On Tue, Apr 23, 2002 at 02:42:38PM -0700, Designer Seven wrote: > --- [EMAIL PROTECTED] wrote: > > On Tue, Apr 23, 2002 at 12:57:47PM -0300, Rodolfo Siviero Stein wrote:
> > > I am a Newbie to iptables and I need to use SqlPlus to > > > connect to a Oracle Server behind a linux box using iptables. > > > The sqlplus use a protocol called sqlnet and I search the > > > web and some firewall companies says that her products do "sqlnet > > > proxy" feature. <snip> > At my company, we support Oracle SQLNet (1521/tcp) between many clients and > databases over a linux/netfilter firewall. The only ports we require is > 1521/tcp. I HIGHLY recommend NOT to use a SQL*Net proxy. That would require > reconfiguring ALL clients to do source routing in the tnsnames.ora file for > each client. It is a difficult to maintain and rather messy workaround. The > better route is simply to allow port 1521/tcp straight through. Depends what an "SQL*Net proxy" is doesn't it? I presume it works like RPC application proxies, in that it'll read the SQL packets and open up the right ports accordingly. That sounds like a good thing. <snip> > We simply observed the range it 'randomly' selected from, and open a range > of about 4000 ports from one database server to another. 4000! Glurk. > If you are using a newer Oracle gateway product, it is now possible to > restrict the communications only to port 1521/tcp by configuring 'port > reuse'.... but that wasn't an option for us. Fair enough, I think that's how I solved the problem when I faced it... got someone else to upgrade their Oracle box :) -- FunkyJesus System Administration Team
