Todd Pearsall wrote: > > You should be on the right path. port 1521 is the default Oracle listener > port. Once you connect to the listener it spawns processes on other ports > to continue the conversation. > > With Oracle inside the firewall you need to let 1521 in and then Oracle > starts communication on the other ports that LEAF should let out. > > Does the Oracle box have a routable IP or is it masquareded. If it's > masquareded be sure to open 1521 and then forward it to the Oracle box. I > would assume the dynamically assigned ports would be handled fine by the > normal masquarding logic. (maybe?) > > Sorry for the lack of specific suggestions.
That was great. Just to reword it a bit, on the LEAF: The internal nic is generally set by the firewall rules to accept everything inbound and outbound. There's a masq rule for the private internal lan. The external nic is then opened to new TCP and/or UDP traffic on port 1521 both inbond and outbound. A portforwarding tunnel rule is then set in place that forwards TCP and/or UDP traffic from the firewall IP on port 1521 to the Oracle computer's IP on port 1521. Even though the rule is "from this comp to that comp," it really is "back and forth between comp and comp." It's a 2-way tunnel. Any traffic from the Oracle IP's port 1521 destined for the Internet will get tunneled, and it will then look like traffic from your firewall IP's port 1521 destined for the internet. And finally, all traffic from the internal lan is allowed out the external nic, with a few caveats for the paranoid :) Because a firewall generally logs everythings that's not specifically allowed, any strangeness should appear in the syslog, and you can make adjustments as necessary. Regards, Matt _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
