6 Replies Latest reply: Jul 5, 2012 5:12 AM by rukbat RSS

    Access Oracle behind firewall

    879616

      Hi,

      This question might be asked multiple times but i haven't seen a proper solution. I have a Oracle 9 server inside MZ & another server in DMZ. now i have to access Oracle (Through Sql Plus / JDBC) from DMZ. i have opened TCP/1521 port on firewall, but unable to access it. Giving timed out error. Once i opened all ports from DMZ to MZ (Oracle DB Server), able to login into Oracle through SQL Plus/JDBC connection. Kindly let me know how can i force oracle listener to use only 1521 port. Currently it's using random dynamic ports. I have tried with reg key USE_SHARED_SOCKET=TRUE under HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE also, but still not working only on 1521 port.


      Dhiraj

        • 1. Re: Access Oracle behind firewall
          jschellSomeoneStoleMyAlias
          Presumably you mean the following.

          DMZ (Java App) =>firewall=> MZ (Oracle Server)
          Currently it's using random dynamic ports
          Which has nothing to do with java nor Oracle for that matter. That is how standard TCP traffic works.

          I would suppose that either you have your firewall locked down incorrectly or that you have a very unusual requirement which is going to require a lot of research to determine an answer. Normally you lock down incoming ports not outgoing (at least not to the extent that you limit them versus where they are allowed to go.)
          • 2. Re: Access Oracle behind firewall
            879616
            Thanks for your response. I have a small query. i have opened port 1521 for server A (MZ)(destination) from Server B (DMZ) (source) & tried to use Sqlplus from server B. but getting ORA-12535 TNS:operation timed out. Now when i opened all ports from Server B to server A, able to login into Sqlplus. seems something needs to be done at Oracle server end to restrict listener port on 1521 only. i am able to see in Firewall connections are trying to random ports (4786, 4790 everytime different port). same i am able to see in listener.log file. i saw some threads where people have suggested to use Connection manager / USE_SHARED_SOCKET=TRUE in HKLM>Software>Oracle but it's not working. We are using windows 2003 SP2 server. Kindly let me know if someone have done the same. I think there has to be some solution.

            Dhiraj

            Edited by: 876613 on Aug 3, 2011 3:07 AM
            • 3. Re: Access Oracle behind firewall
              104998
              Hi Dhiraj,

              See if your firewall supports SQL*Net proxy. If yes, enable that and than you will only need to open the lsiterner port (1521 is the default) in the fire wall.

              HTH.

              Paresh
              • 4. Re: Access Oracle behind firewall
                879616
                Hi Paresh,

                I am checking options in Firewall. But i think there must be some option at Oracle end. This can't be a common behaviour of any application. There should be some wayout to restrict listener ports on 1 port or atleast on a range of ports.

                Dhiraj
                • 5. Re: Access Oracle behind firewall
                  879616
                  Hi,

                  Problem has been resolved now. USE_SHARED_SOCKET=TRUE doesn't work. i have opened only 1521 & 1525 ports on firewall. i have checked if i will open 1521 & 1526 then also it's working as expected.

                  Thank you all for your suggestions.

                  Dhiraj
                  • 6. Re: Access Oracle behind firewall
                    rukbat
                    This thread has nothing to do with JDBC.
                    It doesn't belong in this JDBC forum.

                    The thread is locked.