iptables configuration with 3 NIC
Hi all, i am very new to this iptables thing.
I have an oracle rac server running on RHEL 5.2 having 3 NICs(eth0,eth1,eth2), and i have to configure iptables on that. Actually it is a cluster having 2 machines and both are identical in every sense, the eth0 of both are connected via cross-cable, so i want no other traffic on eth0, the other 2 interfaces are for access from LAN and no internet connectivity is allowed to this server. The only port to be allowed for incoming connection is tcp port 1521, which is used by Oracle listener. I want some specific LAN IP-Addresses to be bound on both the Interfaces (eth1,eth2), lets say IP Addresses like 10.10.2.12 should be allowed only on eth1 and port tcp 1521 and all other should be dropped on this interface, IP Addresses like 172.16.100.11 should be allowed only on eth2. Remember that eth0 interfaces of both machines have IP Address 192.168.11.10 and 192.168.11.11 respectively and they are connected directly with a cross cable. I have tried making some simple configurations like Code:
*filter |
Hi,
You will need to start out by determining all the traffic that Oracle RAC requires, including between nodes. You will also need to determine the roles for each interface, eg. cluster heartbeat, management, public data. Once you have all this info then the rules will be easier to create, here is a base config I usually start with: Code:
*filter HTH |
@kbp
cluster heartbeat(CS4/RAC) on eth1, AppTier Network is set on eth2, i think these 2 things are enough for setting up iptables, the main port which the applications/users will use is 1521.
Can u be more specific about the rules? |
Based on your information, maybe something like this ?:
Code:
*filter Allow inbound ssh connections on the mgmt interface (eth0) Allow unrestricted access from the other node on eth1 (10.10.2.12) Allow inbound connections to Oracle on any interface (port 1521) Please ensure that RAC is fully functioning before you start locking it down, if you aren't sure of the required ports try running tcpdump for a while or reading the Oracle RAC/Clusterware doco cheers, kbp |
All times are GMT -5. The time now is 01:52 PM. |