnet. In that subnet I’ve created a stateful rule with source 0.0.0.0/0, IP protocol: TCP, Source Port Range: All, Destination Port Range: 80. There is no firewall configured on the server. Despite this configuration I can’t access the compute node’s public IP. Any ideas?
7 Answers 7
I figured it out. The connectivity issue was due to Oracle’s default use of iptables on all Oracle-provided images. Literally the very first thing I did when spinning up this instance was check ufw , presuming there were a few firewall restrictions in place. The ufw status was inactive, so I concluded the firewall was locally wide open. Because to my understanding both ufw and iptables look at the netfilter kernel firewall, and because ufw is the de facto (standard?) firewall solution on Ubuntu, I’ve no idea why they concluded it made sense to use iptables in this fashion. Maybe just to standardize across all images?
I learned about the rules by running:
Then I saved the rules to a file so I could add the relevant ones back later:
$ sudo iptables-save > ~/iptables-rules Then I ran these rules to effectively disable iptables by allowing all traffic through:
$ iptables -P INPUT ACCEPT $ iptables -P OUTPUT ACCEPT $ iptables -P FORWARD ACCEPT $ iptables -F To clear all iptables rules at once, run this command:
Anyway, hope this helps somebody else out because documentation on the matter is non-existent.
Permitting Access for Oracle Database Ports in Oracle Compute Cloud Service Instances
To access the Oracle Database that is set up on the Linux VM in Oracle Compute Cloud Service as part of a PeopleSoft full tier or database tier deployment, you need to set up the network security to open the Oracle Database ports on the Linux VM in Oracle Compute Cloud Service.
Context
This tutorial is part of the following set of tutorial, which describe how to migrate a PeopleSoft environment to Oracle Compute Cloud Service:
- Generating SSH Key Pair for Oracle Compute Cloud Service Instances
- Using PeopleSoft Update Images in Oracle Compute Cloud Service
- Migrating PeopleSoft Applications to Oracle Compute Cloud Service
- Permitting Access for the Samba Shared Drive in Oracle Compute Cloud Service Instances
- Permitting Access for Oracle Database Ports in Oracle Compute Cloud Service Instances
- Accessing the Samba Shared Drive from a Microsoft Windows VM for PeopleTools Client Deployment
- Deploying PeopleTools Clients for PeopleSoft Update Manager on a Microsoft Windows Host or VM
What Do You Need?
- A subscription to Oracle Compute Cloud Service is mandatory and you must be a user with the Compute_Operations and Storage Read Write Group roles.
- A Linux VM instance created in Oracle Compute Cloud Service (Oracle Cloud) with an Oracle database deployed
- The port number from the TNS entry or psfconfig.yaml file for the Oracle Database, either 1521 or 1522
- A Microsoft Windows VM instance created in Oracle Cloud or a Microsoft Windows host or VM on-premises (that is, at your site). The Microsoft Windows VM will access the Oracle database in the Linux VM on Oracle Compute Cloud Service.
Creating Security Lists
- Sign in to Oracle Cloud My Services.
Select the identity domain where you have created your Linux VM for the PeopleSoft full-tier or db-tier deployment with an Oracle Database and Microsoft Windows VM in Oracle Compute Cloud Service, and enter your Oracle Cloud user name and password. - Select Oracle Compute Cloud Services, Open Services.
- Click the Network tab:
- Select the Security Applications tile:
- Click Create Security Applications:
- Enter the information on the Create Security Application page for Port 1521 or 1522 (as specified in the TNS entry for the Oracle Database), and then click the Create button:
- Name: Enter a descriptive name, such as psftuser_sec_app_1521
- Port Type: Select tcp.
- Port Range Start: Enter 1521 or 1522
- Select the Security IP Lists tile:
- Click Create Security IP List:
- Enter the following information on the Create Security IP List page, and then click the Create button:
- Name: Enter a descriptive name, sch as psftuser_sec_ip_list_windows.
- IP List: Enter IP address for the Microsoft Windows host or VM from which you want to access the Oracle database.
If your Microsoft Windows VM is in Oracle Compute Cloud Service, enter the Microsoft Windows VM instance Private IP address.
If your Microsoft Windows VM is on premises, enter the Microsoft Windows VM Public IP address.
- On the Security Lists page, click Create Security List:
- Enter the following information for port 1521 or 1522 on the Create Security List page, and then click the Create button:
- Name: Enter a descriptive name, sch as psftuser_sec_list_1521.
- Inbound Policy: Select Permit (allow packets) from the drop-down list.
- Outbound Policy: Select Permit (allow packets) from the drop-down list.
Creating Security Rules
- On the Oracle Compute Cloud Service console, Network page, select the Security Rules tile:
- Click Create Security Rule:
- Enter the following information for Port 1521 or 1522 on the Create Security Role page, and then click the Create button:
- Name: Enter a descriptive name, for example psftuser_sec_rule_1521.
- Security Application: From the drop-down list, choose the application you created in the previous section, for example psftuser_sec_app_1521.
- Source: Select the Security IP List radio button, and choose the one that you created for your Microsoft Windows Client Private IP Address, for example psftuser_sec_ip_list_windows.
- Destination: Choose the Security List that you created in the previous section for port 139, for example psftuser_sec_ip_1521.
Adding Instances to the Security Lists
- On the Oracle Compute Cloud Service console, select the Instances tile.
- From the Instances list, click the options button for the Linux VM instance created for the PeopleSoft full-tier or db-tier deployment:
- On the page for the Linux VM instance, click Add to Security List:
- Choose the security list created for Port 1521, for example psftuser_sec_list_1521, and then click Attach:
- If your Microsoft Windows VM, which needs to access the Oracle database, is in Oracle Compute Cloud Service, proceed with this step and the next 2 steps.
From the Instances list, click the options button for the Microsoft Windows VM instance created for the PeopleSoft PeopleTools Client deployment.
Want to Learn More?
Linux open oracle port
A default Oracle Linux install has the firewall enabled (iptables on). In order to use Oracle VM Manager on a system with iptables enabled you can either open all the ports used by Oracle VM Manager, or open all ports by disabling iptables.
The ports required for the web browser connection to Oracle VM Manager are: 7001, 7002 and 15901. The ports used by the Oracle VM Servers to connect to Oracle VM Manager are: 7001, 7002 and 54321. Oracle VM Manager, in turn, connects to the Oracle VM Servers through port 8899 for Oracle VM Agent communication, and port 6900 and up for secure VNC tunneling to virtual machines (one port per VM). Be sure to open the necessary ports on the different firewalls that may be installed between different parts of your network. Follow the guidelines of in the diagram below:
To disable iptables and open all ports, enter the following commands as the root user:
# service iptables stop # chkconfig iptables off
Alternatively, open the required ports by using the iptables command as the root user:
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 7001 -j ACCEPT # iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 7002 -j ACCEPT # iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 15901 -j ACCEPT # iptables -A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT
To remotely connect to the Oracle VM Manager core API, also enter the following command:
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 54321 -j ACCEPT
When all the ports have been opened, save the iptables configuration:
This does not require iptables to be restarted as the commands open the ports while iptables is running and the save ensures they are opened on reboot/restart in future.
To configure the firewall to open the required ports automatically, use the environment configuration script provided with the Oracle VM Manager installer. See Section 3.3.2.4, “Environment Configuration Script” for information on using this script.
Copyright © 2011, 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices