当前位置: 首页 > news >正文

oracle 19c rac环境配置firewalld

news 2025/7/21 8:30:05

rac环境ip地址说明

[root@db1 ~]#    cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.100.19         db1
172.16.100.30         db2
172.16.100.119       db1-vip
172.16.100.130       db2-vip
172.16.100.100       db-scan
100.100.100.19       db1-priv
100.100.100.30       db2-priv

##firewalld配置如下

编辑文件/opt/firewalld.sh


##配置自启动firewalld并启动
systemctl enable firewalld && systemctl start firewalld

##两个主机间全互通(含心跳169.254网段)
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.100.19" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.100.30" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.100.119" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.100.130" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="100.100.100.19" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="100.100.100.30" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="169.254.20.162" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="169.254.22.178" accept'

##堡垒机ssh登录数据库主机配置(22端口放行)
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.30.1.33' port protocol='tcp' port='22' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='212.173.94.15' port protocol='tcp' port='22' accept"

##业务机器可通过1521登录的配置
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.2' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.3' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.9' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.10' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.24' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.22' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.25' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.27' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.26' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.16' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.28' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.23' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.29' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.17' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.13' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.12' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.18' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.14' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.15' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.20' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.30.1.18' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.30.3.12' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='10.10.100.5' port protocol='tcp' port='1521' accept"

##配置后
firewall-cmd --reload
firewall-cmd --list-all
systemctl status firewalld
##配置5分钟自动退出firewalld,以防配置故障导致无法登录
sleep  300 && systemctl stop firewalld

# chmod 775 /opt/firewalld.sh

# nohup /opt/firewalld.sh &

 集群私网连接信息:
set pagesize 199 linesize 199;
select * from gv$cluster_interconnects;

http://www.lryc.cn/news/104366.html

相关文章:

  • Flutter 之Bloc入门指南实现倒计时功能
  • 目标识别数据集互相转换——xml、txt、json数据格式互转
  • 211. 添加与搜索单词 - 数据结构设计---------------字典树
  • SQL Server通过指令备份数据库和恢复数据库
  • windows如何上架ios应用到app store
  • Hadoop学习日记-YARN组件
  • 汽车过户时,怎么选到理想的好车牌?
  • 力扣468 验证IP地址
  • 前端静态登录页面实现
  • 华为数通HCIA-网络参考模型(TCP/IP)
  • java快速生成数据库表文档(HTML、DOC、MD)
  • Dojo学习和常用知识
  • 媒体查询详解
  • 华为数通HCIP-IGMP(网络组管理协议)
  • 价格管控有哪些有效的方法
  • 【Docker】Docker相关基础命令
  • 掌握Python的X篇_16_list的切片、len和in操作
  • 给定长度值length,把列表切分成每段长度为length的N段列表,Kotlin
  • leetcode每日一题Day2——344. 反转字符串
  • ISP记1
  • 无线蓝牙耳机有什么值得耳机买的?几款值得买的口碑品牌盘点
  • 异步检索在 Elasticsearch 中的理论与实践
  • 了解Unity编辑器之组件篇Physics 2D(十二)
  • [Pytorch]手写数字识别——真·手写!
  • android studio 找不到符号类 Canvas 或者 错误: 程序包java.awt不存在
  • AWS——02篇(AWS之服务存储EFS在Amazon EC2上的挂载——针对EC2进行托管文件存储)
  • FFmpeg 打包mediacodec 编码帧 MPEGTS
  • 软件测试如何推进项目进度?
  • 首次尝试鸿蒙开发!
  • 前端面试题-react