Re: Used ports on oracle

From: Holger Baer <holger.baer_at_science-computing.de>
Date: Mon, 15 Mar 2004 15:28:14 +0100
Message-ID: <c34ehv$56t$1@news.BelWue.DE>

Howard J. Rogers wrote:
> "Oebele Dijkstra" <O.Dijkstra_at_odconsult.net> wrote in message
> news:4055b7fa$0$67332$e4fe514c_at_dreader8.news.xs4all.nl...
>

>>hello all,
>>
>>We try to connect to an oracle database over a VPN.
>>
>>I thought only the listener port (1521 by default) should be opened in the
>>firewall.

>
>
> That would be the case if, having contacted the listener, you stayed
> connected to it. But you don't: the listener forwards you on to a server
> process which it spawns on a completely random port. You need to be able to
> connect to that randomly-chosen port.
>
> Which means drilling enough holes in your firewall that it acts more like a
> sieve than a firewall, or upgrading your firewall technology. Statefull
> packet inspection firewalls are what you need, preferably one certified by
> Oracle.
>
> Or you could spend a smallish fortune on licensing the CMAN ("Connection
> Manager") product from Oracle. One of its jobs is to drill through firewalls
> on a well-defined few-port basis.
>
> Regards
> HJR
>
>

You forgot about USE_SHARED_SOCKET, however, the OP didn't tell us what Oracle Version and what OS he is on, so maybe that would not apply here (due to bugs in 8.1.7 IIRC)

>
>

>>But: in the sqlnet.ora on the server i can see that i am connected but on

Cool! The connection turns up in your config? ;-)

Regards,

Holger Received on Mon Mar 15 2004 - 08:28:14 CST