Oracle 11G R2 install on CentOS version 57 linux

Oracle install in silent mode

Create Required Group and User

Add the below given groups and user if they do not exists on the system.
#groupadd oinstall
#groupadd dba
#groupadd oper
#useradd –g oinstall –G dba,oper oracle
#passwd oracle

Create software install folders

#mkdir –p /u01/app/oracle/product/11.2.0/db_1
#chown –R oracle:oinstall /u01
#chmod –R 755 /u01

Configure User environment

Add the below given lines in /etc/profile

ORACLE_BASE=/u01/app/oracle; export ORACLE_BASE

ORACLE_HOME=/u01/app/oracle/product/11.2.0/db_1; export ORACLE_HOME

ORACLE_SID=apal3; export ORACLE_SID

ORACLE_UNQNAME=apal3; export ORACLE_UNQNAME

PATH=$ORACLE_HOME/bin:$PATH; export PATH

Add the below given lines in oracle user .bash_profile

umask 022

Configuration of Kernel Parameters

Using any text editor, edit the /etc/sysctl.conf

net.ipv4.ip_forward = 0

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.default.accept_source_route = 0

kernel.sysrq = 0

kernel.core_uses_pid = 1

net.ipv4.tcp_syncookies = 1

kernel.msgmnb = 65536

kernel.msgmax = 65536

kernel.shmmax = 2147483648

kernel.shmall = 2097152

kernel.shmmni = 4096

kernel.sem = 250 32000 100 128

fs.file-max = 6815744

fs.aio-max-nr = 1048576

net.ipv4.ip_local_port_range = 9000 65500

net.core.rmem_default = 1048576

net.core.rmem_max = 4194304

net.core.wmem_default = 262144

net.core.wmem_max = 1048576

After adding the above lines to the /etc/sysctl.conf file, they persist each time the system reboots. If you would like to make these kernel parameter value changes to the current system without having to reboot, enter the following command:

#sysctl –p

Using any text editor, edit the /etc/security/limits.conf

oracle              soft    nproc   2047

oracle              hard    nproc   16384

oracle              soft    nofile  1024

oracle              hard    nofile  65536

Edit the /etc/pam.d/login file and add following line:

# added for Oracle 11.2.0.3

session    required     pam_limits.so

Check current status of SELinux:

#/usr/sbin/getenforce

Enforcing

If output is Enforcing then change mode to Permissive as follows:

#/usr/sbin/setenforce 0

To make the change permanent, modify the /etc/sysconfig/selinux change value of SELINUX variable to disabled:

Add Required RPMs

For this I would recommend to check the oracle web site because different OS versions require different rpm’s. The below given package’s where required for red hat linux5.7 .

compat-libstdc++-33-3.2.3-69.el6.*.rpm

elfutils-devel-0.148-1.el6.x86_64.rpm

elfutils-libelf-devel-0.148-1.el6.x86_64.rpm

gcc-c++-4.4.4-13.el6.x86_64.rpm

glibc-2.12-1.7.el6.i686.rpm

glibc-devel-2.12-1.7.el6.i686.rpm

libaio-devel-0.3.107-10.el6.x86_64.rpm

libaio-0.3.107-10.el6.i686.rpm

libgcc-4.4.4-13.el6.i686.rpm

libstdc++-devel-4.4.4-13.el6.x86_64.rpm

libtool-ltdl-2.2.6-15.5.el6.i686.rpm

nss-softokn-freebl-3.12.7-1.1.el6.i686.rpm

readline-6.0-3.el6.i686.rpm

ncurses-libs-5.7-3.20090208.el6.i686.rpm

libcap-2.16-5.2.el6.i686.rpm

libattr-2.4.44-4.el6.i686.rpm

compat-libcap1-1.10-1.*.rpm

Use below given command to check if the rpm is installed

#rpm –qa | grep package name

Use the below given command to install the required package

#yum –install package name

Creating the oraInst.loc File

Create the /etc/oraInst.loc as below and chage the permission  and ownership.

inventory_loc=/u01/app/oraInventory

inst_group=oinstall

#chown oracle:oinstall oraInst.loc

#chmod 664 oraInst.loc

Prepare the responds file

The sample response file can be found under  “database/response ”.  Here is the example of db_install.rsp.

oracle.install.responseFileVersion=/oracle/install/rspfmt_dbinstall_response_schema_v11_2_0

oracle.install.option=INSTALL_DB_AND_CONFIG

ORACLE_HOSTNAME=linux57

UNIX_GROUP_NAME=oinstall

INVENTORY_LOCATION=/u01/app/oraInventor

SELECTED_LANGUAGES=en

ORACLE_HOME=/u01/app/oracle/product/11.2.0/db_1

ORACLE_BASE=/u01/app/oracle

oracle.install.db.InstallEdition=EE

oracle.install.db.isCustomInstall=false

oracle.install.db.customComponents=oracle.server:11.2.0.1.0,oracle.sysman.ccr:10.2.7.0.0,oracle.xdk:11.2.0.1.0,oracle.rdbms.oci:11.2.0.1.0,orac
le.network:11.2.0.1.0,oracle.network.listener:11.2.0.1.0,oracle.rdbms:11.2.0.1.0,oracle.options:11.2.0.1.0,oracle.rdbms.partitioning:11.2.0.1.0
,oracle.oraolap:11.2.0.1.0,oracle.rdbms.dm:11.2.0.1.0,oracle.rdbms.dv:11.2.0.1.0,orcle.rdbms.lbac:11.2.0.1.0,oracle.rdbms.rat:11.2.0.1.0

oracle.install.db.DBA_GROUP=dba

oracle.install.db.OPER_GROUP=oper

oracle.install.db.CLUSTER_NODES=

oracle.install.db.config.starterdb.type=GENERAL_PURPOSE

oracle.install.db.config.starterdb.globalDBName=apal3

oracle.install.db.config.starterdb.SID=apal3

oracle.install.db.config.starterdb.characterSet=AL32UTF8

oracle.install.db.config.starterdb.memoryOption=true

oracle.install.db.config.starterdb.memoryLimit=400

oracle.install.db.config.starterdb.installExampleSchemas=false

oracle.install.db.config.starterdb.enableSecuritySettings=true

oracle.install.db.config.starterdb.password.ALL=1Qa2ws3ed4rf

oracle.install.db.config.starterdb.password.SYS=1Qa2ws3ed4rf

oracle.install.db.config.starterdb.password.SYSTEM=oracle

oracle.install.db.config.starterdb.password.SYSMAN=

oracle.install.db.config.starterdb.password.DBSNMP=

oracle.install.db.config.starterdb.control=DB_CONTROL

oracle.install.db.config.starterdb.gridcontrol.gridControlServiceURL=

oracle.install.db.config.starterdb.dbcontrol.enableEmailNotification=false

oracle.install.db.config.starterdb.dbcontrol.emailAddress=

oracle.install.db.config.starterdb.dbcontrol.SMTPServer=

oracle.install.db.config.starterdb.automatedBackup.enable=false

oracle.install.db.config.starterdb.automatedBackup.osuid=

oracle.install.db.config.starterdb.automatedBackup.ospwd=

oracle.install.db.config.starterdb.storageType=FILE_SYSTEM_STORAGE

oracle.install.db.config.starterdb.fileSystemStorage.dataLocation=/u01/app/oracle/oradata

oracle.install.db.config.starterdb.fileSystemStorage.recoveryLocation=/u01/app/oracle/flash_recovery_area

oracle.install.db.config.asm.diskGroup=

oracle.install.db.config.asm.ASMSNMPPassword=

MYORACLESUPPORT_USERNAME=

MYORACLESUPPORT_PASSWORD=

SECURITY_UPDATES_VIA_MYORACLESUPPORT=false

DECLINE_SECURITY_UPDATES=true

PROXY_HOST=

PROXY_PORT=

PROXY_USER=

PROXY_PWD=

Command to install oracle is given below:-

First login as oracle and go to where the install script is extracted.

$ cd /tmp/database/

$ ./runInstaller -silent -responseFile /tmp/database/response/db_install.rsp

 Wait for the installation step to prompt for executing the scripts. Open terminal and execute the scripts as "root" user.

