Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: database in firewall
adamenos <adamenos_at_yahoo.com> wrote:
> Take a look at the Oracle Net configuration guide (online at
> www.oracle.com). In order to connect to a database you need to be
> able to connect to the listener for that database. Sometimes, due to
> the way the system administrator has the server configured, the
> listener is unable to work using the default configuration. The
> default configuration of the listener uses port redirection. If the
> listener is listening on port 3152 for database connection requests
> and a request is received then the listener will dynamically assign a
> new port number for that session to communicate on. If the ports have
> been locked down by the sys admin then the listener will be unable to
> assign the session a port number and the connection will not be made.
>
> We had a similar issue at work where we had to allow a range of ports
> to be available for the listener to use.
>
Port redirection takes place not at all, it depends on the platform. On Unix it takes place only for shared server (MTS) or access per SSL. If the server runs on a Unix platform and no MTS, no SSL, then there are no port redirection and the firewall have to pass only the configured destination port. On Windows NT/2000 there are a registry entry USE_SHARED_SOCKET to not taking place port direction, but I've no experience on Windows. I recommend the use of the Connection manager (CMAN), but with configuration (cman.ora) to limit the access to the wished Oracle-Instance. Then you need only one port (default 1630) through the firewall. Look at metalink 125021.1
Eberhard Received on Sun Sep 19 2004 - 02:13:27 CDT