Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: firewall for Oracle 9i ?

Re: firewall for Oracle 9i ?

From: Frank <fvanbortel_at_netscape.net>
Date: Sun, 13 Apr 2003 19:21:34 +0200
Message-ID: <3E999C9E.40902@netscape.net> 





Kamran Remin wrote:


> "Frank" <fvanbortel_at_netscape.net> schrieb im Newsbeitrag

> news:3E9962E5.1000206_at_netscape.net...

> 


>>Kamran Remin wrote:
>>
>>>Hi NG,
>>>
>>>does anybody know, if there is something like an Application Level
>>




> Gateway /

> 


>>>Proxy that can be used with Oracle 9i?
>>>
>>>I would like to have two Oracle Servers that have a Proxy or something
>>




> like

> 


>>>that between them. I Think the Oracle 9i AS is not the right thing for
>>




> such

> 


>>>a situation, right?
>>>
>>
>>You are not very clear: "a Proxy or something like that". What would be
>>the purpose?
>>
>>All I can guess is Application Interconnect (OAI).
>>--
>>Regards, Frank van Bortel
>>




> 

> 

> Hi Frank,

> 

> i try to explain it more clearly:

> 

> I need a Application Proxy that works with Oracle. Searching the Internat i

> found out so far, that Oracle sells the sourcecode for an "Oracle Proxy" to

> companys that buil firewalls (Cisco/PIX, SUN/Netscreen, etc.) so they can

> implement it in their firewalls.

> But then i have read that there is a problem when using the Oracle Databsae

> is configured as a multi-threaded one, because tehy are using random ports

> to talk back to the client. With Oracle databases that are installed as

> dedicated one, there seems to less / no problems, because they seem to just

> talk over one port. There is for example the Zorp Firewall/Proxy (runs on

> Linux/Unix) that supports fully SQLNET8, but only when you are NOT using

> SQLNET8 with random port assignment.

> Then i found that there is something called "Oracle Connection Manager"

> (OCM) . First i thougt, that the OCM is a piece of software you install on

> an extra server and that the OCM acts like a Proxy/Firewall. But after

> reading this:

> http://storacle.princeton.edu:9001/oracle8-doc/network.805/a58230/ch7.htm ,

> i think that it is just an extra feature of the Oracle 8i/9i Enterprise

> Edition. Under the point 7.1.1 in the mentioned document, there is the

> following sentence:

> 

> "Oracle Connection Manager enables you to take advantage of Net8's ability

> to multiplex or funnel multiple logical client sessions through a single

> transport connection to a multi-threaded server destination."

> 

> Does this mean that i could use one Oracle DB with the OCM installed on it

> and give the traffic to the Zorp Proxy (which can check all the traffic up

> to the Application Level) and then pass the traffic to the second Oracle DB

> that runs multi-threaded?

> 

> Hope you understood what i wrote?

> 

> Regards,

> Kamran Remin

> 

> 

> 




A proxy server is a program or device that filters and/or caches
internet content.


The problems you describe have to do with firewalls. A firewall
is a program/device that blocks or lets pass traffic on defined
ports. Some firewalls actually understand the kind of traffic, and
pass this, no matter what port. For SQL*Net, this is called an
SQL*Net aware firewall. Zorp seems to fall in that category.



Another option would be to use shared_socket (works on Unix,
broken on 8iR3 (8.1.7) for Windows...


Should work again for 9i - haven't beeable to test.
Or connection manager (as you have found out), or use MTS for
several predefined ports.



I still do not see why you want a second database to run - is this
about having traffic from one db to another over a firewall? If so,
take a look at the http-adapter (part of InterConnect)

-- 
Regards, Frank van Bortel


Received on Sun Apr 13 2003 - 12:21:34 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US