Oracle11gR2限制指定IP访问

小袁搬码2024-01-15 22:29

Oracle11gR2限制指定的IP访问

1. 环境说明

Oracle数据库版本: Oracle11gR2

安装位置:E:\app\product

1. 先停止监听

shell 复制代码 
lsnrctl stop

2. 配置监听文件

  1. 编辑文件:E:\app\product\11.2.0\dbhome_1\NETWORK\ADMIN\sqlnet.ora
shell 复制代码 
# This file is actually generated by netca. But if customers choose to 
# install "Software Only", this file wont exist and without the native 
# authentication, they will not be able to connect to the database on NT.

SQLNET.AUTHENTICATION_SERVICES = (NTS)

tcp.validnode_checking = yes
tcp.invited_nodes = (192.168.1.115,localhost,127.0.0.1,192.168.1.16)
  1. 配置说明
shell 复制代码 
tcp.validnode_checking = yes
#tcp.invited_nodes=() #允许访问的IP列表或主机名,用逗号分隔
如:tcp.invited_nodes=(10.10.10.115)
#这里需要注意的是必须把本机ip地址加进来(不能写成localhost和127.0.0.1),否则监听启动会报错
#tcp.excluded_nodes=() #限制访问的IP列表或主机名,用逗号分隔

#说明:
#同时使用tcp.invited_nodes和tcp.excluded_nodes,则会以tcp.invited_nodes为主
# 支持通配符,如tcp.invited_nodes = (192.168.1.*,192.168.1.23/22) 
# 只能限制TCP协议
# 需要重启监听生效:
lsnrctl stop
lsnrctl start
  1. 配置后,如果非允许的主机IP连接数据库时,会提示 ORA-12537: TNS:lost contact 或中文提示 ORA-12537: TNS:连接关闭

3. tnsnames.ora中配置IP

E:\app\product\11.2.0\dbhome_1\NETWORK\ADMIN\tnsnames.ora

shell 复制代码 
# tnsnames.ora Network Configuration File: D:\Program Files\instantclient_12_2\NETWORK\ADMIN\tnsnames.ora
# Generated by Oracle configuration tools.

LISTENER_ORCL =
  (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.115)(PORT = 1521))

ORCL =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = orcl)
    )
  )

ORCL249 =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.249)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = orcl)
    )
  )

4 .重启监听

shell 复制代码 
lsnrctl stop
lsnrctl start

2. 常见问题

1. 开启Oracle的IP访问限制后错误提示

shell 复制代码 
tcp.validnode_checking = yes
tcp.invited_nodes = (192.168.1.115,localhost,127.0.0.1)

1. PL/SQLdevelper连接错误提示

tex 复制代码 
ORA-12541: TNS:监听程序当前无法识别连接描述符中请求的服务

2. Java代码连接数据库错误提示

ORA-12505, TNS:listener does not currently know of SID given in connect descriptor

java 复制代码 
Connected to the target VM, address: '127.0.0.1:51801', transport: 'socket'
java.sql.SQLException: Listener refused the connection with the following error:
ORA-12505, TNS:listener does not currently know of SID given in connect descriptor
 
	at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:458)
	at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:546)
	at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:236)
	at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
	at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:521)
	at java.sql.DriverManager.getConnection(DriverManager.java:664)
	at java.sql.DriverManager.getConnection(DriverManager.java:247)
	at com.yuan.OracleDBConnect.oracle(OracleDBConnect.java:15)
	at com.yuan.OracleDBConnect.main(OracleDBConnect.java:8)
Caused by: oracle.net.ns.NetException: Listener refused the connection with the following error:
ORA-12505, TNS:listener does not currently know of SID given in connect descriptor
 
	at oracle.net.ns.NSProtocol.connect(NSProtocol.java:395)
	at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1102)
	at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:320)
	... 8 more
Disconnected from the target VM, address: '127.0.0.1:51801', transport: 'socket'

Process finished with exit code 0

2. 解决方法

在:E:\app\product\11.2.0\dbhome_1\NETWORK\ADMIN\listener.ora文件中加入下面信息

(SID_DESC =

(GLOBAL_DBNAME = orcl)

(ORACLE_HOME = E:\app\product\11.2.0\dbhome_1)

(SID_NAME = ORCL)

)

listener.ora完整内容如下

shell 复制代码 
# listener.ora Network Configuration File: E:\app\product\11.2.0\dbhome_1\NETWORK\ADMIN\listener.ora
# Generated by Oracle configuration tools.

SID_LIST_LISTENER =
  (SID_LIST =
    (SID_DESC =
    (GLOBAL_DBNAME = orcl)
     (ORACLE_HOME = E:\app\product\11.2.0\dbhome_1)
     (SID_NAME = ORCL)
     )
    (SID_DESC =
      (SID_NAME = CLRExtProc)
      (ORACLE_HOME = E:\app\product\11.2.0\dbhome_1)
      (PROGRAM = extproc)
      (ENVS = "EXTPROC_DLLS=ONLY:E:\app\product\11.2.0\dbhome_1\bin\oraclr12.dll")
    )
  )

LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.115)(PORT = 1521))
	  (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
    )
  )
相关推荐
数据智能老司机8 小时前
CockroachDB权威指南——CockroachDB SQL
数据库·分布式·架构
数据智能老司机8 小时前
CockroachDB权威指南——开始使用
数据库·分布式·架构
松果猿9 小时前
空间数据库学习(二)—— PostgreSQL数据库的备份转储和导入恢复
数据库
无名之逆9 小时前
Rust 开发提效神器:lombok-macros 宏库
服务器·开发语言·前端·数据库·后端·python·rust
s9123601019 小时前
rust 同时处理多个异步任务
java·数据库·rust
数据智能老司机9 小时前
CockroachDB权威指南——CockroachDB 架构
数据库·分布式·架构
hzulwy9 小时前
Redis常用的数据结构及其使用场景
数据库·redis
程序猿熊跃晖9 小时前
解决 MyBatis-Plus 中 `update.setProcInsId(null)` 不生效的问题
数据库·tomcat·mybatis
Three~stone11 小时前
MySQL学习集--DDL
数据库·sql·学习
Qi妙代码11 小时前
MYSQL基础
数据库·mysql·oracle
热门推荐
01我决定放弃搞 Java 了02DeepSeek各版本说明与优缺点分析03如何在WPS和Word/Excel中直接使用DeepSeek功能04【AUTOSAR 基础软件】Can模块详解(Can栈之驱动模块)05RAG 实践- Ollama+RagFlow 部署本地知识库06从零安装 LLaMA-Factory 微调 Qwen 大模型成功及所有的坑07Mac cursor设置jdk、Maven版本08本地化部署AI知识库:基于Ollama+DeepSeek+AnythingLLM保姆级教程09如何本地部署AI智能体平台,带你手搓一个AI Agent10纯离线部署本地知识库LLM大模型