Open Ports on the DB System
You can open ports on the DB systems using the following steps.
Open the following ports as needed on the DB system:
- 6200 - For Oracle Notification Service (ONS).
- 1158 - For Enterprise Manager Database Control. 1158 is the default port, but each additional console enabled on the DB system will have a different port. If you're not sure which port to open for a particular console, see Monitor a Database with Enterprise Manager Database Control.
For important information about critical firewall rules, see essential firewall rules in Security Rules for the DB System.
Procedure
- SSH to the DB System.
ssh -i <private_key_path> opc@<db_system_ip_address>
- Log in as opc and then sudo to the root user.
login as: opc sudo su -
- Save a copy of iptables as a backup.
iptables-save > /tmp/iptables.orig
(If necessary, you can restore the original file by using the command
iptables-restore < /tmp/iptables.orig
.) - Dynamically add a rule to iptables to allow inbound traffic on the console port, as shown in the following sample. Change the port number and comment as needed.
iptables -I INPUT 8 -p tcp -m state --state NEW -m tcp --dport 1158 -j ACCEPT -m comment --comment "Required for Enterprise Manager Database Control."
- Make sure the rule was added.
service iptables status
- Save the updated file to
/etc/sysconfig/iptables
./sbin/service iptables save
The change takes effect immediately and will remain in effect when the node is rebooted.
- Update the DB system's security list as described in Update the Security List for the DB System.