Re: Oracle connection through firewall

This is from one of previous postings:

> Oracle has a registry setting that will force all traffic for a session
> through the same port that the listener connection was made on (e.g.
1521).
> Place the USE_SHARED_SOCKET parameter in the registry under
> HKEY_LOCAL_MACHINE:Software:Oracle with a value of TRUE, and restart
Oracle
> and the listener for it to take effect. It also doesn't hurt to set this
> parameter as a system environment variable as well.

And yes, Connection Manager is another option. Also, there are firewalls that are Net8 aware.

Igor Neyman, OCP DBA
ineyman_at_perceptron.com

• Original Message ----- To: "Multiple recipients of list ORACLE-L" <ORACLE-L_at_fatcity.com> Sent: Wednesday, February 12, 2003 7:13 AM

> Hi everybody
>
> Since I'm a networking dummy, here's a question that might be easy to
> answer:
>
> I have to setup client access (Oracle Net) to an Oracle Database through a
> firewall. So far, I only know that the listener listens on a dedicated
port
> (like 1521). After a client requested a connection, a dedicated server
> process is started (this is not an MTS environment) and the listener is
> informed about the port the server process wants to use to communicate
with
> the client. The listener sends this information to the client and from
> thereon, the client can communicate with the server through this port.
> Now, I'm wondering about what ports do I have to keep open on the firewall
> between client and Oracle server ? 1521 is probably not enough, since this
> let's the client only reach the listener itself. What happens then ? Can I
> restrict Oracle Net to a range of ports for the server processes to be
used
> (didn't find that in the fine manual) ? If so, how is this done ? Or do I
> have to go with Oracle connection manager ?
>
> Regards,
>
> Stefan Jahnke
> Consultant
> BOV Aktiengesellschaft
> Voice: +49 201 - 4513-298
> Fax: +49 201 - 4513-149
> mailto: stefan.jahnke_at_nospam.bov.de
> Please remove nospam to contact me via email.
>
> visit our website: http://www.bov.de
> subscribe to our newsletter: http://www.bov.de/presse/newsletter.asp
>
> Sicherheitsluecken mit IT-Security-Konzepten von BOV effizient schliessen!
> Weitere Informationen unter +49 201/45 13-240 oder E-Mail an
> mailto:andrea.palluck_at_bov.de.
>
> Wie Sie wissen, koennen ueber das Internet versandte E-Mails leicht unter
> fremden Namen erstellt oder manipuliert werden. Aus diesem Grunde bitten
> wir um Verstaendnis dafuer, dass wir zu Ihrem und unserem Schutz die
> rechtliche Verbindlichkeit der vorstehenden Erklaerungen und Aeusserungen
> ausschliessen.
>
> As you are probably aware, e-mails sent via the Internet can easily be
> copied or manipulated by third parties. For this reason we would ask for
> your understanding that, for your own protection and ours, we must decline
> all legal responsibility for the validity of the statements and comments
> given above.
>
>
>
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.net
> --
> Author: Stefan Jahnke
> INET: Stefan.Jahnke_at_bov.de
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
>
>

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Igor Neyman
  INET: ineyman_at_perceptron.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).