| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Multi-homed interface and Oracle listener
Jeff Traigle wrote:
> On 1/19/03 10:08 AM, in article 3E2ABF6D.CE94122D_at_exesolutions.com, "DA
> Morgan" <damorgan_at_exesolutions.com> wrote:
>
> > Paul Drake wrote:
> >
> >> "Paul Sure" <phv_temp_at_yahoo.com> wrote in message
> >> news:<v2ou9uko3bta7a_at_corp.supernews.com>...
> >>>> tcp 0 0 *.1521 *.* LISTEN
> >>>
> >>> Well this looks obvious.
> >>>
> >>> In fact I didn't see much services that have restrictions on which ip
> >>> address they listen to or to which addresses they answer. Apache has the
> >>> possibility to service only on certain ip adresses (interfaces). Don't know
> >>> if you can tell the Oracle listener only to listen for connections on
> >>> specific ip addresses.
> >>> Guess you hve to use tcp wrappers for that.
> >>>
> >>> Paul
> >>
> >> in 8.1.x one could use a protocol.ora file in the
> >> %ORACLE_HOME%\Network\Admin
> >> to define hosts that are either explicitly allowed or explicitly
> >> denied.
> >>
> >> http://download-west.oracle.com/docs/cd/A87860_01/doc/network.817/a76933/para
> >> ms.htm#478104
> >>
> >> tcp.validnode_checking=yes
> >> tcp.excluded_nodes= (foo.com, 192.168.0.0)
> >> tcp.invited_nodes= (mydomain.com, 172.16.1.0)
> >>
> >> One could also use the Oracle Connection Manager utility to set an
> >> access policy via ip address.
> >>
> >> hth,
> >>
> >> Paul
> >
> > FYI: In Oracle 9i the protoco.ora has been eliminated and these entries are
> > valid in sqlnet.ora.
> >
> > Daniel Morgan
> >
>
> Not that it applies to my company's ancient 7.3 database, but do these
> entries in 8.1 and above (be they in protocol.ora or sqlnet.ora, depending
> on version) have anything to do with the addresses the listener watches? It
> seems to me (though I admit I haven't had time to peruse any documentation
> for the later versions) that these entries probably only restrict which
> addresses are allowed to connect to the database (much as the only_from
> option for telnetd and wu-ftpd works for xinetd on Red Hat Linux), not
> controlling which addresses the listener on the server actually monitors.
> (It could just be the .0 at the end of the addresses in the example above
> making it seem like that and they weren't intended to represent an entire
> subnet of addresses instead of specific IP addresses configured on
> interfaces on the server.)
>
> --
> Jeff Traigle
> traigle_at_si.umich.edu
> http://www-personal.si.umich.edu/~traigle/
Your presumption is correct. They have nothing to do with the address the listener watches.
Daniel Morgan Received on Mon Jan 20 2003 - 20:34:53 CST
 |
 |