Message-Id: <10566.112711@fatcity.com> From: Tom Tyson Date: Sat, 22 Jul 2000 09:17:54 -0700 (PDT) Subject: RE: Oracle and SqlNet behind a firewall I had another type of problem with firewalls and MTS connections, but that wouldn't apply to a dedicated connection. The problem I had was with MTS was that the dispatchers were randomly assigning port numbers and I couldn't control through the firewall what to keep open. I finally found that you can add to the init.ora file an entry in the mts_dispatchers what port to assign to the dispatchers. mts_dispatchers = "(address=(partial=true)(protocol=tcp)(host=db.gotdata.net)(port=1104))(dispatchers=1)(SESSIONS=20)(CONNECTIONS=10)(mul=OFF)(pool=OFF)" In that example I made one dispatcher use port 1104, I just added multiple lines with each dispatcher to permanently assign them to a port, and opened those ports for incomming connections on the firewall. Tom Tyson --- Dan.Hubler@midata.com wrote: > > > Dedicated. > > What would be the concern? > > > > > > > Tom Tyson @fatcity.com on 07/21/2000 09:33:49 AM > > Please respond to ORACLE-L@fatcity.com > > Sent by: root@fatcity.com > > > Sent From the mail file of: Dan Hubler > > > To: Multiple recipients of list ORACLE-L > cc: > > Subject: RE: Oracle and SqlNet behind a firewall > > > Dan > > Are using dedicated server connections, or shared (ie MTS)? > > Tom Tyson > > --- "VanderMey, Bob" wrote: > > Dan, > > > > Our security guys complained about the same thing. When I looked into > it, I > > couldn't figure out how to limit the outbound ports. The problem is that > > the listener uses port 1521 (or another of your choice) but then hands > off > > to the database. The database then picks a port to use when talking to > the > > client. The best I could come up with at the time, wasz to have the > > security guys see which ports were being used (they all stay within a > > certain range) and then open up a range of ports somewhat lower and > higher > > than those being used. > > > > If you do figure this out, please let me know what you did. > > > > Bob VanderMey > > Oracle DBA > > OrderZone.com, Inc. > > 847 573-2687 > > bvandermey@orderzone.com > > 565 Lakeview Parkway, Suite 250 > > Vernon Hills, IL 60061 > > http://www.orderzone.com > > > > > > -----Original Message----- > > Sent: Thursday, July 20, 2000 4:08 PM > > To: Multiple recipients of list ORACLE-L > > > > > > > > Just put our first NT server with Oracle 8.0.5 and Net8 behind a > firewall. > > > > The security guys are complaining because all the inbound traffic goes in > > through port #1521, but the outbound traffic is using multiple and random > > ports. > > They don't like this. > > > > Anybody know anything about this? > > > > > > __________________________________________________ Do You Yahoo!?