Oracle关于监听器连接方面的总结

Oracle监听器的各种问题总结：1）系统断电异常重启后导致Oracle的监听无法正常启动，此时可以通过手动修改一下，使用静态注册监听

Oracle监听器的各种问题总结：

1）系统断电异常重启后导致Oracle的监听无法正常启动，此时可以通过手动修改一下，使用静态注册监听：
如：
# listener.ora Network Configuration File: /var/local/u01/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
# Generated by Oracle configuration tools.
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = /home/u01/app/oracle/product/11.2.0/dbhome_2)
(PROGRAM = extproc)
)
以下为增加的内容
(SID_DESC =
(GOLBAL_DBNAME = orcl)
(ORACLE_HOME = /home/u01/app/oracle/product/11.2.0/dbhome_2)
(SID_NAME = orcl)
)
)
以上为增加的内容

LISTENER =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.1)(PORT = 1521))
)

2）ora-3136
修改listener的inbound_connect_timeout参数的方法

方法一：
LSNRCTL> show inbound_connect_timeout

Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
LISTENER parameter "inbound_connect_timeout" set to 60
The command completed successfully

LSNRCTL> set inbound_connect_timeout 0
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
LISTENER parameter "inbound_connect_timeout" set to 0
The command completed successfully

LSNRCTL> show inbound_connect_timeout
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
LISTENER parameter "inbound_connect_timeout" set to 0
The command completed successfully

LSNRCTL> set save_config_on_stop on #表示修改参数永久生效，否则只是临时生效，下次重启监听又还原为原来的值了

方法二：
修改listener.ora文件，加入: INBOUND_CONNECT_TIMEOUT_LISTENER_NAME=0

3）为了数据库的安全，，我们不仅可以限制远程登陆操作系统的ip，也可以限制通过监听连接数据库服务器的ip
在sqlnet.ora中增加如下配置 【Linux公社 】
tcp.validnode_checking = yes
tcp.invited_nodes = (192.168.1.102,192.168.1.222,192.168.1.0/24) #表示只允许192.168.1.102和192.168.1.222以及192.168.1.0、24网段的地址通过监听连接数据库
别的地址连接就会报如下错误
ERROR:
ORA-12537: TNS: 连接关闭

4）禁止通过操作系统认证连接数据库（sqlplus / as sysdba）
在sqlnet.ora中加入如下内容：
SQLNET.AUTHENTICATION_SERVICES=NONE
或者SQLNET.AUTHENTICATION_SERVICES=(NTS)
此时使用sqlplus / as sysdba登录，就会报 ORA-01031: 权限不足错误

5）本人线上安全的监听服务配置文件如下：
--cat sqlnet.ora
# sqlnet.ora Network Configuration File: /home/faxc/app/faxc/product/11.2.0/dbhome_1/network/admin/sqlnet.ora
# Generated by Oracle configuration tools.
SQLNET.INBOUND_CONNECT_TIMEOUT = 0
SQLNET.RECV_TIMEOUT = 30
SQLNET.SEND_TIMEOUT = 30
DIAG_ADR_ENABLED = OFF
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
tcp.validnode_checking = yes
tcp.invited_nodes = (192.168.1.102,192.168.1.222,192.168.1.0/24)
ADR_BASE = /home/faxc/app/faxc

--cat listener.ora
# listener.ora Network Configuration File: /home/faxc/app/faxc/product/11.2.0/dbhome_1/network/admin/listener.ora
# Generated by Oracle configuration tools.

SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = /home/faxc/app/faxc/product/11.2.0/dbhome_1)
(PROGRAM = extproc)
)
(SID_DESC =
(GOLBAL_DBNAME = orcl)
(ORACLE_HOME = /home/faxc/app/faxc/product/11.2.0/dbhome_1)
(SID_NAME = orcl)
)
)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.222)(PORT = 1521))
)
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
)
)
)

ADR_BASE_LISTENER = /home/faxc/app/faxc

--cat tnsnames.ora
ORCL=
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.222)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = orcl)
)
)
200=
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.200)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = orcl)
)
)

6）如果允许的话，可以通过iptables禁止1521端口对外访问，只需本机通过1521端口访问即可

-A RH-Firewall-1-INPUT -s 127.0.0.1 -p tcp -m state --state NEW -m tcp --dport 1521 -j ACCEPT #只允许本机通过1521端口访问
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 1521 -j ACCEPT #允许外网和本机通过1521端口访问。