Well here goes another Oracle 11gR2 note for you all out there. Let me just say Oracle’s documentation either does not exist or is so buried it’s impossible to find on this topic with 11gR2.
As always I want to lock down the system as much as possible which requires iptables. Early in the process I gave up any chance of locking down communication between nodes and interconnects and focused on internal connections. Like always any client needs to be able to talk to port 1521 TCP but GNS + 11Gr2 adds some new ports:
As may be aware GNS provides it’s own VIP equiped DNS server for it’s delegated subdomain. So it’s critical that you open up DNS to your DNS systems. So you need to open up 53 udp
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
You might want to add a source port and lock it to your dns systems.
Otherwise it should work (providing your open up iptables between nodes)