Home » RDBMS Server » Networking and Gateways » Dynamic TCP Port on Windows Oracle server
Dynamic TCP Port on Windows Oracle server [message #167991] Tue, 18 April 2006 05:39 Go to next message
networker
Messages: 5
Registered: April 2006
Junior Member
Hi there,

I am trying to test a firewall between a client and its oracle database. Note that I am a networking guy, and not a database expert, so apologies up front if I am not able to describe the Oracle elements correctly Smile

The goal is to test the firewall's ability to pass the dynamically allocated ports from an Oracle's reply to the initial connection. The initial server port is 1521, and in some circumstances the oracle server will dynamically allocate a different port for the connection to continue on.

From the reading I have done, user's problem have been trying to turn this functionality off. I want it on! Also, that this should almost be the standard way of working on a windows setup. The workaround (to ensure the server continues to use TCP port 1521 only) is to set the windows variable USE_SHARED_SOCKET=TRUE.

My problem is that I am having a hard time getting my server to do the dynamic allocation.

My Setup is the default setup from the oracle downloads page (http://www.oracle.com/technology/software/products/database/xe/index.html) of the Oracle 10g Express Edition, running on windows XP and the sample database. The connectivity was from an excel spreadsheet.

If there are files that you need the configs from, I can supply these, just let me know.

Any pointers on what/where to look to get this working would be much appreciated.

thanks / regards
Mitchell
Re: Dynamic TCP Port on Windows Oracle server [message #168782 is a reply to message #167991] Sat, 22 April 2006 11:45 Go to previous messageGo to next message
markmal
Messages: 113
Registered: April 2006
Location: Toronto, Canada
Senior Member
What is your firewall? Is it certified with Net8?
If not, most likely it will be imossible to use Net8 client directly through it without specific setups that allow traffic to go via one port only (like USE_SHARED_SOCKET=TRUE on Windows platform).

Another way to do this is to run Connection Manager (CMan).

Re: Dynamic TCP Port on Windows Oracle server [message #168825 is a reply to message #167991] Sun, 23 April 2006 08:37 Go to previous messageGo to next message
networker
Messages: 5
Registered: April 2006
Junior Member
Thanks.

That is exactly what I am trying to validate - my firewall's use of an ALG that supports this dynamic port redirection. Doesn't help if I cannot get this redirection working ...

Could it be that the 10g Oracle Express edition does not support this functionality ? I could not find a cman.ora file in the default configuration.

Using the sample database and setup out of the 10g Express Edition download on windows, here are my config files :

tnsnames.ora
XE =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = ThatOne)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = XE)
)
)

EXTPROC_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC_FOR_XE))
)
(CONNECT_DATA =
(SID = PLSExtProc)
(PRESENTATION = RO)
)
)

ORACLR_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC_FOR_XE))
)
(CONNECT_DATA =
(SID = CLRExtProc)
(PRESENTATION = RO)
)
)

listener.ora
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = C:\oraclexe\app\oracle\product\10.2.0\server)
(PROGRAM = extproc)
)
(SID_DESC =
(SID_NAME = CLRExtProc)
(ORACLE_HOME = C:\oraclexe\app\oracle\product\10.2.0\server)
(PROGRAM = extproc)
)
)

LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC_FOR_XE))
(ADDRESS = (PROTOCOL = TCP)(HOST = ThatOne)(PORT = 1521))
)
)

DEFAULT_SERVICE_LISTENER = (XE)

initXETemp.ora
##############################################################################
# Copyright (c) 1991, 2005, Oracle. All rights reserved.
##############################################################################

###########################################
# Cursors and Library Cache
###########################################
open_cursors=300

###########################################
# Database Identification
###########################################
db_name=XE

###########################################
# Diagnostics and Statistics
###########################################
background_dump_dest=C:\oraclexe\app\oracle\admin\XE\bdump
core_dump_dest=C:\oraclexe\app\oracle\admin\XE\cdump
user_dump_dest=C:\oraclexe\app\oracle\admin\XE\udump

###########################################
# File Configuration
###########################################
control_files=("C:\oraclexe\oradata\XE\control.dbf")

###########################################
# Job Queues
###########################################

###########################################
# Miscellaneous
###########################################
compatible=10.2.0.1.0

###########################################
# Processes and Sessions
###########################################
sessions=20

###########################################
# SGA Memory
###########################################
sga_target=270M

###########################################
# Security and Auditing
###########################################
audit_file_dest=C:\oraclexe\app\oracle\admin\XE\adump
remote_login_passwordfile=EXCLUSIVE

###########################################
# Shared Server
###########################################
dispatchers="(PROTOCOL=TCP) (SERVICE=XEXDB)"
shared_servers=4

