I had another type of problem with firewalls and MTS connections, but that
wouldn't apply to a dedicated connection. The problem I had was with MTS was
that the dispatchers were randomly assigning port numbers and I couldn't
control through the firewall what to keep open. I finally found that you can
add to the init.ora file an entry in the mts_dispatchers what port to assign to
the dispatchers.
mts_dispatchers =
"(address=(partial=true)(protocol=tcp)(host=db.gotdata.net)(port=1104))(dispatchers=1)(SESSIONS=20)(CONNECTIONS=10)(mul=OFF)(pool=OFF)"
In that example I made one dispatcher use port 1104, I just added multiple
lines with each dispatcher to permanently assign them to a port, and opened
those ports for incomming connections on the firewall.
Tom Tyson
- Dan.Hubler_at_midata.com wrote:
>
>
> Dedicated.
>
> What would be the concern?
>
>
>
>
>
>
> Tom Tyson <tomtysonjr_at_yahoo.com>@fatcity.com on 07/21/2000 09:33:49 AM
>
> Please respond to ORACLE-L_at_fatcity.com
>
> Sent by: root_at_fatcity.com
>
>
> Sent From the mail file of: Dan Hubler
>
>
> To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
> cc:
>
> Subject: RE: Oracle and SqlNet behind a firewall
>
>
> Dan
>
> Are using dedicated server connections, or shared (ie MTS)?
>
> Tom Tyson
>
> --- "VanderMey, Bob" <BVanderMey_at_OrderZone.com> wrote:
> > Dan,
> >
> > Our security guys complained about the same thing. When I looked into
> it, I
> > couldn't figure out how to limit the outbound ports. The problem is that
> > the listener uses port 1521 (or another of your choice) but then hands
> off
> > to the database. The database then picks a port to use when talking to
> the
> > client. The best I could come up with at the time, wasz to have the
> > security guys see which ports were being used (they all stay within a
> > certain range) and then open up a range of ports somewhat lower and
> higher
> > than those being used.
> >
> > If you do figure this out, please let me know what you did.
> >
> > Bob VanderMey
> > Oracle DBA
> > OrderZone.com, Inc.
> > 847 573-2687
> > bvandermey_at_orderzone.com
> > 565 Lakeview Parkway, Suite 250
> > Vernon Hills, IL 60061
> > http://www.orderzone.com
> >
> >
> > -----Original Message-----
> > Sent: Thursday, July 20, 2000 4:08 PM
> > To: Multiple recipients of list ORACLE-L
> >
> >
> >
> > Just put our first NT server with Oracle 8.0.5 and Net8 behind a
> firewall.
> >
> > The security guys are complaining because all the inbound traffic goes in
> > through port #1521, but the outbound traffic is using multiple and random
> > ports.
> > They don't like this.
> >
> > Anybody know anything about this?
> >
> >
> >
Do You Yahoo!?
Received on Sat Jul 22 2000 - 11:17:54 CDT
