Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: firewall sqlnet woes

Re: firewall sqlnet woes

From: Andrew Babb <andrewb_at_mail.com>
Date: Sat, 24 Apr 1999 11:51:33 +0800
Message-ID: <37213FC5.24846019@mail.com>


Hi Dan and Nandan,

You can trace SQL*Net operations, both on the client side and the server side with trace options in both the sqlnet.ora on the client and listener.ora on the server. A trace level of 16 is the debug trace level, aka MB's per minute, and you may be able to discover what is going on.

The two parameters are;
SQLNET.ORA -> TRACE_LEVEL_CLIENT=value
SQLNET.ORA -> TRACE_LEVEL_SERVER=value
LISTENER.ORA -> TRACE_LEVEL_listener=value

where value is OFF, USER, ADMIN, SUPPORT or OFF, 1 thru 16.

Rgds
Andrew Babb

BTW - Checkout http://technet.oracle.com/doc/network.804/a58230/toc.htm for the Oracle8 SQL*Net guide.

Nandan Kalle wrote:

> Andrew/Dan:
>
> I am also trying to connect thru firewalls. I believe it *is* possible, but
> I can't figure out how to configure the Listener properly.
>
> Oracle's whitepaper, SQL*Net and Firewalls, indicates that in certain
> circumstances it *is* possible to configure the Listener to create shadow
> processes on a single port. Specifically, on page 3, it says "When the IP
> port number of the SQL*Net connection can be determined in advance, such as
> 1521, then connection can be permitted with some degree of security.
> Systems running multi-threaded servers, pre-spawned servers or ones with
> architectures that do not support IP port sharing, require dynamic port
> allocation which tends to prevent connections."
>
> So, Dan, as long as you don't fall under any of the exemptions (MTS,
> pre-spawn or no port-sharing) this should be possible.
>
> Page 6 of the whitepaper describes the connection sequence. "Depending on
> the operating system and TCP/IP protocl implementaiton, one of the following
> procedures is performed. 1) The listener bequeaths the client conection to
> the spawned server, effectively sharing the listener's IP port 1521.
> Wherever possible, the listener bequeaths the connection instead of
> redirecting it. 2) The Server performs a wild-card listen to obtain a
> unique IP port number from the operating system and communicates the port
> number allocated to the listner process. The listener then issues a
> redirect, containing the wild-card address, to the client and drops the
> conneciton. The client then calls the dedicated server process directly
> using the wild-card port number provided in the redirect message."
>
> Obviously, we'd prefer option 1 to occur. The question is, how can we
> ensure that this happens?
>
> We're running Oracle for Workgroups 7.3 on NT 4.0, so I don't think we fall
> under any of the "exemptions" listed in the first quote-- Dan, you should
> check and make sure you're OK here.
>
> Do we need to do anything special to the listener to encourage it to use
> port 1521?
>
> Also, is there a way to "trace" the listener to see how it's handling the
> connection?
>
> Dan, if anyone sends you answers offline, would you pls forward them to me?
> I would really appreciate it.
>
> Thanks.
> Nandan Kalle
Received on Fri Apr 23 1999 - 22:51:33 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US