I have setup a Windows Server 2008R2 with an oracle server 11g (11.2) and a small database (MYDB) in amazon EC2.
Now I want to connect from my computer to this database (I use PL/SQL developer but I don't mind using other tools)
In server side I have: (where ec2-xx-xxx-xxx-xx.us-west-2.compute.amazonaws.com is the public DNS for my Win server.)
tnsnames.ora:
MYDB =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = ec2-xx-xxx-xxx-xx.us-west-2.compute.amazonaws.com)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = MYDB)
)
)
listener.ora:
# listener.ora Network Configuration File: C:\app\Administrator\product\11.2.0\dbhome_1\network\admin\listener.ora
# Generated by Oracle configuration tools.
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = ec2-xx-xxx-xxx-xx.us-west-2.compute.amazonaws.com)(PORT = 1521))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
)
)
ADR_BASE_LISTENER = C:\app\Administrator
At my pc at tnsnames.ora i have:
MYDB=
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = ec2-xx-xxx-xxx-xx.us-west-2.compute.amazonaws.com)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = MYDB)
)
)
With these settings, I am able to connect locally at my server, but not through my computer.
I have setup up Security Groups at my EC2:
Inbound rules
Type Protocol Port Range Source
RDP TCP 3389 Anywhere 0.0.0.0/0
SSH TCP 22 Anywhere 0.0.0.0/0
Custom ICMP Rule Echo Reply N/A Anywhere 0.0.0.0/0
When I am trying to connect from my computer I get
ORA-12170:TNS:Connect timeout occurred.
Any ideas what I am doing wrong, or a troubleshooting plan?
Your security groups only allow RDP and SSH access, on ports 3389 and 22 (plus ICMP ping). When you attempt to connect to the database you're using port 1521, as your tnsnames.ora
dictates:
(HOST = ec2-xx-xxx-xxx-xx.us-west-2.compute.amazonaws.com)(PORT = 1521))
So you need to add an inbound firewall rule to allow traffic on TCP port 1521 through to your EC2 instance, in addition to the existing ones for 3389 and 22. I have no idea if SQL*Net will be listed in the 'type' drop down, so you might need to select 'All TCP'.
You might also want to make it more restrictive though - limiting the 'source' to your PC's IP address perhaps if this is private, or your company's outgoing Ip if not; if you have a static public IP from your ISP.