Re: TNS Connectivity through ISA Firewall
Date: Fri, 25 Jan 2002 19:27:17 +0100
Message-ID: <3C51A385.E0451F8B_at_home.nl>
Shaun wrote:
>
> Hi NG
> I am having problems letting clients on my network with firewall
> client installed from a MS SBS2000 server running the ISA Server, If
> the client switches of the firewall client they can connect to the
> remote Oracle Server via a dial up connection on their machine as soon
> as it is enabled again the TNS will not connect, how to I configure
> the firewall to let TNS through?
>
> Any help would be appreciated.
> Many Thanks
> Shaun
Any idea how Oracle connects?
Se is dozing off, one ear listening to station 1521 (AM that is ;-))
Cl: Hey! Server! Gimme a connection!
Se: Huh? Ok - I can see you on port 1521; I'll hand you over to
my buddy who's in charge of logins. Please go to port xxxxx. Cl (on port xxxxx): Hi, Buddy - let me login? Buddy: Yup - here's the prompt.
where xxxxx stands for any port number (vaguely remember these are unpriveleged ports, aka port# is 1024 and up), but there's your problem: your firewall will only be open to traffic on 1521 - right?
Solutions:
- install names server - it is possible to configure ONS to use
one, dedicated port. No need for tnsnames.ora on clients!
- introduce shared_socket=true on server and clients; all will go thru
a shared socket on port 1521. Some bugs, tho (does not work on
8.1.7/NT;
does work on 8.1.6/NT, as well as on all unixes I know of)
- Install a 'tns-aware' firewall. These firewalls will interpret the
incoming
request as a tns connection request (they scan for the string
'connect_data=(sid=',
which explains why some will fail to work with 8.1, which may use
service,
not sid...).
If tns-traffic, port doesn't matter, connection accepted.
-- Gtrz, Frank van BortelReceived on Fri Jan 25 2002 - 19:27:17 CET