| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: database in firewall
I guess all that oracle documentation and classes I went to were wrong?
(not).
I don't know why your linux system does not seem to redirect, but I can
assure
you my solaris systems do, however with solaris and perhaps with linux too
the redirection is more subtle than for windows. The firewall guys have
pointed
this out to me, they only need allow port 1521. I do not know the technical
term for the way oracle on solaris handles these redirections, but it does
happen
and is transparent to the client.
We try to avoid having anyone ssh or otherwise onto a DB server, so VPN is
not
an answer for us. We alway keep our instances behind at least one and
usuall two
firewalls.
"FM" <fabrizio.magni_at_mycontinent.com> wrote in message
news:414D80DD.60300_at_mycontinent.com...
>
>
> Sybrand Bakker wrote:
> > On Sun, 19 Sep 2004 09:13:27 +0200, Eberhard Niendorf
> > <eberhard.niendorf_at_epost.de> wrote:
> >
> >
> >>Port redirection takes place not at all, it depends on the platform. On
Unix
> >>it takes place only for shared server (MTS) or access per SSL. If the
> >>server runs on a Unix platform and no MTS, no SSL, then there are no
port
> >>redirection and the firewall have to pass only the configured
destination
> >>port
> >
> >
> > Not true. Port redirection always takes place, independent of
> > platform, whether using MTS or not using MTS.
> >
>
>
> *Not true*
>
> On unix system the socket is always opened on the listening port.
> Only windows systems need use_shared_sockets.
>
> Here are an example of two systems of mine: one aix, the other linux.
>
> Only the client side use different ports. This is right because every
> TCP connection is recognizide by: server-ip:port, client-ip:port.
> No two connections can have all four values identical.
>
> hrdb_at_root / =>netstat -a -n
> Active Internet connections (including servers)
> Proto Recv-Q Send-Q Local Address Foreign Address (state)
> tcp4 0 48 192.168.25.200.22 192.168.2.26.1025
> ESTABLISHED
> tcp4 0 0 192.168.25.200.1521 192.168.25.204.52504
> ESTABLISHED
> tcp4 0 0 192.168.25.200.1521 192.168.25.204.52495
> ESTABLISHED
> tcp4 0 0 192.168.25.200.1521 192.168.25.204.52490
> ESTABLISHED
> tcp4 0 0 192.168.25.200.1521 192.168.25.204.52489
> ESTABLISHED
> tcp4 0 0 192.168.25.200.1521 192.168.25.204.52488
> ESTABLISHED
> tcp4 0 0 192.168.25.200.1521 192.168.25.204.52487
> ESTABLISHED
> tcp4 0 0 192.168.25.200.1521 192.168.25.204.52486
> ESTABLISHED
> tcp4 0 0 192.168.25.200.1521 192.168.25.204.52485
> ESTABLISHED
> tcp4 0 0 192.168.25.200.1521 192.168.25.204.52484
> ESTABLISHED
> tcp4 0 0 192.168.25.200.1521 192.168.25.204.52483
> ESTABLISHED
> tcp4 0 0 192.168.25.200.1521 192.168.25.204.52482
> ESTABLISHED
> tcp4 0 0 192.168.25.200.1521 192.168.25.204.52481
> ESTABLISHED
> tcp4 0 0 192.168.25.200.1521 192.168.25.201.43712
> ESTABLISHED
> tcp4 0 0 192.168.25.200.1521 192.168.25.201.43710
> ESTABLISHED
> tcp4 0 0 192.168.25.200.1521 192.168.25.201.43709
> ESTABLISHED
> tcp4 0 0 192.168.25.200.1521 192.168.25.201.43708
> ESTABLISHED
> tcp4 0 0 192.168.25.200.1521 192.168.25.201.43707
> ESTABLISHED
> tcp4 0 0 192.168.25.200.1521 192.168.25.201.43706
> ESTABLISHED
> tcp4 0 0 192.168.25.200.1521 192.168.24.30.4808
> ESTABLISHED
> <cut>
>
> oracle_at_brealmdbls01:~ > netstat -an
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address
>
> tcp 0 0 192.168.25.44:1521 192.168.25.44:32787
> ESTABLISHED
> tcp 0 0 192.168.25.44:1521 192.168.9.32:4145
> ESTABLISHED
> tcp 0 0 192.168.25.44:1521 192.168.25.44:38461
> ESTABLISHED
> tcp 0 0 192.168.25.44:1521 192.168.9.40:2896
> ESTABLISHED
> tcp 0 0 192.168.25.44:1521 192.168.25.44:38467
> ESTABLISHED
> tcp 0 0 192.168.25.44:1521 192.168.9.32:4172
> ESTABLISHED
> tcp 125 0 192.168.25.44:2301 192.168.91.84:2669
> CLOSE_WAIT
> tcp 0 0 192.168.25.44:38467 192.168.25.44:1521
> ESTABLISHED
> tcp 0 0 192.168.25.44:38461 192.168.25.44:1521
> ESTABLISHED
> tcp 143 0 192.168.25.44:2301 192.168.91.84:2396
> CLOSE_WAIT
> tcp 0 0 192.168.25.44:32787 192.168.25.44:1521
> ESTABLISHED
> tcp 125 0 192.168.25.44:2301 192.168.91.84:2998
> CLOSE_WAIT
> tcp 0 0 192.168.25.44:1521 192.168.9.40:3227
> ESTABLISHED
> tcp 0 0 192.168.25.44:1521 192.168.9.40:3231
> ESTABLISHED
> tcp 0 0 192.168.25.44:1521 192.168.9.40:2719
> ESTABLISHED
> tcp 0 0 192.168.25.44:1521 192.168.9.40:3456
> ESTABLISHED
> tcp 0 0 192.168.25.44:1521 192.168.9.40:3459
> ESTABLISHED
> tcp 87 0 192.168.25.44:2381 192.168.91.84:3247
> CLOSE_WAIT
> tcp 0 0 192.168.25.44:1521 192.168.9.40:3470
> ESTABLISHED
> tcp 0 0 192.168.25.44:1521 192.168.9.64:2270
> ESTABLISHED
> tcp 0 0 192.168.25.44:1521 192.168.9.64:2251
> ESTABLISHED
> tcp 0 0 192.168.25.44:1521 192.168.9.64:2250
> ESTABLISHED
> tcp 0 0 192.168.25.44:1521 192.168.9.64:2254
> ESTABLISHED
> tcp 0 0 192.168.25.44:1521 192.168.9.29:2348
> ESTABLISHED
>
> --
>
> Fabrizio Magni
>
> fabrizio.magni_at_mycontinent.com
>
> replace mycontinent with europe
Received on Wed Sep 22 2004 - 18:02:33 CDT
 |
 |