Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Oracle internet ports

Re: Oracle internet ports

From: Daniel <nospam_at_nospam.com>
Date: Wed, 6 Jan 1999 18:23:39 -0000
Message-ID: <7709qm$4bj$1@inet16.us.oracle.com> 





>I got a server-client software (connected via internet) using Oracle. We


>have a firewall between these applications, and have to open certain


>port so that the communication between client-server can work.


>Does anybody know which port Oracle uses, or where to find information


>about this ?






This is a complex issue.



Firstly the listener will listen on whatever port you specify in the
listener.ora file lets say port 1521 (default).



Your client will initially connect to port 1521 to establish a connection.



The listener will then send a redirect packet to the client specifying a new
port on which to connect.



The client then drops the connection to 1521 thus freeing up the listener
for the next incoming connect request and the client will re-connect to the
newly assigned port.



This re-directed port will be anywhere between 1500 and 64000 based on a
lru/next avail algorithm. (sort of)



Hmmm get the problem! We have no idea of which port will be assigned to the
new connection so how can we open this port in the firewall?



Ok we have several choices.



Purchase an intelligent "Oracle aware" firewall that will track the
re-directed port, I believe there are one or two firewalls like this but
they are a lot of money.



Open up on the firewall the large range of ports, thus destroying a lot of
security.



Open up the IP address of the server on the firewall, again destroying a lot
of security.



Purchase Oracle connection manager (cman) that will sit on the client side
of the firewall and handle all connections through a single port in the
firewall.



Or my favourite method is to use the shared sockets functionality of the new
winsock V2 TCP/IP stack. (Costs nothing and is easy to do!) On NT platform
and V8.0.4 or higher add the following to the Oracle part of the registry.



USE_SHARED_SOCKET  = TRUE


This will stop the redirect from taking place so that all connections will
use an individual socket on the same port (1521). One drawback of this
method is that you cannot stop the listener whilst you have active
connections.



Hope this helps.



Regards,



Daniel...


Received on Wed Jan 06 1999 - 12:23:39 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US