Access Oracle via Firewall

I am attempting to access an Oracle 7.1 data base through a firewall
(not a proxy firewall) using SQL*Net 2.3. The IP address that is in
HOSTS and accessed via TNSNAMES.ORA is an address on the firewall. On the backside of the firewall is the Oracle data base with the actual IP address. The firewall takes care of all the translations so that it should be transparent to the client. Well, not for SQL*Net 2.3.

Apparently, when the first connect message is sent through SQL*Net 2.3, it sends it to the firewall address. The firewall then sends the message on to the data base. When the connect response is returned, SQL*Net LOOKS INSIDE THE RETURNED PACKET to get the real address of the data base. It is this address that it then uses from here on out to address the data base. This address (the true data base address) is not reachable by the client (if it were, we wouldn't be going through the firewall in the first place).

Why does SQL*Net 2.3 look inside packets to get real addresses? Why doesn't it trust what is inside TNSNAMES.ORA and HOSTS? When did Oracle decide to change this, since SQL*NET 1 works fine through this firewall
(although, as I understand it, SQL*Net 1 uses nailed up connections)?
Does anyone know of any work arounds for this (Oracle says changing the firewall to a proxy firewall, but that means we have to change all the other client applications that work through this firewall to understand about proxy firewalls)?

TIA,
Jim Baska Received on Thu May 15 1997 - 00:00:00 CDT