REPOST: Re: TNS Connectivity through ISA Firewall
Date: Fri, 25 Jan 2002 19:27:17 +0100
Message-ID: <2$--$%%%%---$_%_%$_at_news.noc.cabal.int>
Shaun wrote:
>
> Hi NG
> I am having problems letting clients on my network with firewall
> client installed from a MS SBS2000 server running the ISA Server, If
> the client switches of the firewall client they can connect to the
> remote Oracle Server via a dial up connection on their machine as soon
> as it is enabled again the TNS will not connect, how to I configure
> the firewall to let TNS through?
>
> Any help would be appreciated.
> Many Thanks
> Shaun
Any idea how Oracle connects?
Se is dozing off, one ear listening to station 1521 (AM that is ;-))
Cl: Hey! Server! Gimme a connection!
Se: Huh? Ok - I can see you on port 1521; I'll hand you over to
my buddy who's in charge of logins. Please go to port xxxxx. Cl (on port xxxxx): Hi, Buddy - let me login? Buddy: Yup - here's the prompt.
where xxxxx stands for any port number (vaguely remember these are unpriveleged ports, aka port# is 1024 and up), but there's your problem: your firewall will only be open to traffic on 1521 - right?
Solutions:
- install names server - it is possible to configure ONS to use
one, dedicated port. No need for tnsnames.ora on clients!
- introduce shared_socket=true on server and clients; all will go thru
a shared socket on port 1521. Some bugs, tho (does not work on
8.1.7/NT;
does work on 8.1.6/NT, as well as on all unixes I know of)
- Install a 'tns-aware' firewall. These firewalls will interpret the
incoming
request as a tns connection request (they scan for the string
'connect_data=(sid=',
which explains why some will fail to work with 8.1, which may use
service,
not sid...).
If tns-traffic, port doesn't matter, connection accepted.
-- Gtrz, Frank van Bortel ========= WAS CANCELLED BY =======: From: Frank van Bortel <fbortel_at_home.nl> Control: cancel <3C51A385.E0451F8B_at_home.nl> Subject: cmsg cancel <3C51A385.E0451F8B_at_home.nl> Date: Mon, 28 Jan 2002 01:56:12 GMT Message-ID: <cancel.3C51A385.E0451F8B_at_home.nl> X-No-Archive: yes Newsgroups: microsoft.test,alt.flame.niggers,comp.databases.oracle.tools NNTP-Posting-Host: w088.z064003087.lax-ca.dsl.cnc.net 64.3.87.88 Lines: 1 Path: news.uni-stuttgart.de!nntp.cs.uni-magdeburg.de!fu-berlin.de!news.maxwell.syr.edu!news.stealth.net!msrtrans1!msrnewsc1!cppssbbsa01.microsoft.com!tkmsftngp01!tkmsftngp04!u&n&a&c&anceller Xref: news.uni-stuttgart.de control:40718393 This message was cancelled from within The Unacanceller's glorious new software, Lotus 1-2-3 For Rogue Cancellers.Received on Fri Jan 25 2002 - 19:27:17 CET