-
How do I restrict or allow a few client machines to connect to Server ?
In my setup I want to restrict the use of oracle Database based on ip address.
My DB and OS detalis :
Database Version : 10.2.0.1.0
OS : Linux
Into the sqlnet.ora file,below These parameters enable to configure access control to the database,
TCP.EXCLUDED_NODES=(finance.us.acme.com, mktg.us.acme.com, 144.25.5.25)
TCP.INVITED_NODES=(sales.us.acme.com, hr.us.acme.com, 144.185.5.73)
TCP.VALIDNODE_CHECKING=yes|no
hence this solution is not working at my end...Database is accessed easily by excluded_node.
Can anyone suggest me what so reason behind that...
Thanks....
-
Re: How do I restrict or allow a few client machines to connect to Server ?
please check rights, owner, group of your sqlnet.ora file. It should have the same as those of the listener.ora file. Then restart the tnslsnr process.
-
Re: How do I restrict or allow a few client machines to connect to Server ?
You can use IPsec or the Windows Firewall to do this.
The version of Windows will determine how you do this. More recent versions - eg. Windows Server 2008 and 2008 R2 expose this ability through the Windows Firewall in the control panel.
You'd want to make sure SQL Server is listening on a fixed port number, and then control access to that port by configuring a firewall rule to just allow a specific IP address (or subnet) to connect.
I did a similar thing for a SQL 2000 cluster running on Windows Server 2003. In that case we scripted a whole bunch of IPsec rules to allow only specific machine to be able to connect to the SQL port.