Auto restart Oracle and related service via dbstart

Create /etc/init.d/oracle

#!/bin/sh

#

# /etc/rc.d/init.d/oracle

# Description: Starts and stops the Oracle database, listeners and Enterprise Manager

# See how we were called.

case "$1" in

start)

echo "Starting Oracle"

echo "—————————————————" >> /var/log/oracle

date +"! %T %a %D : Starting Oracle Databases as part of system up." >> /var/log/oracle

echo "—————————————————" >> /var/log/oracle

echo -n "Starting Oracle Databases: "

su - oracle -c dbstart >> /var/log/oracle

echo "Done."

echo -n "Starting Oracle Listeners: "

su - oracle -c "lsnrctl start" >> /var/log/oracle

echo "Done."

echo -n "Starting Oracle Enterprise Manager: "

su - oracle -c "emctl start dbconsole" >> /var/log/oracle

echo "Done."

echo ""

echo "—————————————————" >> /var/log/oracle

date +"! %T %a %D : Finished." >> /var/log/oracle

echo "—————————————————" >> /var/log/oracle

touch /var/lock/subsys/oracle

;;

stop)

echo "Shutting Down Oracle"

echo "—————————————————" >> /var/log/oracle

date +"! %T %a %D : Shutting Down Oracle Databases as part of system down." >> /var/log/oracle

echo "—————————————————" >> /var/log/oracle

echo -n "Shutting Down Oracle Enterprise Manager: "

su - oracle -c "emctl stop dbconsole" >> /var/log/oracle

echo "Done."

echo -n "Shutting Down Oracle Listeners: "

su - oracle -c "lsnrctl stop" >> /var/log/oracle

echo "Done."

rm -f /var/lock/subsys/oracle

echo -n "Shutting Down Oracle Databases: "

su - oracle -c dbshut >> /var/log/oracle

echo "Done."

echo ""

echo "—————————————————" >> /var/log/oracle

date +"! %T %a %D : Finished." >> /var/log/oracle

echo "—————————————————" >> /var/log/oracle

;;

restart)

echo "Restarting Oracle"

echo "—————————————————" >> /var/log/oracle

date +"! %T %a %D : Restarting Oracle Databases as part of system up." >> /var/log/oracle

echo "—————————————————" >> /var/log/oracle

echo -n "Restarting Oracle Databases: "

su - oracle -c dbshut >> /var/log/oracle

su - oracle -c dbstart >> /var/log/oracle

echo "Done."

echo -n "Restarting Oracle Listeners: "

su - oracle -c "lsnrctl stop" >> /var/log/oracle

su - oracle -c "lsnrctl start" >> /var/log/oracle

echo "Done."

echo -n "Restarting Oracle Enterprise Manager: "

su - oracle -c "emctl stop dbconsole" >> /var/log/oracle

su - oracle -c "emctl start dbconsole" >> /var/log/oracle

echo "Done."

echo ""

echo "—————————————————" >> /var/log/oracle

date +"! %T %a %D : Finished." >> /var/log/oracle

echo "—————————————————" >> /var/log/oracle

touch /var/lock/subsys/oracle

;;

*)

echo "Usage: oracle {start|stop|restart}"

exit 1

esac


Creating shortcuts for different level to start up and shut down oracle

# chmod +x oracle

# ln -s /etc/rc.d/init.d/oracle /etc/rc.d/rc2.d/S99oracl

# ln -s /etc/rc.d/init.d/oracle /etc/rc.d/rc3.d/S99oracle

# ln -s /etc/rc.d/init.d/oracle /etc/rc.d/rc4.d/S99oracle

# ln -s /etc/rc.d/init.d/oracle /etc/rc.d/rc5.d/S99oracle

# ln -s /etc/rc.d/init.d/oracle /etc/rc.d/rc0.d/K01oracle

# ln -s /etc/rc.d/init.d/oracle /etc/rc.d/rc6.d/K01oracle

Add user to Oracle

$ sqlplus sys as sysdba (it will prompt for the password)

SQL> CREATE USER testuser IDENTIFIED BY "testuser_rw"

SQL> grant connect,resource to testuser;

SQL> grant create table to testuser;

SQL> grant create sequence to testuser;

SQL> grant create tablespace, drop tablespace to testuser;

SQL> grant create procedure to testuser;

SQL> grant create trigger to testuser;

SQL> grant execute on dbms_alert to testuser;

SQL> grant dba to testuser ; 

FTP Server Setup Steps for Ubantu

• Create folders /FTPSites/WarehouseOptimizationFTP/ for FTP users home directories.
• mkdir -p /FTPSites/WarehouseOptimizationFTP/
• Install package vsftpd
• apt-get install vsftpd
• add-apt-repository ppa:thefrontiergroup/vsftpd () (I was facing problems when trying to lock ftp users to their home directory, found this solution for it in a blog)
• Edit /etc/vsftpd.conf (If required uncomment the fields or change it from YES to NO or vice versa)
• listen=YES
• anonymous_enable=NO
• local_enable=YES
• write_enable=YES
• local_umask=022
• dirmessage_enable=YES
• use_localtime=YES
• xferlog_enable=YES
• connect_from_port_20=YES
• data_connection_timeout=1200
• ftpd_banner=Welcome to TWO FTP service.
• chroot_local_user=NO
• chroot_list_enable=YES
• chroot_list_file=/etc/vsftpd.chroot_list
• secure_chroot_dir=/var/run/vsftpd/empty
• pam_service_name=vsftpd
• rsa_cert_file=/etc/ssl/private/vsftpd.pem
• # Passive mode
• pasv_enable=YES
• pasv_min_port=1024
• pasv_max_port=2048
• # Keep non-chroot listed users jailed
• allow_writeable_chroot=YES
• Edit /etc/vsftpd.chroot_list and add the users which will use the FTP server, the ftp users that were in the vsftpd.chroot_list are listed below.
• ftpusertest
• nestleewm
• woftptop
• ftpwoindia
• ftpwonetperception
• ftpwonz
• ftpwoohio
• ftpwoorbit
• ftpwotenn
• ftpbkpconagraapal
• ftpbkpdemo4coke
• ftpbkpdemo6apal
• ftpbkpdemoRMT
• ftpbkpdreyers
• ftpbkpibmtwo
• ftpbkpkraft
• ftpbkpkrftibm
• ftpbkpnestle
• ftpbkppepsiapal
• ftpbkpschenck
• ftpbkpschenckbkp
• ftpbkptest6apal
• ftpbkpTWOWEB
• ftpwoalert
• ftpwopgaps
• ftpwowebadmin
• ftpwowoolumsr
• ftpwostarzynski
• ftpwopanwar
• ftpuatbkp
• SacKapi
• ftpchris
• ftpwosumin
• ccj007
• ftptwowebsitebackup
• service vsftpd restart (this will put all the changes to the conf file to affect)
• Test using a ftp client (i.e FileZila). Make sure that the ftp users are unable to go above their home directory, here is is defined as /FTPSites/WarehouseOptimizationFTP/.

Password less SSH

Step 1: Create Authentication SSH-Kegen Keys onem which you want to login from

first login into server 192.168.1.1 with user tecmint and generate a pair of public keys using following command.

$ ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/tecmint/.ssh/id_rsa): [Press enter key]
Created directory '/home/tecmint/.ssh'.
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Press enter key]
Your identification has been saved in /home/tecmint/.ssh/id_rsa.
Your public key has been saved in /home/tecmint/.ssh/id_rsa.pub.
The key fingerprint is:

Step 2: Create .ssh Directory on – 192.168.1.2

Use SSH from server 192.168.1.1 to connect server 192.168.1.2 using sanjay as user and create .ssh directory under it, using following command.

[tecmint@tecmint ~]$ ssh sanjay@192.168.1.2 mkdir -p .ssh

The authenticity of host '192.168.1.2 (192.168.1.2)' can't be established.
RSA key fingerprint is d6:53:94:43:b3:cf:d7:e2:b0:0d:50:7b:17:32:29:2a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.2' (RSA) to the list of known hosts.
sanjay@192.168.1.2's password: [Enter Your Password Here]

Step 3: Upload Generated Public Keys to – 192.168.1.2

Use SSH from server 192.168.1.1 and upload new generated public key (id_rsa.pub) on server 192.168.1.2 under sanjay‘s .ssh directory as a file name authorized_keys.

[tecmint@tecmint ~]$ cat .ssh/id_rsa.pub | ssh sanjay@192.168.1.2 'cat >> .ssh/authorized_keys'

sanjay@192.168.1.2's password: [Enter Your Password Here]

Step 4: Set Permissions on – 192.168.1.2

Due to different SSH versions on servers, we need to set permissions on .ssh directory and authorized_keys file.

[tecmint@tecmint ~]$ ssh sanjay@192.168.1.2 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"

sanjay@192.168.1.2's password: [Enter Your Password Here]

Step 5: Login from 192.168.1.1 to 192.168.1.2 Server without Password

From now onwards you can log into 192.168.1.2 as sanjay user from server 192.168.1.1 astecmint user without password.

[tecmint@tecmint ~]$ ssh sanjay@192.168.1.2

Setting up exim4 to use gmail as smarthost to forward mail.

1) Reconfigure exim4

sudo dpkg-reconfigure exim4-config

There we have a set of questions, the important answers are:

Choose: mail sent by SMARTHOST; received via SMTP or fetchmail

In system mail name type: localhost

In IP Adresses to listen on for incoming SMTP connections type127.0.0.1

Leave Other destinations for which mail is accepted blank

Leave Machines to relay mail for blank too

In Machine handling outgoing mail for this host (smarthost) type: smtp.gmail.com::587

(NOTE THAT THE ‘::’ ARE NOT A TYPO)

IP address or host name of the outgoing smarthost: gmail-smtp-msa.l.google.com

Choose NO in response to don’t hide local mail name in outgoing mail

Choose NO in response to don’t keep number of DNS-queries minimal (Dial-on-Demand)

Choose YES in response to split configuration into small files

2) Final touchs

Now we need to tell exim4 about your gmail credentials:

sudo vi /etc/exim4/passwd.client

There we are going to put the following text, replacing where needed:

gmail-smtp.l.google.com:ClockingIT@warehouseoptimization.com:password

• .google.com:ClockingIT@warehouseoptimization.com:password

smtp.gmail.com:ClockingIT@warehouseoptimization.com:password

Note: You can find out what password is by looking in the file.

And finally we need to tell exim4 how it should bind the system account with the gmail account:

sudo vi /etc/exim4/email-addresses

There we are going to put the possible users:

support@localhost:ClockingIT@warehouseoptimization.com

root@localhost:ClockingIT@warehouseoptimization.com

3) Restart exim4

sudo update-exim4.conf

sudo /etc/init.d/exim4 restart

How Drop Tablespace and Recover Oracle Database When Accidentally Delete Datafile

The solution to the missing datafiles is to drop the affected tablespace where has incomplete datafiles, and then recreate the tablespace and import the data into the tablespace from backup. However, the steps are not so straight forward.

• Run SQL*Plus.

• Connect to database as SYSDBA with this query:
• CONNECT / AS SYSDBA

• Mount the database instead of starting it up:
• STARTUP MOUNT;

• Issue the following command to bring the missing datafile offline so that Oracle won’t trying to connect and access the datafile anymore:
• ALTER DATABASE DATAFILE '<datafile name with complete path>' OFFLINE DROP;

• Repeat the command for every datafiles that unaccounted for.

• Now start the database proper:
• ALTER DATABASE OPEN;

• As the tablespace has damaged, drop it to recreate from fresh backup.
• DROP TABLESPACE <tablespace name> INCLUDING CONTENTS;

• Ensure the other datafiles for the tablespace has been deleted, if not, remove them manually from the operating system.

• Continue with the recovery process.

Blog:- http://stackoverflow.com/questions/53676/how-to-resolve-ora-011033-oracle-initialization-or-shutdown-in-progress

Timesync on Linux servers

For CentOS

• Open the terminal or login over the ssh session. You must login as as the root user. Type the following yum command to install ntp

# yum install ntp ntpdate ntp-doc -y

• Turn on service, enter:

# chkconfig ntpd on

• Synchronize the system clock with 0.pool.ntp.org server (use this command only once or as required):

# ntpdate pool.ntp.org

• Start the NTP server. The following will continuously adjusts system time from upstream NTP server. No need to run ntpdate:

# /etc/init.d/ntpd start

Configure ntpd (optional)

• Edit /etc/ntp.conf, enter:

# vi /etc/ntp.conf

Set public servers from the pool.ntp.org project:

server 0.rhel.pool.ntp.org
server 1.rhel.pool.ntp.org
server 2.rhel.pool.ntp.org

Setup a cron job to keep the time in sync

• Create a script for ntpdate

# vim ntpdate.sh

#!/bin/sh

/usr/sbin/ntpdate pool.ntp.org

:wq (save and exit)

