Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Used ports on oracle
"Oebele Dijkstra" <O.Dijkstra_at_odconsult.net> wrote in message
news:4055b7fa$0$67332$e4fe514c_at_dreader8.news.xs4all.nl...
> hello all,
>
> We try to connect to an oracle database over a VPN.
>
> I thought only the listener port (1521 by default) should be opened in the
> firewall.
That would be the case if, having contacted the listener, you stayed connected to it. But you don't: the listener forwards you on to a server process which it spawns on a completely random port. You need to be able to connect to that randomly-chosen port.
Which means drilling enough holes in your firewall that it acts more like a sieve than a firewall, or upgrading your firewall technology. Statefull packet inspection firewalls are what you need, preferably one certified by Oracle.
Or you could spend a smallish fortune on licensing the CMAN ("Connection Manager") product from Oracle. One of its jobs is to drill through firewalls on a well-defined few-port basis.
Regards
HJR
> But: in the sqlnet.ora on the server i can see that i am connected but on
my
> client i get a timeout message.
>
> It looks like other ports should be opened as well.
> Which one(s) ?
>
> Thanks,
>
> Oebele
>
>
> --
> Oebele Dijkstra
> --
> Email: O.Dijkstra_at_odconsult.net
>
>
Received on Mon Mar 15 2004 - 08:13:14 CST