This is just a quick post to highlight a problem I had recently on another Exadata deployment.
For the most customers the management network on Exadata is routable and the DNS servers are accessible. However in a recent deployment for a financial organization this wasn't the case and the storage servers were NOT able to reach the DNS servers. The customer provided a different set of DNS servers within the management network which were still able to resolve all the Exadata hostnames. If you encounter similar problem stop all cell services and run ipconf on each storage server to update the DNS servers.
On each storage server there is a service called cellwall (/etc/init.d/cellwall) which actually will run many checks and apply a lot of iptables rules. Here are couple of comments from the script to give you an idea:
# general lockdown from everything external, (then selectively permit) # general permissiveness (localhost: if you are in, you are in) # allow all udp traffic only from rdbms hosts on IPoIB only # allow DNS to work on all interfaces # open sport=53 only for DNS servers (mitigate remote-offlabel-port exploit)[/plain]
and many more but you can check the script and see what it does OR run iptables -L -n to get all the iptables rules.
Here is some more information on how to change IP addresses on Exadata:
Changing IP addresses on Exadata Database Machine (Doc ID 1317159.1)
UPDATE: Thanks to Jason Arneil for pointing out that proper way to update the configuration of the cell.