sqlplus through VPN not work, but tnsping work 2004-12-16 - By Hollis, Les
What we have done to allow the access thru the firewall is to set up
NATTED IP 's. All of our servers are behind a firewall with IP 's in the
167.124.xxx.xxx range. =20
As all of the 'support ' people are typically outside of the firewall, we
had out network engineer setup IP 's on the corporate network ( we are
the outsourced IT provider for this company) and NATted them thru the
firewall to allow direct telnet and SQLNET access.
The NATted IPs are in the 165.136.xxx.xxx range. When I connect to the
DB thru SQLNET, my tnsnames.ora file looks something like this....
RMMTST.WORLD =3D
(DESCRIPTION =3D
(SOURCE_ROUTE =3D OFF)
(ADDRESS_LIST =3D
(ADDRESS =3D=20
(PROTOCOL =3D TCP)
(HOST =3D 165.136.xxx.xxx) < <=3D=3D=3D=3D=3DThe NATTED IP
(PORT =3D 1541)) =20
)
(CONNECT_DATA =3D
(SID =3D CDRTST)
(SERVER =3D DEDICATED)
)
)
(Yes the SID and alias are different...we consolidated the RMM database
into the CDR database and left alias the same but pointing to the
correct SID...that way all of the apps front ends would not need to be
recoded for the change)
LIS_TST =3D
(ADDRESS_LIST =3D
(ADDRESS =3D
(PROTOCOL =3D TCP)
(Host =3D 165.136.xxx.xxx)
(Port =3D 1541)
)
)
SID_LIST_LIS_TST =3D
(SID_LIST =3D
(SID_DESC =3D
(SID_NAME =3DCDRTST)
(ORACLE_HOME =3D /opt/oracle/8.1.7)
)
Many others removed for brevity.....
We do not try to tunnel thru the firewall directly using sqlnet proxy or
opening up ports.
-- --Original Message-- --
From: oracle-l-bounce@(protected)
[mailto:oracle-l-bounce@(protected)] On Behalf Of Shrek
Sent: Thursday, December 16, 2004 9:53 AM
To: Carol.Bristow@(protected)
Cc: mzito@(protected); Oracle-L (E-mail)
Subject: Re: [Q] sqlplus through VPN not work, but tnsping work
On Thu, 16 Dec 2004 09:27:13 -0600, Carol Bristow
<Carol.Bristow@(protected) > wrote:
> As mentioned in an earlier message (I forget by who at the moment),
only
> the initial SQL*Plus connection goes through port 1521 (or whichever
> port your listener is listening on). Once the initial connection is
> made, a different port number is dynamically assigned to the session.
> There is a way to force all traffic to go through a single port, but I
> had problems when I tried to set it up in version 8. Check the
> Netowking documentation.
most firewalls have modules that will direct SQL*Net traffic through
one port. you need to get the firewll admin to look into getting and
configuring the SQL*Net proxy for whatever firewall you have. that
way they only have to open one port for all the traffic.
--=20
--
Bill "Shrek " Thater ORACLE DBA =20
shrekdba@(protected)=20
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ----
I am my beloved 's, and my beloved is mine (Song of
Solomon 6:3)
--
http://www.freelists.org/webpage/oracle-l
--
http://www.freelists.org/webpage/oracle-l
|
|
