oracle 19c rac环境配置firewalld

rac环境ip地址说明

[root@db1 ~]#    cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.100.19         db1
172.16.100.30         db2
172.16.100.119       db1-vip
172.16.100.130       db2-vip
172.16.100.100       db-scan
100.100.100.19       db1-priv
100.100.100.30       db2-priv

##firewalld配置如下

编辑文件/opt/firewalld.sh

##配置自启动firewalld并启动
systemctl enable firewalld && systemctl start firewalld

##两个主机间全互通(含心跳169.254网段)
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.100.19" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.100.30" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.100.119" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.100.130" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="100.100.100.19" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="100.100.100.30" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="169.254.20.162" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="169.254.22.178" accept'

##堡垒机ssh登录数据库主机配置(22端口放行)
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.30.1.33' port protocol='tcp' port='22' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='212.173.94.15' port protocol='tcp' port='22' accept"

##业务机器可通过1521登录的配置
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.2' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.3' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.9' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.10' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.24' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.22' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.25' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.27' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.26' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.16' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.28' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.23' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.29' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.17' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.13' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.12' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.18' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.14' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.15' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.100.20' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.30.1.18' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.30.3.12' port protocol='tcp' port='1521' accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='10.10.100.5' port protocol='tcp' port='1521' accept"

##配置后
firewall-cmd --reload
firewall-cmd --list-all
systemctl status firewalld
##配置5分钟自动退出firewalld，以防配置故障导致无法登录
sleep 300 && systemctl stop firewalld

# chmod 775 /opt/firewalld.sh

# nohup /opt/firewalld.sh &

附

集群私网连接信息：
set pagesize 199 linesize 199;
select * from gv$cluster_interconnects;

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.mzph.cn/news/21440.shtml

如若内容造成侵权/违法违规/事实不符，请联系多彩编程网进行投诉反馈email:809451989@qq.com，一经查实，立即删除！