Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Client connection to Server behind Firewall

Re: Client connection to Server behind Firewall

From: Sybrand Bakker <postbus_at_sybrandb.demon.nl>
Date: Fri, 30 Nov 2001 11:59:10 +0100
Message-ID: <u0eq0c9jbv8ae1@corp.supernews.com> 






"Alex So" <alexso_at_mail.com> wrote in message
news:9u7lmc$q3t$1_at_hfc.pacific.net.hk...


> Hi, all.

>

> I have a question regarding Oracle client connection to Oracle Server

behind


> firewall. The senario is deppicted as followed.

>

> 1521                                         1521                     ????

> [S]-----------------[Switch]-----------------[Firewall]---------------[C]

> Oracle                                       CkeckPoint

Oracle


> Server



Client


>

> Oracle Listener is using port 1521. Oracle client (SQL*Net/Net8) connects

to


> the server via a random port. With the above configuration, no clients are

> able to connect because the firewall has port 1521 opened only. I have

heard


> that

>

> (i) Configuration can be done on the firewall to allow SQL*Net version 1

or


> version 2 to operate. However, it seems that no configuration for such is

> available on the firewall hardware.

>

> (ii) Oracle Connection Manager can be set up in between the firewall and

the


> clients, such that client connection is made between the Connection

Manager


> and the Oracle Client via any random port. And, connection between

> connection manager and Oracle server is made via port 1521. Unfortunately,

> the I am not able to locate Oracle Connection Manager in the Oracle

Product


> CD. Any hint?

>

> Can someone give me some hints with (i) and (ii)?

>

> Thanks and regards,

>

> Alex

>

>




(1) is dependent from the firewall vendor
(2) Oracle Connection Manager comes with 8i, both standard and enterprise
edition. There are two services managing Oracle Connection Manager, Ora81cm
and ora81cmadm. The sw in itself is included in sqlnet, I believe
You should use an extra port, the default is 1630
Then you should add


address=(protocol=tcp)(host=<Oracle connection manager host>)(port=1630)) to
the address_list block of the affected instance in tnsnames.ora
and you should add


(source_route=yes) below the (connect_data) block.
Also you should add


use_cman = true


in sqlnet.ora



Just implemented this yesterday at a site and it works.



Hth


--
Sybrand Bakker
Senior Oracle DBA

to reply remove '-verwijderdit' from my e-mail address


Received on Fri Nov 30 2001 - 04:59:10 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US