something you might find interesting http://www.kb.cert.org/vuls/id/180147
--- [EMAIL PROTECTED] wrote: > On Tue, Apr 23, 2002 at 02:42:38PM -0700, Designer > Seven wrote: > > > --- [EMAIL PROTECTED] wrote: > > > On Tue, Apr 23, 2002 at 12:57:47PM -0300, > Rodolfo Siviero Stein wrote: > > > > > I am a Newbie to iptables and I need > to use SqlPlus to > > > > connect to a Oracle Server behind a linux box > using iptables. > > > > The sqlplus use a protocol called > sqlnet and I search the > > > > web and some firewall companies says that her > products do "sqlnet > > > > proxy" feature. > > <snip> > > > At my company, we support Oracle SQLNet (1521/tcp) > between many clients and > > databases over a linux/netfilter firewall. The > only ports we require is > > 1521/tcp. I HIGHLY recommend NOT to use a SQL*Net > proxy. That would require > > reconfiguring ALL clients to do source routing in > the tnsnames.ora file for > > each client. It is a difficult to maintain and > rather messy workaround. The > > better route is simply to allow port 1521/tcp > straight through. > > Depends what an "SQL*Net proxy" is doesn't it? I > presume it works like RPC > application proxies, in that it'll read the SQL > packets and open up the > right ports accordingly. That sounds like a good > thing. > > <snip> > > > We simply observed the range it 'randomly' > selected from, and open a range > > of about 4000 ports from one database server to > another. > > 4000! Glurk. > > > If you are using a newer Oracle gateway product, > it is now possible to > > restrict the communications only to port 1521/tcp > by configuring 'port > > reuse'.... but that wasn't an option for us. > > Fair enough, I think that's how I solved the problem > when I faced it... got > someone else to upgrade their Oracle box :) > > -- > FunkyJesus System Administration Team > > __________________________________________________ Do You Yahoo!? Yahoo! Games - play chess, backgammon, pool and more http://games.yahoo.com/
