| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: SQL*Net through a Firewall
On Thu, 05 Feb 1998 15:34:18 GMT, kirmo.uusitalo.NO.SPAM_at_iki.fi (Kirmo Uusitalo) wrote:
>On Mon, 02 Feb 1998 15:02:46 +1000, Sys Admin
><sysadmin_at_vdoj.vic.gov.au> wrote:
>
>>We have a requirement to replicate a database through a firewall. I am
>>assuming that if we can use DB_LINKS using SQL*Net through the firewall
>>then Replication will also work (?).
>>
>>However, when we tested a SQL*Net connection through a firewall our
>>comms guy said it spawned a lot of child processes which he was not
>>happy with (they seemed to be within a large range which he said would
>>be difficult to allow for).
>>
>>Has anyone done this successfully? The only documentation I have is an
>>Oracle Whitepaper dated 1995 and Oracle Support said this is the latest
>>one, which is surprising.
>>
>>Does anyone know of any decent up-to-date documentation on this? I
>>suspect it is quite a common request these days.
>>
>>Thanks in Advance,
>>
>>Andy Horne
>
>I am trying to get a connect through a proxy and SQL*Net 2 to two
>different Oracle databases.
>
>First one is 7.1 and I was able to get the connection working by doing
>a simple port replication (proxy machine port 21521 to 1521 on the
>machine Oracle is running).
>
>However, when I tried the same to Oracle 7.3.2., looks like the
>connection on port 1521 is closed shortly after the connect request,
>and I receive a message telling that the 7.3.2.OracleMachine can't be
>reached. Looks like that the 1521 connection is used to negotiate
>another port that isn't covered by the proxy.
>
>My question is what makes the two configurations different? is there a
>init.ora setting that could be used to make the 7.3.2 server use only
>1521 port?
>
>I found an article with dejanews in which was hinted that setting
>server=dedicated in the tnsnames.ora for the database alias would
>solve the problem. Unfortunately I couldn't find any information on
>this in the Oracle documentation.
>
>Does any of you fellow Oracle users have more information on this
>issue ?
Hmmm...
This depends a bit on what kinda Firewall you are using and on what
OS.
I have been doing some extensive testing of SQL*Net through Firewall-1 from Checkpoint Software which has a proxy for SQL*Net. The OS was Windows NT 4.0 with Service Pack 3 on the client, firewall and server.
The main problem with using Windows NT is that it can not handle port sharing, i.e. it is not possible to have both the listner process and the oracle process work on the same port. What normally happens is that the initial connection from the client is made on port 1521, the listener establishes the credentials and then starts the oracle process and opens a new port from the server to the client for further communications and returns to listening on port 1521.
On UNIX it is possible to have the listener and oracle process work on the same port, which will reduce the number of ports involved. Normally it should not be too much of a problem opening a new port, because it is only done after the security is validated, and the opening is done from the server to the client.
Expect port sharing to be a feature in NT 5.0....
Regards
Svein Erik Brostigen
Senior Support Consultant
Oracle Norway - Server Support
sbrostig@!no.oracle.com
(pls, remove the ! from my mail-adr, spam avoider :)
Received on Mon Feb 16 1998 - 00:00:00 CST
 |
 |