Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: s...port's - problem

Re: s...port's - problem

From: Frank van Bortel <frank.van.bortel_at_gmail.com>
Date: Tue, 28 Jun 2005 21:48:21 +0200
Message-ID: <d9s97k$cf0$1@news2.zwoll1.ov.home.nl> 





Fabrizio wrote:


> Frank van Bortel wrote:


>> So all there is, is a new process (5327) , but it still seems to go via
>> 1522... Case closed, I stand corrected; I did not understand the
>> port redirection bit.




> 

> I really wish I didn't sound rude, Frank. I didn't mean to!

> most is due to my poor english :(

> 




No you did not - probably same problem with English over here :)


>> Now - how about the client process getting a new port#?!? That is
>> still not just windows - I think that was demonstrated correctly.
>> And *that* is the cause firewalls will fail (that is, static
>> rule based ones - you could of course allow all traffic *initiated*
>> from within - but this is cdo.server)




> 

> 

> 

> 

> The difference in port number on the client side is due to the TCP

> implementation.

> 

> When you create a connection it is unambiguously recongnized by 4

> numbers: client ip address, client port, server ip address, server ip port.

> 

> usually a deamon (as the oracle listener) do not "redirect" the server

> side port (as showed by your tests as well). So two different

> connections on the same client are distinguished only by the port numbers.

> This is why the client port is pseudo-random chosen.

> 

> In general the firewall doesn't check the starting port for the

> communication but only the target one.

> 

> The OP issue is probably due to using oracle on windows which after

> creating a new thread on the server side redirects the server port (ex:

> if the listener is on 1521 the server connection will go on port 12345

> which is a behaviour not shared by unix).

> 




Well, it is on Linux, as just seen!


And let's not use the redirect bit - Okay? I feel it is not
redirection, it's a new process, spawned from the server
(initiated by the listener), that starts the communication
on a redirected port#; the *initial* negotiation is always
on the listener port - both sides!


The client process gets a (random, but increasing per connection)
port number assigned from the spawned server side process.
No different if the client is Linux, or on the same machine, or
from another.


All assuming dedicated processes, of course.



I will now go and enjoy a beer in the sunset; be back tomorrow.
Cheers - I enjoy this discussion, Fabrizio, no pun taken so far!

-- 
Regards,
Frank van Bortel


Received on Tue Jun 28 2005 - 14:48:21 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US