After ORACLE 10g is successfully installed in Red Hat Enterprise Linux Server Release 5.5, after configuring TNS on the client, test whether it can connect to the block server, the result is an error: ORA-12170: TNS: connection timed out
1: First check whether the network can be pinged, as shown below, the network is smooth.
2: Check the TNS configuration (there is no problem with the TNS configuration)
GSP =
(DESCRIPTION =
(ADDRESS =(PROTOCOL = TCP)(HOST = 172.20.36.79)(PORT = 1521))
(CONNECT_DATA=
(SERVER = DEDICATED)
(SERVICE_NAME = gsp)
)
)
3: Check whether the server monitoring service is started
[oracle@wgods ~]$ lsnrctl status
LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 14-DEC-2012 15:51:13
Copyright (c) 1991, 2005, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 10.2.0.1.0 - Production
Start Date 14-DEC-2012 13:15:28
Uptime 0 days 2 hr. 35 min. 45 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /database/oracle/product/dbhome/network/admin/listener.ora
Listener Log File /database/oracle/product/dbhome/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=wgods)(PORT=1521)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "gsp" has 2 instance(s).
Instance "gsp", status UNKNOWN, has 1 handler(s) for this service...
Instance "gsp", status READY, has 1 handler(s) for this service...
Service "gspXDB" has 1 instance(s).
Instance "gsp", status READY, has 1 handler(s) for this service...
Service "gsp_XPT" has 1 instance(s).
Instance "gsp", status READY, has 1 handler(s) for this service...
The command completed successfully
4: Use the tnsping command to check and report TNS-12535: TNS: Operation timed out. At this time, we can be sure that the firewall is the problem.
C:\Users\kerry>tnsping 172.20.32.79
TNS Ping Utility for 32-bit Windows: Version 11.2.0.1.0 - Production on 14-12月-2012 15:47:15
Copyright (c) 1997, 2010, Oracle. All rights reserved.
Parameter file used:
E:\app\kerry\product\11.2.0\dbhome_1\network\admin\sqlnet.ora
The EZCONNECT adapter was used to resolve aliases
trying to connect (DESCRIPTION=(CONNECT_DATA=(SERVICE_NAME=))(ADDRESS=(PROTOCOL=TCP)(HOST=172.20.32.79)(PORT=1521)))
TNS-12535: TNS: operation timed out
For firewall problems, we can have two solutions:
1: Turn off the firewall (this solution is not very good, turning off the firewall will bring many security risks)
[root@wgods ~]# service iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
2: Modify iptables, open port 1521, allow port 1521 to be connected
2.1 Edit the iptables file and add -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 1521 -j ACCEPT record.
[root@wgods sysconfig]# vi iptables
# Generated by iptables-save v1.3.5 on Fri Dec 14 17:03:58 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1749:243629]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 1521 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Dec 14 17:03:58 2012
~
~
~
~
~
"iptables" 24L, 1212C written
2.2 重启iptables服务
[root@wgods sysconfig]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_ns ip_conntrack_ftp [ OK ]
2.3 Save the newly added rules, so that the configuration rules will not be invalid after the next restart of the machine
[root@wgods sysconfig]# service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
2.4 Check whether port 1521 is open and allow connections (see the red part)
[root@wgods sysconfig]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0 /0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:23
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:1521
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
[root@wgods sysconfig]#
Use PL/SQL Developer to connect to the database from the client, the problem is solved.