Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: restricting network ports on oracle client

Re: restricting network ports on oracle client

From: Joe Long <joe.long_at_cticallcenter.com>
Date: Fri, 20 Aug 1999 10:41:32 -0500
Message-ID: <37BD772C.27E563A3@cticallcenter.com> 





Good Morning,


     IF you are using NT, there is a registry setting you can add that
will force the server to 'reply' using the same port.  Under the
HKEY_LOCAL_MACHINE\Software\Oracle subkey, add a VALUE of REG_EXPAND_SZ
type with a title of USE_SHARED_SOCKET.  Then give it a value of TRUE. 
Can't remember if you have to shutdown the machine afterwards, or just
stop and restart the Listener service.  Hope if helps.
Joe Long



raff32_at_my-deja.com wrote:


> 


> I have currently run into a security problem with


> net8 and was wondering


> if you could help me out


> or spread some light on the issue for me.  I want


> to configure the


> Oracle clients to connect


> to the database using a specified range of Ports.


> I assume this


> configuration will go in the tnsnames.ora


> file but I do not know the syntax nor have I been


> able to find an


> example.


> Here's a sample tnsnames file to help my


> explanation.


> 


> DB2 =


>   (DESCRIPTION =



>     (ADDRESS = (PROTOCOL = TCP)(HOST =



> MY.DATABASE.COM)(PORT = 1521))



>     (CONNECT_DATA = (SID = ORCL))



>   )


> 


> This tells the client to connect up to the oracle


> listener at


> MY.DATABASE.COM on port 1521.


> (thats easy)  What I want to do is restrict what


> port oracle replies on.


> Security wants to close all ports that are not


> being used by a firewall


> and want me to give them specific ports


> or a range of ports where oracle will communicate


> with the clients.


> Currently the database is replying


> on ports in a range from 30000 to 50000, but this


> depends on the box


> that makes the call.  Each box


> seems to be in a restricted range.


> 


> Here is an example from the listener.log


> 


> (CONNECT_DATA=(SID=ORCL)(CID=(PROGRAM=)(HOST=MY.CL



> IENT.COM)(USER=CLIENT)))



> *


> (ADDRESS=(PROTOCOL=tcp)(HOST=MY.DATABASE.COM)(PORT


> =33022)) * establish *


> orcl* 0


> 


> Here the listener is replying to MY.CLIENT.COM on


> port 33022.  I want to


> configure the ports or range


> of ports where the listener responds.  I assume


> this is done in either


> the tnsnames.ora on the client or


> the listener.ora on the server.  (my guess is


> tnsnames with a parameter


> called source but I have not been


> able to find an example).   Can you help me out


> with this.  Maybe send


> me a tnsnames.ora


> that has this configured so I can see the syntax.


> Point to the correct


> documentation or something.


> Thanks in advance.


> 


> Sent via Deja.com http://www.deja.com/


> Share what you know. Learn what you don't.


Received on Fri Aug 20 1999 - 10:41:32 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US