1.配置sqlnet.ora文件 ($ORACLE_HOME/network/admin)目录下面 添加
- tcp.validnode_checking=yes
- tcp.invited_nodes=(192.168.123.1,192.168.123.123)
tcp.validnode_checking=yes --打开ip检查
tcp.invited_nodes=(ip,ip) 可以连通数据库的ip
这里我们让192.168.123.1,192.168.123.123 这2台ip的主机可以访问数据库。
2.重启监听
- [oracle@test ~]$ lsnrctl
- LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 30-MAR-2011 00:39:39
- Copyright (c) 1991, 2005, Oracle. All rights reserved.
- Welcome to LSNRCTL, type "help" for information.
- LSNRCTL> stop
- Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
- The command completed successfully
- LSNRCTL> start
- Starting /oracle/product/10.2.0/db_1/bin/tnslsnr: please wait...
- TNSLSNR for Linux: Version 10.2.0.1.0 - Production
- Log messages written to /oracle/product/10.2.0/db_1/network/log/listener.log
- Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=test)(PORT=1521)))
- Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
- STATUS of the LISTENER
- ------------------------
- Alias LISTENER
- Version TNSLSNR for Linux: Version 10.2.0.1.0 - Production
- Start Date 30-MAR-2011 00:39:50
- Uptime 0 days 0 hr. 0 min. 0 sec
- Trace Level off
- Security ON: Local OS Authentication
- SNMP OFF
- Listener Log File /oracle/product/10.2.0/db_1/network/log/listener.log
- Listening Endpoints Summary...
- (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=test)(PORT=1521)))
- The listener supports no services
- The command completed successfully
- LSNRCTL>
测试一下主机192.168.123.123 能否连通数据库。
- [root@test ~]# ifconfig -a | grep 'inet addr'
- inet addr:192.168.123.123 Bcast:192.168.123.255 Mask:255.255.255.0
- inet addr:127.0.0.1 Mask:255.0.0.0
- [root@test ~]# su - oracle
- [oracle@test ~]$ tnsping testdb
- TNS Ping Utility for Linux: Version 10.2.0.1.0 - Production on 30-MAR-2011 00:41:54
- Copyright (c) 1997, 2005, Oracle. All rights reserved.
- Used parameter files:
- /oracle/product/10.2.0/db_1/network/admin/sqlnet.ora
- Used TNSNAMES adapter to resolve the alias
- Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.123.123)(PORT = 1521))) (CONNECT_DATA = (SERVICE_NAME = testdb)))
- OK (20 msec)
- [oracle@test ~]$
是可以连数据库的。
3.把192.168.123.123 ip删除后,并重启监听。
- [oracle@test ~]$ tnsping testdb
- TNS Ping Utility for Linux: Version 10.2.0.1.0 - Production on 30-MAR-2011 00:43:22
- Copyright (c) 1997, 2005, Oracle. All rights reserved.
- Used parameter files:
- /oracle/product/10.2.0/db_1/network/admin/sqlnet.ora
- Used TNSNAMES adapter to resolve the alias
- Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.123.123)(PORT = 1521))) (CONNECT_DATA = (SERVICE_NAME = testdb)))
- TNS-12537: TNS:connection closed
- [oracle@test ~]$
这时是不可以连通数据库的。
4. tcp.excluded_nodes=(ip1,ip2) 作用是限制这些ip访问。
- [oracle@test admin]$ cat sqlnet.ora
- tcp.validnode_checking=yes
- tcp.excluded_nodes=(192.168.123.123)
现在192.168.123.123.主机无法连通数据库了。
- [oracle@test ~]$ tnsping testdb
- TNS Ping Utility for Linux: Version 10.2.0.1.0 - Production on 30-MAR-2011 00:48:11
- Copyright (c) 1997, 2005, Oracle. All rights reserved.
- Used parameter files:
- /oracle/product/10.2.0/db_1/network/admin/sqlnet.ora
- Used TNSNAMES adapter to resolve the alias
- Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.123.123)(PORT = 1521))) (CONNECT_DATA = (SERVICE_NAME = testdb)))
- TNS-12537: TNS:connection closed
注:1 tcp.invited_nodes和tcp.excluded_nodes都存在是以tcp.invited_nodes 为主。
2.每次修改后要重启监听
3.数据库主机的ip不要忘记加入 tcp.invited_nodes中
阅读(5892) | 评论(0) | 转发(0) |