###########################################
# Sort, Hash Joins, Bitmap Indexes
###########################################
pga_aggregate_target=90M

###########################################
# System Managed Undo and Rollback Segments
###########################################
undo_management=AUTO
undo_tablespace=UNDO

###########################################
# Backup and Recovery
###########################################
DB_RECOVERY_FILE_DEST_SIZE = 10G
DB_RECOVERY_FILE_DEST = C:\oraclexe\app\oracle\flash_recovery_area

os_authent_prefix=""


Re: Dynamic TCP Port on Windows Oracle server [message #168831 is a reply to message #168825] Sun, 23 April 2006 10:01 Go to previous messageGo to next message
markmal
Messages: 113
Registered: April 2006
Location: Toronto, Canada
Senior Member
Does your FW have ALG for Net8 particularly?
Firewall should recognize a "redirect port command" from Listener to Client and open a secondary port accordingly. This "redirect port command" I think is specific to Net8, rather to IP stack, at least in Windows, thus some FW plug-ins or proxies that are specific to Net8 have to be implemented to allow FW to handle Net8 redirections.

I do not know if 10gX includes Cman. It is beta and is not documented in option availability docs.
Enterprise Edition and Personal Edition have CMan.

Install all options and subproducts. Check if you have cmctl binary in $OH/bin.

Also it is documented Metalink Note:131524.1
Quote:


III / Oracle8/8i (8.x) - Unix: Firewall without Network Address Translator (NAT)
---------------------------------------------------------------------------
1 - In dedicated server mode, Unix natively implements TCP/IP sharing, so there should be no problem with connectivity."
...
VI / Oracle8 (8.x) - Windows NT: Firewall without Network Address Translator (NAT)
-------------------------------------------------------------------------
Unlike Unix, Windows does not implement TCP/IP port sharing by default.
When using either dedicated or MTS mode, registry parameter USE_SHARED_SOCKET=TRUE
may be set in the Windows registry. The location of the parameter varies and
depends on the Oracle version. For registry location details, refer
Note 124140.1, which also discusses other methods to set the parameter.



Note:66382.1 "Firewalls, Windows NT and Redirections" may be helpful as well.
Re: Dynamic TCP Port on Windows Oracle server [message #169937 is a reply to message #167991] Sun, 30 April 2006 20:59 Go to previous messageGo to next message
networker
Messages: 5
Registered: April 2006
Junior Member
thanks for the tip.

Action since last update :
1. uninstall 10g Express
2. install 10g Enterprise
-> still no redirect
3. uninstall 10g Enterprise
4. Install 9i Enterprise - default options
-> Success !!
-> Without modifying any files from the default enterprise setup, the 9i installation port redirected first time. CMAN is not configured, nor active.

So now I can start testing my firewall. I guess the default setups for 10g have been modified with respect to this redirection functionality.

One down ...

Mitchell
Re: Dynamic TCP Port on Windows Oracle server [message #169994 is a reply to message #168831] Mon, 01 May 2006 10:12 Go to previous messageGo to next message
markmal
Messages: 113
Registered: April 2006
Location: Toronto, Canada
Senior Member
Quote:

-> Without modifying any files from the default enterprise setup, the 9i installation port redirected first time. CMAN is not configured, nor active.


Have you configured USE_SHARED_SOCKET=TRUE ?
Re: Dynamic TCP Port on Windows Oracle server [message #170051 is a reply to message #169994] Mon, 01 May 2006 21:53 Go to previous messageGo to next message
networker
Messages: 5
Registered: April 2006
Junior Member
markmal wrote on Mon, 01 May 2006 10:12

Quote:

-> Without modifying any files from the default enterprise setup, the 9i installation port redirected first time. CMAN is not configured, nor active.


Have you configured USE_SHARED_SOCKET=TRUE ?


No I have not configured this. My goal was to ensure the random port redirection was actually occurring. My understanding of this environment variable is that it will stop this occurring.
Re: Dynamic TCP Port on Windows Oracle server [message #170079 is a reply to message #170051] Tue, 02 May 2006 00:41 Go to previous message
markmal
Messages: 113
Registered: April 2006
Location: Toronto, Canada
Senior Member
good.

yes. USE_SHARED_SOCKET=TRUE makes all clients go always via listener port. The drowback of it, all connections broken when you stop listener, which is not a case when USE_SHARED_SOCKET=FALSE.

what is a firewall, by the way?
Previous Topic: ORACLE INITIALISATION AND SHOUTDOWN PROCESS
Next Topic: TNS-12541: TNS:no listener
Goto Forum:
  


Current Time: Fri Nov 22 09:38:35 CST 2024