Port configuration in FC5

Hunter McDaniel oxothuk.maps at 4dv.net
Sat May 13 19:01:56 UTC 2006 

I've run into a problem trying to use DB2 8.2 on FC5 (works perfectly on 
FC4) and would like to understand what the differences are in the way 
TCPIP ports are managed in FC5 vs. FC4.  For reference, I am using the 
original FC5 install (kernel 2.6.15-2054 SMP) on an Athlon X2.  I have 
SELinux in permissive mode (could not install DB2 otherwise).

By default, DB2 creates some entries in /etc/services to define where it 
will listen for remote connections to each database instance; the 
default selection for the main instance port is 50000.  After installing 
DB2 on FC5, remote clients are unable to connect to databases on this 
instance (windows socket error 10061, Connection Refused), even if the 
firewall is disabled  However, if I change port assignments in 
/etc/services to a lower number (40000 is what I tried) then remote 
connections are successful.

OK so this lets me work around the problem but I want to understand 
WHY.  Does FC5 have some new restriction that applies to port numbers 
above the IANA registration range?

Another difference I want to understand relates to configuring the 
firewall with system-config-securitylevel.  In FC4 I could open up the 
DB2 instance port with the system-config-securitylevel applet, 
specifying the port either by number or by name. 

In FC5 I cannot open up the db2 instance port by name even though the 
name is clearly visible in /etc/services.  What's more if I try to open 
up the port by number the change doesn't "stick" in the applet (it does 
get written to iptables); when I open the applet again the port I just 
added is missing and another save will REMOVE the entry from iptables  
However, if I open up some other random port number that that doesn't 
map to anything in /etc/services then the change will stick - I can open 
the applet again and I'll see the port number I added on the previous 
session. 

My theory, if anyone can confirm it, is that the 
system-config-securitylevel applet is now using some other source of 
information besides /etc/services to map port numbers to service names, 
and that I need to get that in sync with /etc/services.

Any help/explanations would be greatly appreciated.

More information about the fedora-list mailing list