Sqlnet & Firewall

Sqlnet & Firewall

Post by defaul » Thu, 07 May 1998 04:00:00



Hi:

    I have Oracle 8.0.4 and Net8 on NT server, and Raptor System4.x
Firewall in the middle on another box. Firewall allows Sqlnet traffic go
through port 1521 only.
After Listener handshake on the server side, it pass back a different
port to the client instead of 1521, then the connection fails. The
Oracle server not runs as MTS,
no Oracle Connection Manager running either. Oracle Tech support say
Net8 could use the same port 1521 for Internet connection from Firewall,
but I look at Sqlnet
trace file at my client side it is not, I am not sure I miss something
on the server sqlnet setup? Any suggestion would help.

Thank you

Johnny

 
 
 

Sqlnet & Firewall

Post by Javadive Tec » Thu, 07 May 1998 04:00:00


if i am not wrong it uses port 1526. i think you can configure it to 1521. i
hope this helps..

 
 
 

Sqlnet & Firewall

Post by Andrew Protaso » Thu, 07 May 1998 04:00:00


Hi Johnny,

1521 (or 1526) is used only by listener when client program tries
to connect. In dedicated mode (your case) new server process
is forked by listener to serve client requests. And this new
process uses another port (not 1521 or 1526). This is
described in Net8 Administrator's Guide.

       Andrew Protasov


>Hi:

>    I have Oracle 8.0.4 and Net8 on NT server, and Raptor System4.x
>Firewall in the middle on another box. Firewall allows Sqlnet traffic go
>through port 1521 only.
>After Listener handshake on the server side, it pass back a different
>port to the client instead of 1521, then the connection fails. The
>Oracle server not runs as MTS,
>no Oracle Connection Manager running either. Oracle Tech support say
>Net8 could use the same port 1521 for Internet connection from Firewall,
>but I look at Sqlnet
>trace file at my client side it is not, I am not sure I miss something
>on the server sqlnet setup? Any suggestion would help.

>Thank you

>Johnny

 
 
 

Sqlnet & Firewall

Post by Mitko Stoyano » Fri, 08 May 1998 04:00:00



> Hi Johnny,

> 1521 (or 1526) is used only by listener when client program tries
> to connect. In dedicated mode (your case) new server process
> is forked by listener to serve client requests. And this new
> process uses another port (not 1521 or 1526). This is
> described in Net8 Administrator's Guide.

>        Andrew Protasov


> >Hi:

> >    I have Oracle 8.0.4 and Net8 on NT server, and Raptor System4.x
> >Firewall in the middle on another box. Firewall allows Sqlnet traffic go
> >through port 1521 only.
> >After Listener handshake on the server side, it pass back a different
> >port to the client instead of 1521, then the connection fails. The
> >Oracle server not runs as MTS,
> >no Oracle Connection Manager running either. Oracle Tech support say
> >Net8 could use the same port 1521 for Internet connection from Firewall,
> >but I look at Sqlnet
> >trace file at my client side it is not, I am not sure I miss something
> >on the server sqlnet setup? Any suggestion would help.

> >Thank you

> >Johnny

It maybe because you use NT as the server platform, I think there were
posts before about the problems with the NT listener not capable of
reusing ports.

Otherwise, the above setup works for me, I run Enterprise 8.0.3 on
Solaris 2.5.1 .
--
Mitko Stoyanov
Systems Engineer                                Ph. (02) 9288 3635

http://www.ni.com.au/

 
 
 

Sqlnet & Firewall

Post by Andrew Protaso » Sat, 09 May 1998 04:00:00


Hi Mitko,
Hi Johnny,

It seems that my previous posting was not correct. Today I checked
my Oracle 8.0.3 for NT server using netstat. My server is named SEP
and my workstation - PROTASOV. I established three sessions
from my pc and all of them use server port 1521. Listener uses
the same port too. So, it should be no problems with firewall.

               Andrew Protasov

Active Connections
  Proto  Local Address          Foreign Address        State
  TCP    sep:1026               0.0.0.0:0              LISTENING
  TCP    sep:9999               0.0.0.0:0              LISTENING
  TCP    sep:80                 0.0.0.0:0              LISTENING
  TCP    sep:135                0.0.0.0:0              LISTENING
  TCP    sep:135                0.0.0.0:0              LISTENING
  TCP    sep:1025               0.0.0.0:0              LISTENING
  TCP    sep:1025               localhost:1026         ESTABLISHED
  TCP    sep:1026               localhost:1025         ESTABLISHED
  TCP    sep:137                0.0.0.0:0              LISTENING
  TCP    sep:138                0.0.0.0:0              LISTENING
  TCP    sep:nbsession          0.0.0.0:0              LISTENING
  TCP    sep:1521               0.0.0.0:0              LISTENING
  TCP    sep:1521               PROTASOV:1258          ESTABLISHED
  TCP    sep:1521               PROTASOV:1265          ESTABLISHED
  TCP    sep:1521               PROTASOV:1271          ESTABLISHED
  UDP    sep:135                *:*
  UDP    sep:nbname             *:*
  UDP    sep:nbdatagram         *:*



>> Hi Johnny,

>> 1521 (or 1526) is used only by listener when client program tries
>> to connect. In dedicated mode (your case) new server process
>> is forked by listener to serve client requests. And this new
>> process uses another port (not 1521 or 1526). This is
>> described in Net8 Administrator's Guide.

>>        Andrew Protasov


>> >Hi:

>> >    I have Oracle 8.0.4 and Net8 on NT server, and Raptor System4.x
>> >Firewall in the middle on another box. Firewall allows Sqlnet traffic go
>> >through port 1521 only.
>> >After Listener handshake on the server side, it pass back a different
>> >port to the client instead of 1521, then the connection fails. The
>> >Oracle server not runs as MTS,
>> >no Oracle Connection Manager running either. Oracle Tech support say
>> >Net8 could use the same port 1521 for Internet connection from Firewall,
>> >but I look at Sqlnet
>> >trace file at my client side it is not, I am not sure I miss something
>> >on the server sqlnet setup? Any suggestion would help.

>> >Thank you

>> >Johnny

>It maybe because you use NT as the server platform, I think there were
>posts before about the problems with the NT listener not capable of
>reusing ports.

>Otherwise, the above setup works for me, I run Enterprise 8.0.3 on
>Solaris 2.5.1 .
>--
>Mitko Stoyanov
>Systems Engineer Ph. (02) 9288 3635

>http://www.ni.com.au/