Re: SQL*Net connection thru a firewall

Billy Verreynne (vslabs_at_onwe.co.za) wrote:
: Phil Herring <revdoc_at_uow.edu.au> wrote in article
: <61jo77$ajp$1_at_wyrm.its.uow.edu.au>...
: > In article <01bcd3fc$32de9ac0$64d91ba1_at_Vturchetti_ptb.infostrada.it>
 Vittorio Turchetti, vturchetti_at_infostrada.it writes:
: > >Have you any advice or warning about building applications connecting to
 an
: > >Oracle database through a firewall?
: >
: > Assuming that you're using SQL*Net, you'll need firewall software that
: > understands that protocol, because only the initial connection request
 goes
: > to the listener port - all subsequent traffic uses an arbitrary port
: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
:
: > number. There are a number of commercial firewalls that handle this
: > situation.
 

: I disagree. Do not confuse the socket handle with the port number. After an
: accept() by the listener on port 1521 a socket handle is created which is
: used for communication. This socket is still bind() to port 1521. Test it
: from a Win95 PC using the netstat command - after the initial connection to
: the server on port 1521 (ir whatever port the listener sits on), _no_ new
: connections on any ports are initiated automatically between the child
: process (which the listener fork()) on the server and the client process
: on the PC.

I disagree - these details depend on further settings, such as - MTS settings in the server side init*.ora, listener.ora - using "server = dedicated" in the client side tnsnames.ora   (this will usually cause "simpler", i.e. "firewall-friendly" behaviour)

M. Roos, University of Zurich Received on Sun Oct 12 1997 - 00:00:00 CDT