Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Cisco PIX firewall

RE: Cisco PIX firewall

From: <J.Velikanovs_at_alise.lv>
Date: Wed, 26 Jan 2005 02:16:25 +0200
Message-ID: <OF72A09D03.3447A763-ONC2256F95.00012EEC-C2256F95.0001E170@alise.lv> 





In case of MTS & Firewall you can directly set ports for dispachers, for 
example 


local_listener=LLIST92.WORLD.LV # Set alisace in tnsnames.ora

DISPATCHERS = "(address=(protocol=tcp)(host=host_monstr)(port=7021)) 


(dispatchers=1)(service=KTT02.world.lv)"

DISPATCHERS = "(address=(protocol=tcp)(host=host_monstr)(port=7022)) 


(dispatchers=1)(service=KTT02.world.lv)"

DISPATCHERS = "(address=(protocol=tcp)(host=host_monstr)(port=7023)) 




(dispatchers=1)(service=KTT02.world.lv)"




Configure Firawall on 1521, 7021, 7022, 7023.



PS As mentioned by others, port redirection have place in case of MTS.




Jurijs


+371 9268222 (+2 GMT)





Thank you for teaching me.


http://otn.oracle.com/ocm/jvelikanovs.html








"Daniel Wittry" <daniel.wittry_at_quest.com>
Sent by: oracle-l-bounce_at_freelists.org


2005.01.26 01:24


Please respond to daniel.wittry
 

        To:     <oracle-l_at_freelists.org>
        cc: 
        Subject:        RE: Cisco PIX firewall






I did this before [back when memory was a problem (so we used MTS)].



Forgive me if everybody already knows this...



Anyway, port 1521 is the starting port number, the mts server processes
communicate back to the client on a redirected port.  Therefore, you
must tell your mts config (via init.ora params) which ports are allowed
to be redirected to.  For example, you have X number of concurrent
sessions and therefore you open up x+50% ports in the range of, ohhhh,
say 15500 thru 15600.  tell the firewall that A) these ports are
bi-directional and B) sql*net traffic is the protocol. I don't remember
if ports are 1-to-1 for clients, but you could look that up.



A quick test...


You can tell Oracle NOT to redirect sql*net traffic and keep everything
on port 1521.  you will quickly bottleneck the port I/O, but at least
you will get thru your firewall (assuming 1521 is open and supports
sql*net).



I'm not a firewall guy, I just told the sys/netAdmins to do it and they
made it happen. I did the Oracle part. By the way, 7 years ago, not all
firewalls supported sql*net traffic - ensure your specific firewall is
certified for such.



__Dan


--
http://www.freelists.org/webpage/oracle-l



--
http://www.freelists.org/webpage/oracle-l


Received on Tue Jan 25 2005 - 19:23:07 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US