Re: How to restrict Oracle to my PC vs Internet

Moritzio wrote:

> I tried your suggestions, but must not be doing it right. Here is
> more detail:
>
> Oracle 9i, version 2, Windows XP Pro Sp1
>
> I start two oracle services only:
> 1. OracleOraHom92CRDBSAC (the database)
> 2. OracleOraHom92TNSListener
>
> Using Zone Alarm and the Enterprise Manager Console, I find that:
>
> a. Oracle RDBMA Kernal Executable (oracle.exe) must be allowed to act
> as a server on the internet, or I cannot connect to the database via
> the Enterprise Manager Console. Instead, I get a ORA-12570 TNS:Packet
> reader failure.
>
> b. TNSLSNT.exe must be allowed to access the internet or I cannot
> connect to the database with Enterprise Manager Console. It does NOT
> have to act as a server.
>
> My computer name is 3CG7501
> I named the service CRDBSAC.CG7501 because the Database Configuration
> Wizard would not allow a domain name beginning with a number. There
> is no domain controller (peer network).
>
> I have imported the following HOSTS file for the network connection:
> (using network connection-> properties->TCP/IP Properties->General
> tab->Advanced button->WINS Tab->Import LMHOSTS button)
> 127.0.0.1 localhost
> 127.0.0.1 CRDBSAC.3CG7501
> 127.0.0.1 3CG7501
>
> The HOST parameters in tsnames.ora look correct:
> # TNSNAMES.ORA Network Configuration File:
> C:\oracle\ora92\network\admin\tnsnames.ora
> # Generated by Oracle configuration tools.
>
> CRDBSAC =
> (DESCRIPTION =
> (ADDRESS_LIST =
> (ADDRESS = (PROTOCOL = TCP)(HOST = 3CG7501)(PORT = 1521))
> )
> (CONNECT_DATA =
> (SERVER = DEDICATED)
> (SERVICE_NAME = CRDBSAC.CG7501)
> )
> )
>
> INST1_HTTP =
> (DESCRIPTION =
> (ADDRESS_LIST =
> (ADDRESS = (PROTOCOL = TCP)(HOST = 3CG7501)(PORT = 1521))
> )
> (CONNECT_DATA =
> (SERVER = SHARED)
> (SERVICE_NAME = MODOSE)
> (PRESENTATION = http://HRService)
> )
> )
>
> EXTPROC_CONNECTION_DATA =
> (DESCRIPTION =
> (ADDRESS_LIST =
> (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
> )
> (CONNECT_DATA =
> (SID = PLSExtProc)
> (PRESENTATION = RO)
> )
> )
>
> CRDBSAC.CG7501 =
> (DESCRIPTION =
> (ADDRESS_LIST =
> (ADDRESS = (PROTOCOL = TCP)(HOST = 3CG7501)(PORT = 1521))
> )
> (CONNECT_DATA =
> (SID = CRDBSAC)
> (SERVER = DEDICATED)
> )
> )
>
> On Thu, 11 Dec 2003 21:33:07 +0100, Sybrand Bakker
> <gooiditweg_at_sybrandb.demon.nl> wrote:
>
>

>>On Thu, 11 Dec 2003 14:23:03 -0000, "Niall Litchfield"
>><n-litchfield_at_audit-commission.gov.uk> wrote:
>>
>>
>>>look at tcp.invited_nodes and/or tcp.excluded_nodes
>>
>>No need for that. You should use the machine name in the host= string.
>>Or use localhost and put the localhost definition in the hosts file.
>>In all other cases the system will call out, which is what the OP is
>>experiencing.

Try to understand Zonealarm, or get rid of it. The kernel is regarded a server to the internet, as it does not discriminate from where it's connections come; it could be from outside your network.

Don't panic over something you do not understand completely, and get a firewall between your network and the outside world. Zonealarm is a nice tool, but don't panic over it's logging.

And - fwiiw, I just fired up 9.2.0.1.0 in Windows, with ZoneAlarm denying Internet access. No problem.

-- 
Regards, Frank van Bortel