Discussion:
ER Connection Issues
(too old to reply)
Keith Simmons
2013-05-07 10:49:49 UTC
Permalink
Hi

I currently have ER running between an AIX server (source) and two Solaris
servers (targets) in a 'one-way' replication environment. I need to add a
RedHat Enterprise (2.6.32-131.0.15.el6.x86_64) server as a third target
(prior to removing one or both of the existing targets).
I've set up the sqlhosts, services and .rhosts files on both servers and
can connect from RedHat to AIX using dbaccess but am unable to connect from
AIX to RedHat. I'm getting error 908 which indicates connection /permission
issues.
I suspect I am running into some security block on the RedHat server (note
I can only connect using SSH, sftp etc and not telnet or ftp).
Any suggestions on what I need to do to enable this connectivity for
dbaccess/ER ?
Many Thanks
Keith
Alexandre Marini
2013-05-07 11:09:49 UTC
Permalink
Hello.
Have you put the AIX IP and hostname into RedHat /etc/hosts.equiv file?

If not, try it first, that should work.
But it can also be a mispelled typing error in your AIX or Redhat sqlhosts file, make sure to check it out.

Hope it helps.
Regards.

Alexandre Marini
IBM Informix Certified Professional v10 / v11.50 / v11.70

IBM Information Management Informix Technical Professional

IBM Infosphere DataStage Technical Professional
Informix Senior DBA - Orizon Brasil
BRIUG website administrator
Informix independent consultant


Date: Tue, 7 May 2013 11:49:49 +0100
Subject: ER Connection Issues
From: ***@gmail.com
To: informix-***@iiug.org

Hi

I currently have ER running between an AIX server (source) and two Solaris servers (targets) in a 'one-way' replication environment. I need to add a RedHat Enterprise (2.6.32-131.0.15.el6.x86_64) server as a third target (prior to removing one or both of the existing targets).

I've set up the sqlhosts, services and .rhosts files on both servers and can connect from RedHat to AIX using dbaccess but am unable to connect from AIX to RedHat. I'm getting error 908 which indicates connection /permission issues.

I suspect I am running into some security block on the RedHat server (note I can only connect using SSH, sftp etc and not telnet or ftp).
Any suggestions on what I need to do to enable this connectivity for dbaccess/ER ?

Many Thanks
Keith
Keith Simmons
2013-05-07 11:25:14 UTC
Permalink
Alexandre
Thanks, created /etc/hosts.equiv (even though I normally use
~informix/.rhosts which was set up correctly) and double checked sqlhosts
and /etc/services. No joy, still cannot connect using dbaccess.

Keith
Post by Alexandre Marini
Hello.
Have you put the AIX IP and hostname into RedHat /etc/hosts.equiv file?
If not, try it first, that should work.
But it can also be a mispelled typing error in your AIX or Redhat sqlhosts
file, make sure to check it out.
Hope it helps.
Regards.
*Alexandre Marini*
*IBM Informix Certified Professional v10 / v11.50 / v11.70*
* IBM Information Management Informix Technical Professional*
* IBM Infosphere DataStage Technical Professional*
*Informix Senior DBA - Orizon Brasil
BRIUG website administrator
Informix independent consultant
*
------------------------------
Date: Tue, 7 May 2013 11:49:49 +0100
Subject: ER Connection Issues
Hi
I currently have ER running between an AIX server (source) and two Solaris
servers (targets) in a 'one-way' replication environment. I need to add a
RedHat Enterprise (2.6.32-131.0.15.el6.x86_64) server as a third target
(prior to removing one or both of the existing targets).
I've set up the sqlhosts, services and .rhosts files on both servers and
can connect from RedHat to AIX using dbaccess but am unable to connect from
AIX to RedHat. I'm getting error 908 which indicates connection /permission
issues.
I suspect I am running into some security block on the RedHat server (note
I can only connect using SSH, sftp etc and not telnet or ftp).
Any suggestions on what I need to do to enable this connectivity for
dbaccess/ER ?
Many Thanks
Keith
_______________________________________________ Informix-list mailing list
Keith Simmons
2013-05-07 11:54:24 UTC
Permalink
Clive
Thanks, output :
iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:ssh
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Post by Alexandre Marini
Post by Keith Simmons
I suspect I am running into some security block on the RedHat server
(note I can only connect using SSH, sftp etc and not telnet or ftp).
Post by Keith Simmons
Any suggestions on what I need to do to enable this connectivity for
dbaccess/ER ?
run iptables --list and see if your sqlexec port is open on the RH server
--
Clive
Keith Simmons
2013-05-07 12:51:02 UTC
Permalink
Clive
No, but it won't take telnet from anywhere on any port, only ssh.
Keith
Hmnn - that looks ok
Can you telnet from the AIX server to the RH server on the sqlexec port?
--
Clive
Post by Keith Simmons
Clive
iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
Post by Keith Simmons
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:ssh
Post by Keith Simmons
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
Post by Keith Simmons
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
Post by Keith Simmons
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Post by Keith Simmons
I suspect I am running into some security block on the RedHat server
(note I can only connect using SSH, sftp etc and not telnet or ftp).
Post by Keith Simmons
Post by Keith Simmons
Any suggestions on what I need to do to enable this connectivity for
dbaccess/ER ?
Post by Keith Simmons
run iptables --list and see if your sqlexec port is open on the RH server
--
Clive
Keith Simmons
2013-05-07 15:39:20 UTC
Permalink
Clive
Many thanks, that done it !!
Need to speak with my hosting supplier about their default level of
security !!

