Oracle关于监听器连接方面的总结

fcxkoitqti

Oracle监听器的各种问题总结：

1）系统断电异常重启后导致Oracle的监听无法正常启动，此时可以通过手动修改一下，使用静态注册监听：
如：
# listener.ora Network Configuration File: /var/local/u01/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
# Generated by Oracle configuration tools.
SID_LIST_LISTENER =
  (SID_LIST =
    (SID_DESC =
      (SID_NAME = PLSExtProc)
      (ORACLE_HOME = /home/u01/app/oracle/product/11.2.0/dbhome_2)
      (PROGRAM = extproc)
    )
以下为增加的内容
   (SID_DESC =
      (GOLBAL_DBNAME = orcl)
      (ORACLE_HOME = /home/u01/app/oracle/product/11.2.0/dbhome_2)
      (SID_NAME = orcl)
    )
  )
以上为增加的内容

LISTENER =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.1)(PORT = 1521))
  )

2）ora-3136
修改listener的inbound_connect_timeout参数的方法

方法一：
LSNRCTL> show inbound_connect_timeout

Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
LISTENER parameter "inbound_connect_timeout" set to 60
The command completed successfully

LSNRCTL> set inbound_connect_timeout 0
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
LISTENER parameter "inbound_connect_timeout" set to 0
The command completed successfully

LSNRCTL> show inbound_connect_timeout
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
LISTENER parameter "inbound_connect_timeout" set to 0
The command completed successfully

LSNRCTL> set save_config_on_stop on   #表示修改参数永久生效，否则只是临时生效，下次重启监听又还原为原来的值了

方法二：
修改listener.ora文件，加入:  INBOUND_CONNECT_TIMEOUT_LISTENER_NAME=0

3）为了数据库的安全，我们不仅可以限制远程登陆操作系统的ip，也可以限制通过监听连接数据库服务器的ip
在sqlnet.ora中增加如下配置 【Linux公社 http://www.iyunv.com 】
tcp.validnode_checking = yes
tcp.invited_nodes = (192.168.1.102,192.168.1.222,192.168.1.0/24)  #表示只允许192.168.1.102和192.168.1.222以及192.168.1.0、24网段的地址通过监听连接数据库
别的地址连接就会报如下错误
ERROR:
ORA-12537: TNS: 连接关闭

4）禁止通过操作系统认证连接数据库（sqlplus / as sysdba）
在sqlnet.ora中加入如下内容：
SQLNET.AUTHENTICATION_SERVICES=NONE
或者SQLNET.AUTHENTICATION_SERVICES=(NTS)
此时使用sqlplus / as sysdba登录，就会报 ORA-01031: 权限不足错误

5）本人线上安全的监听服务配置文件如下：
--cat sqlnet.ora
# sqlnet.ora Network Configuration File: /home/faxc/app/faxc/product/11.2.0/dbhome_1/network/admin/sqlnet.ora
# Generated by Oracle configuration tools.
SQLNET.INBOUND_CONNECT_TIMEOUT = 0
SQLNET.RECV_TIMEOUT = 30
SQLNET.SEND_TIMEOUT = 30
DIAG_ADR_ENABLED = OFF
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
tcp.validnode_checking = yes
tcp.invited_nodes = (192.168.1.102,192.168.1.222,192.168.1.0/24)
ADR_BASE = /home/faxc/app/faxc

--cat listener.ora
# listener.ora Network Configuration File: /home/faxc/app/faxc/product/11.2.0/dbhome_1/network/admin/listener.ora
# Generated by Oracle configuration tools.

SID_LIST_LISTENER =
  (SID_LIST =
    (SID_DESC =
      (SID_NAME = PLSExtProc)
      (ORACLE_HOME = /home/faxc/app/faxc/product/11.2.0/dbhome_1)
      (PROGRAM = extproc)
    )
    (SID_DESC =
      (GOLBAL_DBNAME = orcl)
      (ORACLE_HOME = /home/faxc/app/faxc/product/11.2.0/dbhome_1)
      (SID_NAME = orcl)
    )
  )
LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS_LIST =
        (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.222)(PORT = 1521))
      )
      (ADDRESS_LIST =
        (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
      )
    )
  )

ADR_BASE_LISTENER = /home/faxc/app/faxc

--cat tnsnames.ora
ORCL=
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.222)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = orcl)
    )
  )
200=
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.200)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = orcl)
    )
  )

6）如果允许的话，可以通过iptables禁止1521端口对外访问，只需本机通过1521端口访问即可

-A RH-Firewall-1-INPUT -s 127.0.0.1 -p tcp -m state --state NEW -m tcp --dport 1521 -j ACCEPT  #只允许本机通过1521端口访问
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 1521 -j ACCEPT  #允许外网和本机通过1521端口访问。