Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: SQLNet through a firewall
"John Flack" <JCFlack_at_prodigy.net> writes:
> It hands the process a randomly selected port for the continuing connection
> to use, and informs SQL*Net on the client. Then the listener gets out of the
> way, and resumes listening for the next connection. Notice that the
> connection is no longer using the port on which it was started.
This is only true of MTS connections. Dedicated servers continue to use port 1521 or whatever you have configured.
> So you have to configure the firewall so that it will allow traffic on any
> port, PROVIDED that the original connection was on the listener's port.
> This is a fairly common situation on TCP/IP, and you should be able to find
> a good example of it in your firewall's manual. I think either ftp or
> telnet work this way, but I forget which.
FTP works like this, which is why firewalls often require you use passive ftp to get through. MTS connections are kind of like passive ftp except you're probably trying to get _into_ a protected subnet rather than out of one, so it's backwards from what you need.
I use a TNS entry like this to tunnel TNS connections across ssh which is a similar problem -- and a little encryption is not a bad idea if you're going to be punching holes in firewalls.
SSH =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (COMMUNITY = tcp.world) (PROTOCOL = TCP) (Host = localhost) (Port = 1522) )
--
greg
Received on Sat Nov 13 1999 - 08:47:07 CST