| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle 9i Shared Server across a firewall - help please !
"Sybrand Bakker" <postbus_at_sybrandb.demon.nl> wrote in message news:<vbl8vbdqul0487_at_corp.supernews.com>...
> "Neil Cudd" <neil_at_cudd.demon.co.uk> wrote in message
> news:190d457f.0305080659.66a48dc8_at_posting.google.com...
> > Database Server - Win 2000 Oracle 9.2.0.1
> >
> > Client - Win 2000 Oracle Client 9.2.0.1
> >
> > Between the database server and the client lies a firewall (the client
> > is web facing) and because we are using Microsoft Transaction Server,
> > we must use Oracle Shared Server (formerly MTS).
> >
> > The problem is how to limit the ports on which Oracle will
> > communicate, so we can close down the firewall to these specific
> > ports. Prior to 8i, it would be by specifying the port numbers for the
> > dispatchers.Since 8i this is not possible.
> >
> > Am I correct in thinking that CMAN (Communication Manager) will enable
> > me to do this ?
> >
> > Any examples would be very helpfull.
> >
> > Many thanks,
> > Neil Cudd.
>
> Your assertion about mts in 8i is incorrect!
> You can specify a port in the mts_dispatcher parameter, provided you use the
> normal address syntax.
> You also need to set the local_listener parameter.
> CMAN is not needed.
Hi Sybrand,
thanks for your reply.
I'm getting mixed messages from Oracle on this point. The Oracle note 1016349.102 Configuring MTS with Firewalls says on the point of MTS Port assignment : "This configuration is valid for only Oracle 7.3.x and 8.0."
I've already set up shared server with three dispatchers, each with a specified port, and set up the local listener. When I run lsnrctl service, I can see the connections being made to the dispatchers and the port number is set as spec'd. So what's my problem ? When I run netstat or take a look at the firwall logs there are no connections being made on the ports that I've set for the dispatchers. It's as though the port specification is being ignored :-/ Strange .....
At the moment the firewall is not locked down as well as it should be, so there are alot of ports open, but I expect that to change. I am assuming the random port assignment of shared server is finding and using open ports - but this is a fairly wild guess and my uncertainties on this have caused a postponement of a go live (not wanting to cry on your shoulder, you understand).
Could this be a behaviour of NT (I'm more unix that NT), or have I missed something ?
thanks for your help.
Neil
Received on Thu May 08 2003 - 19:12:46 CDT
 |
 |