- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Oracle Connection through firewall
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-01-2002 08:27 AM
тАО05-01-2002 08:27 AM
Oracle Connection through firewall
IIS server is ourside firewall(sort of), which is Oracle DB client.
For Oracle server, we know that we can set to let only one port out. But how can I set IIS port range for inbound traffic.
Or any one can "redirect" me to relevant articles.
Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-01-2002 08:46 AM
тАО05-01-2002 08:46 AM
Re: Oracle Connection through firewall
GL,
C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-01-2002 08:50 AM
тАО05-01-2002 08:50 AM
Re: Oracle Connection through firewall
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-01-2002 09:48 AM
тАО05-01-2002 09:48 AM
Re: Oracle Connection through firewall
I agree w/Bill 100%.
There are dozens of known Oracle exploits out in the field. And Oracle is one of the toughest apps to "lock down". The first issue to tackle would be ports. The client initially connacts on a specific port (usually 1521) but then client/server negotiate a higher port for further comm. This would have to be strictly controlled. You would definitely need expert help in this area.
I, myself, would never attempt it.
The better solution would be to move the client system inside the FW so the issue would become moot.
Rgds,
Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-01-2002 12:02 PM
тАО05-01-2002 12:02 PM
Re: Oracle Connection through firewall
HTH
Dave.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-02-2002 03:15 AM
тАО05-02-2002 03:15 AM
Re: Oracle Connection through firewall
Oracle's SQL*Net is a rather tricky protocol but it can be managed keeping in mind the following:
SQL*Net (on Unix) uses only one port which by default is 1521 and is defined in your listener.ora file (for the rdbms server) and tnsnames.ora (for the client).
According to the info I got on SQL*Net (which you can get a hold of in Oracle's Metalink look for Notes 125021.1 and 66382.1) There are two exceptions on which SQL*net will negotiate the port number (once again in Unix):
a) Your RDBMS Server is configured with the Multithreaded Server option
b) you are using Oracle SSL
In case your installation is using MTS (MultiThreaded Server) you can specify on which port number each dispatcher will listen.
As for SSL the docs I mentioned are less clear on what to do, they say that the ports can be specified but give no examples. They also mention that an alternative (if you are using SQL*net version 8) would be to use a software package called Oracle Conection Manager which supposedly can do things like discriminate from which IP addresses will accept connections and will also show a fixed port number so the traffic can be rerouted via a packet filtering firewall.
On NT Oracle WILL negotiate the port number regardless of what options you are using , but it can be forced (after setting a registry key called USE_SHARED_SOCKET)
Some proxy based Firewalls (such as Gauntlet) include a proxy for SQL*net, however this is in itself a can of worms since of course there at least two different versions of the protocol that they must support and also there is the usual problem with such firewalls: Performance)
Hope this helps
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-02-2002 04:25 AM
тАО05-02-2002 04:25 AM
Re: Oracle Connection through firewall
Your firewall software must be Oracle compillant , ie must be able to resolve the port redirect that the listener does.
If your Firewall don't handle this you'll have to look into the Oracle Connection Manager to manage the ports in use.
mvh
Andreas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-02-2002 04:40 AM
тАО05-02-2002 04:40 AM
Re: Oracle Connection through firewall
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-02-2002 08:09 AM
тАО05-02-2002 08:09 AM
Re: Oracle Connection through firewall
Thanks, every one.
Make it clear:
1. IIS is not actually outside firewall. We have two layer firewalls, in the middle of which IIS Server is.
2. Oracle Server is inside the second layer firewall, which is completely shutdown for all traffics right now, even for the traffics from hosts inside first layer.
3. I am the DBA. We are think of open some ports for IIS Server. But before that we must be able to predict the port range that will go in. (I could be wrong. I think that once the door is open, how wide it is doesn't make much of difference. But it isn't my position to comment.)
4. As I said, there is no problem to predetermine the port on Oracle Server side.
5. The question is still that how we can limit the port range from the Oracle client side. Has anyone done that before? On NT and UNIX.
Thanks again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-02-2002 08:20 AM
тАО05-02-2002 08:20 AM
Re: Oracle Connection through firewall
I signed the point according to usefulness of message to me. Not on the message itself. All the message are good. But not all of them helped me.