I think you need to go to 4.1 SP2. This is from the release notes under the
Feature Enhancements section...
Support for Oracle Net8
Support for Oracle's Net8 protocol with NAT has been added. In order to
allow Net8 connections, use the
'sqlnet2' service in the Rule Base. Note that Net8 will not work properly
through the VPN/FireWall Module
in a configuration where domain name is used to specify host address rather
than a dotted-decimal IP
address.
--------------------------------------------------------------------------------------------
C. Paul Simons
Corporate Network Services
IHS Energy Group, Englewood, CO.
Main: +1 303 736 3000
Direct: +1 303 736 3451
Fax: +1 303 736 3860
Mobile: +1 303 748 5242
[EMAIL PROTECTED]
Sent by: To:
[EMAIL PROTECTED]
[EMAIL PROTECTED] cc:
kpoint.com Subject: [FW1]
Oracle 8.1.6 and NAT on Firewall-1
10-10-00 05:50
Hi:
Has anyone got SQLnet under 8.1.6 working with NAT?
We are currently running FW-1 4.0 and have Oracle 8.0.4 working
successfully with NAT and the sqlnet2 inspect script.
However it appears that the sqlnet2 inspect does not match the new
data packets under 8.1.6. I have run a sniffer against the two data
streams
and have confirmed that the data packet containing the internal address and
port number has changed between the two versions. below is an example of
the two data packets as seen on the outside of the firewall. Note the
'HOST' on the 8.0.4 version is the translated address as defined and
replaced by the firewall, whereas in the 8.1.6 version it is the internal
address, unchanged: In both cases there is 16 bytes of non-ASCII data at
the beginning which I have not shown here, the remaining is ASCII data.
8.0.4 - (ADDRESS=(PROTOCOL=tcp)(DEV=1240)(HOST=198.165.X.Y)(PORT=3299))
8.1.6 - (ADDRES=(PROTOCOL=tcp)(HOST=192.168.A.B)(PORT=3899))
Note the missing "(DEV=1024)" in the second packet.
Thanks in advance for any assistance
Shawn Kearley
===========================
Shawn Kearley
Infrastructure Analyst
Newfoundland Power Co. Ltd.
Phone: (709) 737-5724
Fax: (709) 737-5832
Email: [EMAIL PROTECTED]
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
