I've run into a problem trying to use DB2 8.2 on FC5 (works perfectly on
FC4) and would like to understand what the differences are in the way
TCPIP ports are managed in FC5 vs. FC4. For reference, I am using the
original FC5 install (kernel 2.6.15-2054 SMP) on an Athlon X2. I have
SELinux in permissive mode (could not install DB2 otherwise).
By default, DB2 creates some entries in /etc/services to define where it
will listen for remote connections to each database instance; the
default selection for the main instance port is 50000. After installing
DB2 on FC5, remote clients are unable to connect to databases on this
instance (windows socket error 10061, Connection Refused), even if the
firewall is disabled However, if I change port assignments in
/etc/services to a lower number (40000 is what I tried) then remote
connections are successful.
OK so this lets me work around the problem but I want to understand
WHY. Does FC5 have some new restriction that applies to port numbers
above the IANA registration range?
Another difference I want to understand relates to configuring the
firewall with system-config-securitylevel. In FC4 I could open up the
DB2 instance port with the system-config-securitylevel applet,
specifying the port either by number or by name.
In FC5 I cannot open up the db2 instance port by name even though the
name is clearly visible in /etc/services. What's more if I try to open
up the port by number the change doesn't "stick" in the applet (it does
get written to iptables); when I open the applet again the port I just
added is missing and another save will REMOVE the entry from iptables
However, if I open up some other random port number that that doesn't
map to anything in /etc/services then the change will stick - I can open
the applet again and I'll see the port number I added on the previous
session.
My theory, if anyone can confirm it, is that the
system-config-securitylevel applet is now using some other source of
information besides /etc/services to map port numbers to service names,
and that I need to get that in sync with /etc/services.
Any help/explanations would be greatly appreciated.
