Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Help - Firewalls and Oracle 7.3.2

Re: Help - Firewalls and Oracle 7.3.2

From: David Sisk <davesisk_at_ipass.net>
Date: Wed, 14 Jul 1999 21:28:45 -0400
Message-ID: <EGaj3.171$w3.286@news.ipass.net> 





Joe:



There's a few different ways that you can do this.  The problem you're
having is this:  When you first attempt to connect, the SQL*Net listener on
the IP address and port that you've specified accepts the client's
connection request.  It then tells that client "I'll tell the database
process to spawn a thread for you that's on this dynamically-assigned,
currently unused port number".  Then the client disconnects from the
listener and reconnects to the database process on the port number that it
was told about.  When you put a firewall in the middle of this process, the
port the client tries to reconnect to isn't available (because it was
dynamically-assigned).  The only way this would work is if you opened up all
ports on the firewall, but then there's no point in having a firewall :=)



In Oracle8 (specifically, the Net80 listener) you can make a registry
setting to tell it to use .....??? I can't remember what it's
called,...simultaneous connections or something like that.  (Sorry.)  You
then have the minor problem that you disconnect any clients if you stop and
restart the listener for any reason, which doesn't happen under normal
default circumstances.  (It's a small problem, but you need to be aware of
it.)



Perhaps the better solution would be this:  Oracle has made specifications
for a SQL*Net proxy available to all the major firewall vendors.  Many of
them have written SQL*Net proxies for their firewalls (Oracle IS pretty
popular).  This proxy handles the dynamic port mapping through the firewall
in a secure manner.  If you have a firewall from ANS, they already include
the SQL*Net proxy with their most recent version of the firewall software.
Otherwise, contact your firewall vendor and see if they have a SQL*Net
proxy.



Good luck,



--


David C. Sisk


The Unofficial ORACLE on NT site


http://www.ipass.net/~davesisk/oont.htm





Joe Long wrote in message <378CF9FE.98A82720_at_cticallcenter.com>...


>Good Afternoon,


>     We are trying to put some reports on the web using ASP pages that


>query our Oracle 7.3.2 server (on NT4.0 Svcpak 4, DEC Alpha).  The web


>server passes the queries thru a firewall which is configured for port


>access.  Unfortunately, when it replies, the Oracle server process is


>grabbing random TCPIP ports from the NT OS.  Does anyone know of a way


>to force Oracle to use a specific port when replying to a query?  The


>folks at Oracle say no.  But if that is the case, how do you implement


>any kind of security if you want to make data available on the web?


>Finally, does Oracle 8, or 8i, fix this problem.


>Thanks in advance!!!


>


>Joe Long


>joe.long_at_cticallcenter.com




Received on Wed Jul 14 1999 - 20:28:45 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US