hi list ! many thx for your help it´s very nice from you all i have os = suse7.1 eth0 = internet 195.112 eth1 = internal 10.1.1.0/24 db-host = 10.1.1.10 firewall = ipchains i have following problems : i conf. a firewall who forward the 1521 port to the db-host the database regonized the client connect and opens a port
1024 on the same port that the client call to the database ! but the oracle client get a ora-12560 protocol adapter error
what shuld i do ? to work this configuration ? see log file: Oct 16 17:53:38 vpn kernel: Packet log: input ACCEPT eth1 PROTO=6 10.1.1.10:1521 client_ip:1470 L=40 S=0x00 I=1251 F=0x4000 T=128 (#9) Oct 16 17:53:38 vpn kernel: Packet log: input ACCEPT eth0 PROTO=6 194.112.213.69:1470 fw_ip:1521 L=40 S=0x00 I=2637 F=0x4000 T=128 (#23) Oct 16 17:53:38 vpn kernel: Packet log: input ACCEPT eth0 PROTO=6 194.112.213.69:1470 fw_ip:1521 L=40 S=0x00 I=2638 F=0x4000 T=128 (#23) Oct 16 17:53:38 vpn kernel: Packet log: input ACCEPT eth1 PROTO=6 10.1.1.10:1521 client_ip:1470 L=40 S=0x00 I=1507 F=0x4000 T=128 (#9) my rule set vpn:/etc/rc.config.d # cat /etc/rc.config.d/firewall.rc.config FW_DEV_WORLD="eth0" FW_DEV_INT="eth1" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="10.1.1.0/24" FW_MASQ_DEV="$FW_DEV_WORLD" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_GLOBAL_SERVICES="yes" FW_SERVICES_EXTERNAL_TCP="ssh" FW_SERVICES_EXTERNAL_UDP="" FW_SERVICES_EXTERNAL_IP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INTERNAL_TCP="ssh" FW_SERVICES_INTERNAL_UDP="" FW_SERVICES_INTERNAL_IP="" #Hier die Ip addressen eintragen FW_TRUSTED_NETS="10.1.1.0/24 194.112.xxx.xxx 62.52.xxx.xxx" # FW_SERVICES_TRUSTED_TCP="ssh 1:65000" FW_SERVICES_TRUSTED_UDP="" FW_SERVICES_TRUSTED_IP="" FW_SERVICES_TRUSTED_ACL="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SAMBA="no" FW_FORWARD_TCP="" FW_FORWARD_UDP="" FW_FORWARD_IP="" FW_FORWARD_MASQ_TCP="194.112.xxx.x/24,10.1.1.10,1521" FW_FORWARD_MASQ_UDP="" FW_REDIRECT_TCP="" FW_REDIRECT_UDP="" FW_LOG_DENY_CRIT="yes" FW_LOG_DENY_ALL="yes" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="yes" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="yes" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_MASQ_MODULES="autofw cuseeme ftp irc mfw portfw quake raudio user vdolive" #FW_CUSTOMRULES="/etc/rc.config.d/firewall-custom.rc.config" vpn:/etc/rc.config.d #