Re: TNS Connectivity through ISA Firewall

From: Sybrand Bakker <postbus_at_sybrandb.demon.nl>
Date: Fri, 25 Jan 2002 23:10:27 +0100
Message-ID: <qrl35u8up462lg2eud9svjnpjc7k3n8uoh_at_4ax.com>

On Fri, 25 Jan 2002 19:27:17 +0100, Frank van Bortel <fbortel_at_home.nl> wrote:

>Shaun wrote:
>>
>> Hi NG
>> I am having problems letting clients on my network with firewall
>> client installed from a MS SBS2000 server running the ISA Server, If
>> the client switches of the firewall client they can connect to the
>> remote Oracle Server via a dial up connection on their machine as soon
>> as it is enabled again the TNS will not connect, how to I configure
>> the firewall to let TNS through?
>>
>> Any help would be appreciated.
>> Many Thanks
>> Shaun
>
>Any idea how Oracle connects?
>Se is dozing off, one ear listening to station 1521 (AM that is ;-))
>Cl: Hey! Server! Gimme a connection!
>Se: Huh? Ok - I can see you on port 1521; I'll hand you over to
> my buddy who's in charge of logins. Please go to port xxxxx.
>Cl (on port xxxxx): Hi, Buddy - let me login?
>Buddy: Yup - here's the prompt.
>
>where xxxxx stands for any port number (vaguely remember these are
>unpriveleged ports, aka port# is 1024 and up), but there's your
>problem: your firewall will only be open to traffic on 1521 - right?
>
>Solutions:
>- install names server - it is possible to configure ONS to use
> one, dedicated port. No need for tnsnames.ora on clients!
>- introduce shared_socket=true on server and clients; all will go thru
> a shared socket on port 1521. Some bugs, tho (does not work on
>8.1.7/NT;
> does work on 8.1.6/NT, as well as on all unixes I know of)
>- Install a 'tns-aware' firewall. These firewalls will interpret the
>incoming
> request as a tns connection request (they scan for the string
>'connect_data=(sid=',
> which explains why some will fail to work with 8.1, which may use
>service,
> not sid...).
> If tns-traffic, port doesn't matter, connection accepted.

The bug you mention is resolved in 8.1.7.1.2 Metalink recommended solutions are

- use an Oracle aware firewall
- configure *Connection Manager*
- configure MTS

Hth

Sybrand Bakker, Senior Oracle DBA

To reply remove -verwijderdit from my e-mail address Received on Fri Jan 25 2002 - 23:10:27 CET

This message: [ Message body ]
Next message: Sybrand Bakker: "Re: Oracle Application Setup Documentation"
Previous message: Henry: "From Sockets to HTTP in forms server"
In reply to Shaun: "TNS Connectivity through ISA Firewall"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message