防火牆在RAC上的配置
RAC兩臺伺服器的/etc/hosts都是如下
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.130.200 hdba hdba
192.168.130.201 hdbb hdbb hdbb
192.168.130.136 hdb-cluster-scan hdb-cluster-scan
192.168.130.137 hdba-vip hdba-vip
192.168.130.138 hdbb-vip hdbb-vip
192.168.148.200 hdba-priv hdba-priv
192.168.148.201 hdbb-priv hdbb-priv
192.168.130.208 hdg hdg
A例項伺服器的ip資訊
[root@hdba ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 5C:B9:01:99:3A:84
inet addr:192.168.148.200 Bcast:192.168.148.255 Mask:255.255.255.0
inet6 addr: fe80::5eb9:1ff:fe99:3a84/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2783160300 errors:0 dropped:0 overruns:0 frame:0
TX packets:2925124606 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2205601483366 (2.0 TiB) TX bytes:2420649621403 (2.2 TiB)
eth0:1 Link encap:Ethernet HWaddr 5C:B9:01:99:3A:84
inet addr:169.254.221.245 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth1 Link encap:Ethernet HWaddr 5C:B9:01:99:3A:85
inet addr:192.168.130.200 Bcast:192.168.130.255 Mask:255.255.255.0
inet6 addr: fe80::5eb9:1ff:fe99:3a85/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7365390091 errors:0 dropped:0 overruns:0 frame:0
TX packets:8297092138 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2046603688342 (1.8 TiB) TX bytes:6835745161060 (6.2 TiB)
eth1:2 Link encap:Ethernet HWaddr 5C:B9:01:99:3A:85
inet addr:192.168.130.137 Bcast:192.168.130.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
B例項伺服器的ip資訊
[root@hdbb ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 5C:B9:01:99:38:24
inet addr:192.168.148.201 Bcast:192.168.148.255 Mask:255.255.255.0
inet6 addr: fe80::5eb9:1ff:fe99:3824/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2925138277 errors:0 dropped:0 overruns:0 frame:0
TX packets:2783173132 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2420675528287 (2.2 TiB) TX bytes:2205594234468 (2.0 TiB)
eth0:1 Link encap:Ethernet HWaddr 5C:B9:01:99:38:24
inet addr:169.254.205.69 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth1 Link encap:Ethernet HWaddr 5C:B9:01:99:38:25
inet addr:192.168.130.201 Bcast:192.168.130.255 Mask:255.255.255.0
inet6 addr: fe80::5eb9:1ff:fe99:3825/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6957519128 errors:0 dropped:0 overruns:0 frame:0
TX packets:8365702494 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2024616025362 (1.8 TiB) TX bytes:7204587376017 (6.5 TiB)
eth1:1 Link encap:Ethernet HWaddr 5C:B9:01:99:38:25
inet addr:192.168.130.138 Bcast:192.168.130.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
兩臺伺服器的防火牆配置都一樣,配置檔案/etc/sysconfig/iptables內容如下
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
#來自心跳網路卡的資料都放行
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i eth0:1 -j ACCEPT
#vip和scan ip放行
#本來A例項的vip去訪問B例項,在B例項防火牆新增A例項的vip,為了使兩臺伺服器的防火牆配置一樣,就把A例項和B例項的vip都放行
-A INPUT -i eth0 -s 192.168.130.200/32 -j ACCEPT
-A INPUT -i eth0 -s 192.168.130.201/32 -j ACCEPT
-A INPUT -i eth0 -s 192.168.130.137/32 -j ACCEPT
-A INPUT -i eth0 -s 192.168.130.138/32 -j ACCEPT
-A INPUT
-i eth0
-s 192.168.130.136/32 -j ACCEPT
-A INPUT
-i eth0
-s 192.168.200.11/32 -j ACCEPT
#信任IP列表,/24表示整個網段都開放,/32表示只開放這個IP
-A INPUT -s 10.10.23.0/24 -p tcp -m state --state NEW -m tcp --dport 1521 -j ACCEPT
-A INPUT -s 172.31.210.0/24 -p tcp -m state --state NEW -m tcp --dport 1521 -j ACCEPT
-A INPUT -s 192.168.74.0/24 -p tcp -m state --state NEW -m tcp --dport 1521 -j ACCEPT
-A INPUT -s 192.168.128.137/32 -p tcp -m state --state NEW -m tcp --dport 1521 -j ACCEPT
#對全部網段開放1521埠
-A INPUT -p tcp --dport 1521 -j ACCEPT
#下面兩行要放到最後,如果 放在前面會創成加入的放行不生效!
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/25469263/viewspace-2642747/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- 在 Ubuntu 中用 UFW 配置防火牆Ubuntu防火牆
- 在Linux中,如何配置防火牆?Linux防火牆
- pfSense——跑在 Vmware 上的防火牆防火牆
- 在Ubuntu上配置SSH訪問並關閉防火牆Ubuntu防火牆
- 防火牆配置防火牆
- Linux配置防火牆Linux防火牆
- REHL8.1上配置路由的nftables防火牆策略路由防火牆
- 如何在 CentOS 8 上配置和管理防火牆CentOS防火牆
- Linux 防火牆配置使用Linux防火牆
- linux中的firewalld防火牆配置Linux防火牆
- 在Linux中,如何配置防火牆和安全規則?Linux防火牆
- Centos6防火牆基本配置CentOS防火牆
- waf 應用防火牆部署配置防火牆
- 防火牆基礎Firewalld命令配置防火牆
- linux防火牆使用以及配置Linux防火牆
- eNSP防火牆web介面裡的DNS配置防火牆WebDNS
- linux apf 防火牆安裝與配置Linux防火牆
- 配置ModSecurity防火牆與OWASP規則防火牆
- CentOS 7 以上防火牆簡單配置CentOS防火牆
- WAb防火牆與傳統防火牆防火牆
- 防火牆防火牆
- 節點 B 上的 Windows 防火牆未正確配置為故障轉移群集Windows防火牆
- Docker 埠對映防火牆規則配置Docker防火牆
- windows/Linux 防火牆安裝配置規則WindowsLinux防火牆
- iptables配置-Linux系統安全防火牆Linux防火牆
- 防火牆的分類防火牆
- 如何配置MTS以穿越防火牆連線oracle防火牆Oracle
- Linux 防火牆配置(iptables和firewalld)詳細教程。Linux防火牆
- 雲伺服器埠和防火牆埠配置伺服器防火牆
- SNAT、DNAT策略相關與防火牆配置解析防火牆
- 防火牆入侵於檢測——————3、思科 PIX 防火牆和 ASA 防火牆產品線防火牆
- iptables防火牆防火牆
- 防火牆iptables防火牆
- 防火牆(firewall)防火牆
- 在vmware esxi上安裝panabit實現連線管控(防火牆)的注意點防火牆
- 什麼是防火牆?防火牆能發揮什麼樣的作用?防火牆
- 在Linux中,如何設定防火牆規則?Linux防火牆
- 計算機網路之防火牆和Wlan配置計算機網路防火牆