• Create a cron job to sync the time in every 5 minutes

# crontab -e

0,5,10,15,20,25,30,35,40,45,50,55 * * * * sh /root/ntpdate.sh >> /root/ntpdate.log 2>&1  # This will sync the time in every 5 minutes and redirect the logs to root/ntpdate.log

:wq (save and exit)

For Ubuntu

Ubuntu comes with ntpdate as standard, and will run it once at boot time to set up your time according to Ubuntu's NTP server. However, a server's clock is likely to drift considerably between reboots, so it makes sense to correct the time occasionally.

• Create a script for ntpdate

# vim ntpdate.sh

#!/bin/sh

/usr/sbin/ntpdate ntp.ubuntu.com

:wq (save and exit)

• Create a cron job to sync the time in every 5 minutes

# crontab -e

0,5,10,15,20,25,30,35,40,45,50,55 * * * * sh /root/ntpdate.sh >> /root/ntpdate.log 2>&1  # This will sync the time in every 5 minutes and redirect the logs to root/ntpdate.log

:wq (save and exit)

SED Command

FIND AND REPLACE with SED

Let us start off simple:

Imagine you have a large file ( txt, php, html, anything ) and you want to replace all the words

"ugly" with "beautiful" because you just met your old friend Sue again and she/he is coming over

for a visit.

This is the command:

CODE

$ sed ­i 's/ugly/beautiful/g' /home/bruno/old­friends/sue.txt

Well, that command speaks for itself "sed" edits "­i in place ( on the spot ) and replaces the word

"ugly with "beautiful" in the file "/home/bruno/old­friends/sue.txt"

Now, here comes the real magic:

Imagine you have a whole lot of files in a directory ( all about Sue ) and you want the same

command to do all those files in one go because she/he is standing right at the door . .

Remember the find command ? We will combine the two:

CODE

$ find /home/bruno/old­friends ­type f ­exec sed ­i 's/ugly/beautiful/g' {} \;

Sure in combination with the find command you can do all kind of nice tricks, even if you don't

remember where the files are located !

Aditionally I did find a little script on the net for if you often have to find and replace multiple files

at once:

CODE

#!/bin/bash

    for fl in *.php; do

    mv $fl $fl.old

    sed 's/FINDSTRING/REPLACESTRING/g' $fl.old > $fl

    rm ­f $fl.old

    done

just replace the "*.php", "FINDSTRING" and "REPLACESTRING" make it executable and you

are set.

I changed a www address in 183 .html files in one go with this little script . . . but note that you

have to use "escape­signs" ( \ ) if there are slashes in the text you want to replace, so as an

example: 's/www.search.yahoo.com\/images/www.google.com\/linux/g' to change

www.search.yahoo.com/images to www.google.com/linux

For the lovers of perl I also found this one:

CODE

# perl ­e "s/old_string/new_string/g;" ­pi.save $(find DirectoryName ­type f)

But it leaves "traces", e.g it backs up the old file with a .save extension . . . so is not really effective

when Sue comes around ;­/

Install and configure VSFTPD FTP server – RHEL 6 – CentOS 6

1. Install Vsftpd

yum install vsftpd

2. Enable vsftpd service

chkconfig vsftpd on

3. start vsftpd service

service vsftpd start

4. Check ftp port

Netstat –ntl |grep 21

5. Test FTP server access

In the browser enter ftp://IP address of the server. FTP service is running and anonymous access is enabled by default

6. Edit /etc/vsftpd/vsftpd.conf

Disable anonymous access

Anonymous_enable=NO

• Enable dual logging

Dual_log_enable=YES (This should be put above the ftp port)

Note:- It created /var/log/vsftpd.log file which uses vsftpd log format

• Enable server time for display of files and directors

Use_localtime=YES

• Enable local users to log in

          local_enable=YES

• Enable any form of FTP write command

      write_enable=YES

     7. Open port 21 in Firewall

    # iptables -I INPUT -p tcp --dport 21 --syn -j ACCEPT

    # service iptables save

    # modprobe ip_conntrack_ftp

    # service iptables restart