Re: TNS Connectivity through ISA Firewall

From: Frank van Bortel <fbortel_at_home.nl>
Date: Fri, 25 Jan 2002 19:27:17 +0100
Message-ID: <3C51A385.E0451F8B_at_home.nl>


Shaun wrote:
>
> Hi NG
> I am having problems letting clients on my network with firewall
> client installed from a MS SBS2000 server running the ISA Server, If
> the client switches of the firewall client they can connect to the
> remote Oracle Server via a dial up connection on their machine as soon
> as it is enabled again the TNS will not connect, how to I configure
> the firewall to let TNS through?
>
> Any help would be appreciated.
> Many Thanks
> Shaun

Any idea how Oracle connects?
Se is dozing off, one ear listening to station 1521 (AM that is ;-)) Cl: Hey! Server! Gimme a connection!
Se: Huh? Ok - I can see you on port 1521; I'll hand you over to

   my buddy who's in charge of logins. Please go to port xxxxx. Cl (on port xxxxx): Hi, Buddy - let me login? Buddy: Yup - here's the prompt.

where xxxxx stands for any port number (vaguely remember these are unpriveleged ports, aka port# is 1024 and up), but there's your problem: your firewall will only be open to traffic on 1521 - right?

Solutions:
- install names server - it is possible to configure ONS to use   one, dedicated port. No need for tnsnames.ora on clients! - introduce shared_socket=true on server and clients; all will go thru   a shared socket on port 1521. Some bugs, tho (does not work on 8.1.7/NT;
  does work on 8.1.6/NT, as well as on all unixes I know of) - Install a 'tns-aware' firewall. These firewalls will interpret the incoming
  request as a tns connection request (they scan for the string 'connect_data=(sid=',
  which explains why some will fail to work with 8.1, which may use service,
  not sid...).
  If tns-traffic, port doesn't matter, connection accepted.

-- 
Gtrz,

Frank van Bortel
Received on Fri Jan 25 2002 - 19:27:17 CET

Original text of this message