| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> AW: Oracle connection through firewall
-----Ursprüngliche Nachricht-----
Von: Stefan Jahnke [mailto:Stefan.Jahnke_at_bov.de]
Gesendet: Mittwoch, 12. Februar 2003 13:14
An: Multiple recipients of list ORACLE-L
Betreff: Oracle connection through firewall
Hi everybody
Since I'm a networking dummy, here's a question that might be easy to answer:
I have to setup client access (Oracle Net) to an Oracle Database through a
firewall. So far, I only know that the listener listens on a dedicated port
(like 1521). After a client requested a connection, a dedicated server
process is started (this is not an MTS environment) and the listener is
informed about the port the server process wants to use to communicate with
the client. The listener sends this information to the client and from
thereon, the client can communicate with the server through this port.
Now, I'm wondering about what ports do I have to keep open on the firewall
between client and Oracle server ?
&&>>>yes, you have to do this.
1521 is probably not enough, since this let's the client only reach the listener itself. What happens then ? Can I restrict Oracle Net to a range of ports for the server processes to be used (didn't find that in the fine manual) ?
&&>> As far as I know OracleNet can not do this for you- this is an
operating system issue. This means
you should configure your OS regarding the acceptable range of local ports,
but this range will be for
all servers on this host, not only for Oracle. For more info, you can follow
this link
"http://en.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/cha
p6sec70.html" (Linux specific, although the other OSes should have similar
parameters). Then you should configure your firewall to accept from outside
the configured range of ports. But would make the existence of the firewall
pointless.
If so, how is this done ? Or do I
have to go with Oracle connection manager ?
&&&&>>> Definitely.
Best regards.
Milen Kulev
Regards,
Stefan Jahnke
Consultant
BOV Aktiengesellschaft
Voice: +49 201 - 4513-298
Fax: +49 201 - 4513-149
mailto: stefan.jahnke_at_nospam.bov.de
Please remove nospam to contact me via email.
visit our website: http://www.bov.de
subscribe to our newsletter: http://www.bov.de/presse/newsletter.asp
Sicherheitsluecken mit IT-Security-Konzepten von BOV effizient schliessen! Weitere Informationen unter +49 201/45 13-240 oder E-Mail an mailto:andrea.palluck_at_bov.de.
Wie Sie wissen, koennen ueber das Internet versandte E-Mails leicht unter fremden Namen erstellt oder manipuliert werden. Aus diesem Grunde bitten wir um Verstaendnis dafuer, dass wir zu Ihrem und unserem Schutz die rechtliche Verbindlichkeit der vorstehenden Erklaerungen und Aeusserungen ausschliessen.
As you are probably aware, e-mails sent via the Internet can easily be copied or manipulated by third parties. For this reason we would ask for your understanding that, for your own protection and ours, we must decline all legal responsibility for the validity of the statements and comments given above.
-- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Stefan Jahnke INET: Stefan.Jahnke_at_bov.de Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Kulev, Milen INET: Milen.Kulev_at_BusinessMart.de Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Wed Feb 12 2003 - 07:38:48 CST
 |
 |