Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: windows2000 Oracle 817 behind firewall

Re: windows2000 Oracle 817 behind firewall

From: Svend Jensen <Svend_at_OracleCare.Com>
Date: Wed, 19 Jun 2002 19:21:37 +0200
Message-ID: <3D10BDA1.9030308@OracleCare.Com> 





Niall Litchfield wrote:


> The database server needs to be restarted after settting the environment
> variable AND your firewall needs to be aware of sqlnet/net8 traffic.
> 
> 
> --
> Niall Litchfield
> Oracle DBA
> Audit Commission UK
> *****************************************
> Please include version and platform
> and SQL where applicable
> It makes life easier and increases the
> likelihood of a good answer
> 
> ******************************************
> "Svend Jensen" <Svend_at_OracleCare.Com> wrote in message
> news:3D0F9863.2080805_at_OracleCare.Com...
> 




>>Senario: The IAS (client in this case) must connect to dedicated (not

>>MTS) database hidden behind firewall(s).

>>The firewall(s) allows tcp connections on say port 80 (http), 443

>>(https) and 1521 (sql*net/listener).

>>The initial connection is established, autorisation is granted and the

>>connection is redirected to some random port (> 1000) ie. 1610, 2843

>>The firewall perhibits successfull redirection  and the client ses this

>>as ora-3113 end of communication channel or the something alike.

>>

>>The cure (metalink) is to set USE_SHARED_SOCKET in system

>>enviroment/registry. But this doesnt work, random port asignment is

>>still in force. This is due to using socket 1.1 according to Support,

>>and we must use socket 2.0.

>>Windows resource kit says both socket 1.1 and 2.0 is installed and the

>>named files are physical there, but apparently not used.

>>

>>A less nice solution is to use MTS and connection manager (cman), if it

>>works(!?!), but I would rather stick with dedicated mode.

>>

>>Anybody cracked this nut(case)?

>>

>>Svend Jensen

>>

>>



> 


> 



Reboot is tried. I am testing with another inhouse server (excluding the 
firewall for now), and check the listener.log for the new connections 
and the port assigned to the new session.
I forgot to mention that the server has two network cards and is 
connected to ethernet and token ring network in separate address spaces.
I have tried with two listeners, one for each network without success.
And one listener for both networks - tree combinations of address:port 
plus the IPC and extproc. None will work.
Also tried the MTS option, and that refuses to spawn/enable shared 
connection, saying no service to fullfill ??...?? Requesting dedicated 
connection works (server=dedicated in tns_names.ora).



Anybody out there having similar setup? And knows a fix?



rgds



/Svend Jensen
Received on Wed Jun 19 2002 - 12:21:37 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US