Enabling Access to a Compute Node Port

Not Oracle Cloud Infrastructure This topic does not apply to Oracle Cloud Infrastructure.

For database deployments created in Oracle Cloud Infrastructure Classic, Oracle Database Cloud Service uses access rules to provide secure network access to database deployments. You can use the Oracle Database Cloud Service console to perform network access operations such as enabling and disabling access rules and creating new access rules.

When a database deployment is created, the following access rules are created, but set to a disabled status.

  • ora_p2_dbconsole, which controls access to port 1158, the port used by Enterprise Manager 11g Database Control.

  • ora_p2_dbexpress, which controls access to port 5500, the port used by Enterprise Manager Database Express 12c.

  • ora_p2_dblistener, which controls access to the port used by SQL*Net.

  • ora_p2_http, which controls access to port 80, the port used for HTTP connections.

  • ora_p2_httpssl, which controls access to port 443, the port used for HTTPS connections, including Oracle REST Data Services, Oracle Application Express, and Oracle SQL Developer Web.

To enable access to a compute node port, you enable the appropriate access rule. When you enable one of the predefined access rules, the given port on the compute node is opened to the public internet. To enable access to a different port, or restrict access to a port, you must create an access rule.

Enabling Port Access by Enabling an Automatically Created Access Rule

Not Oracle Cloud Infrastructure This topic does not apply to Oracle Cloud Infrastructure.

You can use the Oracle Database Cloud Service console to enable one of the automatically created access rules:

  1. Open the Access Rules page for the database deployment for which you want to enable an access rule:

    1. Open the Oracle Database Cloud Service console.

      For detailed instructions, see Accessing the Oracle Database Cloud Service Console.

    2. From the Menu icon menu for the database deployment, select Access Rules.

      The Access Rules page is displayed.

  2. Locate the rule you want to enable.

  3. From the Menu icon menu for the located rule, select Enable.

    The Enable Access Rule window is displayed.

  4. Select Enable.

    The Enable Access Rule window closes and the rule is displayed as enabled in the list of rules. The given port on the compute node is opened to the public internet.

Enabling or Restricting Port Access by Creating an Access Rule

Not Oracle Cloud Infrastructure This topic does not apply to Oracle Cloud Infrastructure.

You can create an access rule to enable ports not associated with a predefined rule, or to restrict access to ports to only permit connections from specific IP addresses:

  1. Open the Access Rules page for the database deployment for which you want to create an access rule:

    1. Open the Oracle Database Cloud Service console.

      For detailed instructions, see Accessing the Oracle Database Cloud Service Console.

    2. From the Menu icon menu for the database deployment, select Access Rules.

      The Access Rules page is displayed. For information about the details provided on this page, see Access Rules Page.

  2. Click Create Rule. In the Create Access Rule dialog, enter the following information.

    • Rule Name: Any name to identify this rule. Must start with a letter, followed by letters, numbers, hyphens, or underscores. Cannot start with ora_ or sys_.

    • Description: Any description of your choice (optional).

    • Source: The hosts from which traffic should be allowed. Choices are:

      • DB_1: The ora_db security list for the deployment.

      • PUBLIC-INTERNET: The public-internet Security IP List.

      • custom: A custom list of addresses from which traffic should be allowed. In the field that displays below when you select this option, enter a comma-separated list of the subnets (in CIDR format) or IPv4 addresses for which you want to permit access.

    • Destination: The security list to which traffic should be allowed. The only option is DB_1.

    • Destination Port(s): The port or range of ports you want to open. Specify a single port, such as 5001, or a range of ports separated by a hyphen, such as 5001-5010.

  3. Click Create.

    The Create Access Rule dialog closes and the rule is displayed in the list of rules. New rules are enabled by default.

    Tip:

    If necessary, adjust the number of results displayed on the Access Rules page so you can see the newly created rule.