Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Usenet -> c.d.o.server -> Question: traversing a firewall with Oracle 9i R2.

Question: traversing a firewall with Oracle 9i R2.

From: Doug Whittier <>
Date: 30 Mar 2004 16:50:06 -0800
Message-ID: <>

Hi, all.

I'm reasonably versed in network issues, but am fairly new to Oracle.

I am attempting to configure a connection over two firewalls, allowing client communication to my 9i database server (NOT Forms).

I am addressing this connection problem one firewall at a time, and have placed a client outside the firewall that is nearest to the database server. I believe that the firewall which would be closest to the client machines is running SQLNet Proxy, but I'm not really sure yet. First things first.

I have opened up port 1521 between the client (external) and server (internal)IP Addresses.

The firewall acts as a proxy, and does not do true Address Translation. The firewall redirects traffic from a routable address on the Internet to a non-routable address inside. This routable address is what is made available to incoming client connections (it's what you'd put in your tnsnames.ora file as the HOST).

I try to connect from outside the firewall, and my client simply times out.

I did a TCP dump on the server, and it looks as if what the server sees is an attempt from a client to connect to THE SERVER'S PUBLISHED ROUTABLE ADDRESS, rather than what it sees as its true internal address. This is in fact what I'm trying to do, but the firewall isn't changing the destination address inside the packet to reflect the true address of the server.

I understand that I should be using Connection Manager to facilitate this - what I expect I need to do is to find a way to tell my server to accept connections that are destined to its true non-routable address, and also accept connections that are destined to its external, routable address which the firewall makes available to the outside world.

I am pulling my hair out trying to understand what I need to do here. Is there some parameter in the cman.ora file which will tell the server to accept such connections? Or am I barking up the wrong tree?

Many thanks for all feedback!


Doug Whittier Received on Tue Mar 30 2004 - 18:50:06 CST

Original text of this message