| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: database in firewall
I believe Cisco has the ability to "follow" a redirect for certain
protocols including Oracle's network protocol. I have no experience
with how well Cisco does this, I just know it advertises the
capability. Here is some tech detail from the Cisco site (scroll down
to the SQL*Net part):
http://www.ciscopress.com/articles/article.asp?p=24685
"Gerry Sinkiewicz" <sinkiege_at_snet.net> wrote in message news:<miH4d.2960$1p5.1842_at_newssvr16.news.prodigy.com>...
> I have to admit I now believe that FM is correct.
> Oracle Doc implies a redirection occurs, but what probably actually
> occurs is a Unix fork (clone child and then orphan to create the dedicated
> server).
> Other evidence including netsat and listener logs verifies FM to be correct.
>
> The fork C code is not available for windows which is probably why all NT
> type instances are MTS, which no one disputes to involve redirection.
>
> Also check out the listener.ora parameter called queues, it would not be
> needed if redirection always occured.
>
>
> "FM" <fabrizio.magni_at_mycontinent.com> wrote in message
> news:41527BBB.1050408_at_mycontinent.com...
> > Gerry Sinkiewicz wrote:
> > > See Oracle metalink note: 125021.1
> > >
> > > There are differences among OS's so perhaps everyone is correct?
> > >
> > > It also provides a solution to the original problem (CMAN), which can be
> > > used like an oracle only firewall (cf. oracle classes I took a few years
> > > ago).
> > >
> > >
> >
> > Quoting the document you pointed out:
> >
> > "Oracle Multi-Threaded Server (MTS) on Unix platforms, (without
> > specifying the address with the ports in the INIT<SID>.ORA file), Oracle
> > Secure Sockets Layer (SSL) and Windows NT/2000 platforms will cause port
> > redirection. "
> >
> > Ergo: no port redirection is made on unix system in dedicated mode.
> > I tested on my solaris and neither there the system is doing port
> > redirection.
> > All TCP datagrams are sent on the listener port (you stated by yourself
> > that the firewall guys had to open only the 1521).
> >
> > However I'm ready to retract if consistent and replicable experiment
> > show different results.
> >
> > Could you please post the step you performed to cause port redirection
> > on you solaris?
> >
> > (I'm even interested in the documents you mentioned in your previous
> > post. Make you send me references? Thank you).
> >
> > --
> > Fabrizio Magni
> >
> > fabrizio.magni_at_mycontinent.com
> >
> > replace mycontinent with europe
Received on Sun Sep 26 2004 - 11:11:35 CDT
 |
 |