Re: SQL*Net connection thru a firewall

Phil Herring <revdoc_at_uow.edu.au> wrote in article <61jo77$ajp$1_at_wyrm.its.uow.edu.au>...
> In article <01bcd3fc$32de9ac0$64d91ba1_at_Vturchetti_ptb.infostrada.it>
 Vittorio Turchetti, vturchetti_at_infostrada.it writes:
> >Have you any advice or warning about building applications connecting to
 an
> >Oracle database through a firewall?
>
> Assuming that you're using SQL*Net, you'll need firewall software that
> understands that protocol, because only the initial connection request
 goes
> to the listener port - all subsequent traffic uses an arbitrary port

                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^     
    

> number. There are a number of commercial firewalls that handle this
> situation.

I disagree. Do not confuse the socket handle with the port number. After an accept() by the listener on port 1521 a socket handle is created which is used for communication. This socket is still bind() to port 1521. Test it from a Win95 PC using the netstat command - after the initial connection to the server on port 1521 (ir whatever port the listener sits on), _no_ new connections on any ports are initiated automatically between the child process (which the listener fork()) on the server and the client process on the PC.

regards,
Billy Received on Fri Oct 10 1997 - 00:00:00 CDT