Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Simple question (I think)
You should just need to allow 1521 or whatever your listener is on. Depending on your firewall some have Oracle ports in them to proxy your connection across.
This is not all that uncommon and the only system as far as your firewall is concerned that is getting to your database is the DMZ system. 1521 and nearly everything else should be still blocked on the external side of your DMZ
Good rule of thumb don't allow an untrusted system to access right across the DMZ over your firewall. You have limited trust of the DMZ server so you provide it with limited access.
You want to give the connection limited access to the schema as well to reduce the likelihood of damage if your external system connects badly. i.e. has been compromised.
If you can encrypt the traffic across the wall to the db server that can be good
Technet has a fair amount about security so that is likely worth a read may not provide specifics but may help you with your firewall admin
Cheers
Peter
From: oracle-l-bounce_at_freelists.org on behalf of Jared Still
Sent: Thu 3/08/2006 4:22 AM
To: zanenj_at_noord-holland.nl
Cc: oracle-l_at_freelists.org
Subject: Re: Simple question (I think)
On 8/2/06, Zanen, dhr. J.A. (Jack) van <zanenj_at_noord-holland.nl> wrote:
Hi All,
This is what needs to be done: We have a website in a DMZ that needs to access data in our databases that are behind a firewall. I have never had to deal with DMZ, firewall issues before, so I ask this list for some advice
Neither have I.
Which is why I would start with MetaLink Note 152133.1.
SECOND question.
Is this a good way to go through the firewall? Or are there issues with this way of doing it. Furthermore hwo did you solve this.
Poking holes in your firewall is not generally considered a good practice.
See the note I mentioned, then do further searches on MetaLink.
--
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist
--
http://www.freelists.org/webpage/oracle-l
Received on Wed Aug 02 2006 - 21:18:23 CDT
![]() |
![]() |