[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Port configuration in FC5



I've run into a problem trying to use DB2 8.2 on FC5 (works perfectly on FC4) and would like to understand what the differences are in the way TCPIP ports are managed in FC5 vs. FC4. For reference, I am using the original FC5 install (kernel 2.6.15-2054 SMP) on an Athlon X2. I have SELinux in permissive mode (could not install DB2 otherwise).

By default, DB2 creates some entries in /etc/services to define where it will listen for remote connections to each database instance; the default selection for the main instance port is 50000. After installing DB2 on FC5, remote clients are unable to connect to databases on this instance (windows socket error 10061, Connection Refused), even if the firewall is disabled However, if I change port assignments in /etc/services to a lower number (40000 is what I tried) then remote connections are successful.

OK so this lets me work around the problem but I want to understand WHY. Does FC5 have some new restriction that applies to port numbers above the IANA registration range?

Another difference I want to understand relates to configuring the firewall with system-config-securitylevel. In FC4 I could open up the DB2 instance port with the system-config-securitylevel applet, specifying the port either by number or by name. In FC5 I cannot open up the db2 instance port by name even though the name is clearly visible in /etc/services. What's more if I try to open up the port by number the change doesn't "stick" in the applet (it does get written to iptables); when I open the applet again the port I just added is missing and another save will REMOVE the entry from iptables However, if I open up some other random port number that that doesn't map to anything in /etc/services then the change will stick - I can open the applet again and I'll see the port number I added on the previous session. My theory, if anyone can confirm it, is that the system-config-securitylevel applet is now using some other source of information besides /etc/services to map port numbers to service names, and that I need to get that in sync with /etc/services.

Any help/explanations would be greatly appreciated.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]