Port configuration in FC5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I've run into a problem trying to use DB2 8.2 on FC5 (works perfectly on FC4) and would like to understand what the differences are in the way TCPIP ports are managed in FC5 vs. FC4. For reference, I am using the original FC5 install (kernel 2.6.15-2054 SMP) on an Athlon X2. I have SELinux in permissive mode (could not install DB2 otherwise).

By default, DB2 creates some entries in /etc/services to define where it will listen for remote connections to each database instance; the default selection for the main instance port is 50000. After installing DB2 on FC5, remote clients are unable to connect to databases on this instance (windows socket error 10061, Connection Refused), even if the firewall is disabled However, if I change port assignments in /etc/services to a lower number (40000 is what I tried) then remote connections are successful.

OK so this lets me work around the problem but I want to understand WHY. Does FC5 have some new restriction that applies to port numbers above the IANA registration range?

Another difference I want to understand relates to configuring the firewall with system-config-securitylevel. In FC4 I could open up the DB2 instance port with the system-config-securitylevel applet, specifying the port either by number or by name. In FC5 I cannot open up the db2 instance port by name even though the name is clearly visible in /etc/services. What's more if I try to open up the port by number the change doesn't "stick" in the applet (it does get written to iptables); when I open the applet again the port I just added is missing and another save will REMOVE the entry from iptables However, if I open up some other random port number that that doesn't map to anything in /etc/services then the change will stick - I can open the applet again and I'll see the port number I added on the previous session. My theory, if anyone can confirm it, is that the system-config-securitylevel applet is now using some other source of information besides /etc/services to map port numbers to service names, and that I need to get that in sync with /etc/services.

Any help/explanations would be greatly appreciated.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux