Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Multi-homed interface and Oracle listener

Re: Multi-homed interface and Oracle listener

From: Jeff Traigle <traigle_at_si.umich.edu>
Date: Wed, 22 Jan 2003 18:50:21 -0500
Message-ID: <BA54986D.3EFF4%traigle@si.umich.edu> 





On 1/19/03 10:08 AM, in article 3E2ABF6D.CE94122D_at_exesolutions.com, "DA
Morgan" <damorgan_at_exesolutions.com> wrote:


> Paul Drake wrote:
> 




>> "Paul Sure" <phv_temp_at_yahoo.com> wrote in message

>> news:<v2ou9uko3bta7a_at_corp.supernews.com>...


>>>> tcp        0      0  *.1521                 *.*                 LISTEN
>>> 
>>> Well this looks obvious.
>>> 
>>> In fact I didn't see much services that have restrictions on which ip
>>> address they listen to or to which addresses they answer. Apache has the
>>> possibility to service only on certain ip adresses (interfaces). Don't know
>>> if you can tell the Oracle listener only to listen for connections on
>>> specific ip addresses.
>>> Guess you hve to use tcp wrappers for that.
>>> 
>>> Paul




>> 

>> in 8.1.x one could use a protocol.ora file in the

>> %ORACLE_HOME%\Network\Admin

>> to define hosts that are either explicitly allowed or explicitly

>> denied.

>> 

>> http://download-west.oracle.com/docs/cd/A87860_01/doc/network.817/a76933/para

>> ms.htm#478104

>> 

>> tcp.validnode_checking=yes

>> tcp.excluded_nodes= (foo.com, 192.168.0.0)

>> tcp.invited_nodes= (mydomain.com, 172.16.1.0)

>> 

>> One could also use the Oracle Connection Manager utility to set an

>> access policy via ip address.

>> 

>> hth,

>> 

>> Paul


> 
> FYI: In Oracle 9i the protoco.ora has been eliminated and these entries are
> valid in sqlnet.ora.
> 
> Daniel Morgan
> 





Not that it applies to my company's ancient 7.3 database, but do these
entries in 8.1 and above (be they in protocol.ora or sqlnet.ora, depending
on version) have anything to do with the addresses the listener watches? It
seems to me (though I admit I haven't had time to peruse any documentation
for the later versions) that these entries probably only restrict which
addresses are allowed to connect to the database (much as the only_from
option for telnetd and wu-ftpd works for xinetd on Red Hat Linux), not
controlling which addresses the listener on the server actually monitors.
(It could just be the .0 at the end of the addresses in the example above
making it seem like that and they weren't intended to represent an entire
subnet of addresses instead of specific IP addresses configured on
interfaces on the server.)


-- 
Jeff Traigle
traigle_at_si.umich.edu
http://www-personal.si.umich.edu/~traigle/


Received on Wed Jan 22 2003 - 17:50:21 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US