Re: Oracle 9i Shared Server across a firewall - help please !

neil_at_cudd.demon.co.uk (Neil Cudd) wrote:

>"Sybrand Bakker" <postbus_at_sybrandb.demon.nl> wrote in message news:<vbl8vbdqul0487_at_corp.supernews.com>...
>> "Neil Cudd" <neil_at_cudd.demon.co.uk> wrote in message
>> news:190d457f.0305080659.66a48dc8_at_posting.google.com...
>> > Database Server - Win 2000 Oracle 9.2.0.1
>> >
>> > Client - Win 2000 Oracle Client 9.2.0.1
>> >
>> > Between the database server and the client lies a firewall (the client
>> > is web facing) and because we are using Microsoft Transaction Server,
>> > we must use Oracle Shared Server (formerly MTS).
>> >
>> > The problem is how to limit the ports on which Oracle will
>> > communicate, so we can close down the firewall to these specific
>> > ports. Prior to 8i, it would be by specifying the port numbers for the
>> > dispatchers.Since 8i this is not possible.
>> >
>> > Am I correct in thinking that CMAN (Communication Manager) will enable
>> > me to do this ?
>> >
>> > Any examples would be very helpfull.
>> >
>> > Many thanks,
>> > Neil Cudd.
>>
>> Your assertion about mts in 8i is incorrect!
>> You can specify a port in the mts_dispatcher parameter, provided you use the
>> normal address syntax.
>> You also need to set the local_listener parameter.
>> CMAN is not needed.
>
>Hi Sybrand,
>
>thanks for your reply.
>
>I'm getting mixed messages from Oracle on this point. The Oracle note
>1016349.102 Configuring MTS with Firewalls says on the point of MTS
>Port assignment : "This configuration is valid for only Oracle 7.3.x
>and 8.0."
>
>I've already set up shared server with three dispatchers, each with a
>specified port, and set up the local listener. When I run lsnrctl
>service, I can see the connections being made to the dispatchers and
>the port number is set as spec'd. So what's my problem ? When I run
>netstat or take a look at the firwall logs there are no connections
>being made on the ports that I've set for the dispatchers. It's as
>though the port specification is being ignored :-/
>Strange .....
>
>At the moment the firewall is not locked down as well as it should be,
>so there are alot of ports open, but I expect that to change. I am
>assuming the random port assignment of shared server is finding and
>using open ports - but this is a fairly wild guess and my
>uncertainties on this have caused a postponement of a go live (not
>wanting to cry on your shoulder, you understand).
>
>Could this be a behaviour of NT (I'm more unix that NT), or have I
>missed something ?
>
>thanks for your help.
>Neil

Remember that normally, the listener reassigns the connection after initial contact, so some other port will be used for the actual session connection. On the server ( If windows ) set the registry item USE_SHARED_SOCKET to TRUE ( check on the actual name of this key, I am not at my desk ) this will require that the port specified in the listener be used for all communications for that session. ( I am also not sure how this works with MTS, but it is a place to start)

----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==---- http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups ---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =--- Received on Fri May 09 2003 - 08:48:46 CDT