Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Setting up a SQL*Net/Net8 Proxy?

Re: Setting up a SQL*Net/Net8 Proxy?

From: kc <kc_news2000_at_yahoo.com>
Date: 11 Sep 2002 22:50:32 -0700
Message-ID: <a20fe1ab.0209112150.5be43c9c@posting.google.com> 






toledodba25_at_hotmail.com (Cstyle) wrote in message news:<21ea6d1e.0209110725.48482adf_at_posting.google.com>...


> We put a firewall in place locally this morning, and now I can't

> connect to oracle from my desktop.  I can ping the machine, but when I

> try to get in through SQL Plus or DBA Studio I get the error

> 'ORA-12535: TNS:operation timed out'.  The port in tnsnames.ora is

> open through the firewall.  I've been reading on meta link how to

> trouble shoot the error with Note:119706.1.  If you look at that note

> it contains the following tid bit on firewalls with windows:

>  

> Note A 

> 2. If you are going through a Firewall, and your server platforms are

> NT,

>    then you must ensure that the port being listened on is open as

> well as

>    setting up a SQL*Net/Net8 Proxy, such as Net8 Connection Manager,

> if none

>    is provided by the Firewall vendor.

>    The reason is that, even though the port is open, the TCP layer

> will

>    REDIRECT the port to another port.

>    This is due to Winsock2 workings under Microsoft.

> 

> OK, how do I set up a SQL*Net/Net8 Proxy?  Any ideas?  I'm looking

> around Oracle Net8 Assistant and I'm not seeing anything.  Any help

> you could give would be great!




If your firewall is not NET8/SQLNET "aware" you need to use connection
manager.



By "aware" the firewall will know that a client connected on port 1521
and the oracle server is attempting to communicate back on a higher
random port. If the firewall doesnt know about NET8/SQLNET then the
connection gets dropped on the way out by the firewall. Sounds like
your firewall is not NET8/SQLNET aware or this function is not on.



However, using connection manager you can get around this situation.
Connection manager will listen on one port only <usually port 1630>
for communications back and forth to the Oracle server. AFAIK there is
no GUI for connection manager. You will need to read the docs and edit
listener and tnsnames. There is a really great explanation with some
limited examples at


http://www.gennick.com/lock_the_door.html



This page is more user-friendly than my attempt at it.



Even if the Oracle server is on windows you can edit the connection
manager rules to only allow certain IP address connections (like a
Unix hosts.allow file). You may still want to consider a VPN/SSH
encrypted connection. SQLNET/NET8 is clear text traffic.



KC
Received on Thu Sep 12 2002 - 00:50:32 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US