Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Access Oracle via Firewall

Re: Access Oracle via Firewall

From: Odd Harry Ophaug <odop_at_osl.ifsab.se>
Date: 1997/05/16
Message-ID: <01bc6203$6ae75260$a07c96c0@odop.osl.ifsab.se>#1/1 







Try this:


        (ADDRESS =
          (COMMUNITY = xxxx.world)
          (PROTOCOL = TCP)
          (Host = ip-address1)
          (Port = 1526)
        )
        (ADDRESS =
          (COMMUNITY = xxxx.world)
          (PROTOCOL = TCP)
          (Host = ip-address2)
          (Port = 1526)
        )





i.e. two entries in tnsnames.ora,  one for the address that the client uses
(the firewall) and one for the server.

-- 
Odd Harry Ophaug
IFS Norge
+47 66907386
odop_at_osl.ifsab.se

Jim Baska <jim_at_Xsprintmail.com> wrote in article
<337B1CF0.58C9_at_Xsprintmail.com>...


> I am attempting to access an Oracle 7.1 data base through a firewall

> (not a proxy firewall) using SQL*Net 2.3.  The IP address that is in

> HOSTS and accessed via TNSNAMES.ORA is an address on the firewall.  On

> the backside of the firewall is the Oracle data base with the actual IP

> address.  The firewall takes care of all the translations so that it

> should be transparent to the client.  Well, not for SQL*Net 2.3.

> 

> Apparently, when the first connect message is sent through SQL*Net 2.3,

> it sends it to the firewall address.  The firewall then sends the

> message on to the data base.  When the connect response is returned,

> SQL*Net LOOKS INSIDE THE RETURNED PACKET to get the real address of the

> data base.  It is this address that it then uses from here on out to

> address the data base.  This address (the true data base address) is not

> reachable by the client (if it were, we wouldn't be going through the

> firewall in the first place).

> 

> Why does SQL*Net 2.3 look inside packets to get real addresses?  Why

> doesn't it trust what is inside TNSNAMES.ORA and HOSTS?  When did Oracle

> decide to change this, since SQL*NET 1 works fine through this firewall

> (although, as I understand it, SQL*Net 1 uses nailed up connections)? 

> Does anyone know of any work arounds for this (Oracle says changing the

> firewall to a proxy firewall, but that means we have to change all the

> other client applications that work through this firewall to understand

> about proxy firewalls)?

> 

> TIA,

> Jim Baska

> 



Received on Fri May 16 1997 - 00:00:00 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US