Keith
Then you need to add an explicit ACCEPT entry in iptables for your sqlexec
port
Add it to
/etc/sysconfig/iptables
and do a service iptables restart
--
Clive
Post by Keith Simmons
Clive
No, but it won't take telnet from anywhere on any port, only ssh.
Keith
Hmnn - that looks ok
Can you telnet from the AIX server to the RH server on the sqlexec port?
--
Clive
Post by Keith Simmons
Clive
iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
Post by Keith Simmons
Post by Keith Simmons
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:ssh
Post by Keith Simmons
Post by Keith Simmons
REJECT all -- anywhere anywhere
reject-with icmp-host-prohibited
Post by Keith Simmons
Post by Keith Simmons
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere
reject-with icmp-host-prohibited
Post by Keith Simmons
Post by Keith Simmons
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Post by Keith Simmons
I suspect I am running into some security block on the RedHat server
(note I can only connect using SSH, sftp etc and not telnet or ftp).
Post by Keith Simmons
Post by Keith Simmons
Post by Keith Simmons
Any suggestions on what I need to do to enable this connectivity for
dbaccess/ER ?
Post by Keith Simmons
Post by Keith Simmons
run iptables --list and see if your sqlexec port is open on the RH
server
Post by Keith Simmons
Post by Keith Simmons
--
Clive
Clive Eisen
2013-05-07 12:19:56 UTC
Permalink
Hmnn - that looks ok

Can you telnet from the AIX server to the RH server on the sqlexec port?

--
Clive
Post by Keith Simmons
Clive
iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Post by Alexandre Marini
I suspect I am running into some security block on the RedHat server (note I can only connect using SSH, sftp etc and not telnet or ftp).
Any suggestions on what I need to do to enable this connectivity for dbaccess/ER ?
run iptables --list and see if your sqlexec port is open on the RH server
--
Clive
Clive Eisen
2013-05-07 11:22:26 UTC
Permalink
Post by Alexandre Marini
I suspect I am running into some security block on the RedHat server (note I can only connect using SSH, sftp etc and not telnet or ftp).
Any suggestions on what I need to do to enable this connectivity for dbaccess/ER ?
run iptables --list and see if your sqlexec port is open on the RH server

--
Clive
Clive Eisen
2013-05-07 13:01:43 UTC
Permalink
Then you need to add an explicit ACCEPT entry in iptables for your sqlexec port

Add it to

/etc/sysconfig/iptables

and do a service iptables restart

--
Clive
Post by Keith Simmons
Clive
No, but it won't take telnet from anywhere on any port, only ssh.
Keith
Hmnn - that looks ok
Can you telnet from the AIX server to the RH server on the sqlexec port?
--
Clive
Post by Keith Simmons
Clive
iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Post by Alexandre Marini
I suspect I am running into some security block on the RedHat server (note I can only connect using SSH, sftp etc and not telnet or ftp).
Any suggestions on what I need to do to enable this connectivity for dbaccess/ER ?
run iptables --list and see if your sqlexec port is open on the RH server
--
Clive
Clive Eisen
2013-05-08 12:13:13 UTC
Permalink
If you don't need the software firewall then do

service iptables stop
chkconfig iptables off

--
Clive

--
Clive
Post by Keith Simmons
Clive
Many thanks, that done it !!
Need to speak with my hosting supplier about their default level of security !!
Keith
Post by Clive Eisen
Then you need to add an explicit ACCEPT entry in iptables for your sqlexec port
Add it to
/etc/sysconfig/iptables
and do a service iptables restart
--
Clive
Post by Keith Simmons
Clive
No, but it won't take telnet from anywhere on any port, only ssh.
Keith
Hmnn - that looks ok
Can you telnet from the AIX server to the RH server on the sqlexec port?
--
Clive
Post by Keith Simmons
Clive
iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Post by Alexandre Marini
I suspect I am running into some security block on the RedHat server (note I can only connect using SSH, sftp etc and not telnet or ftp).
Any suggestions on what I need to do to enable this connectivity for dbaccess/ER ?
run iptables --list and see if your sqlexec port is open on the RH server
--
Clive
Loading...