From owner-freebsd-net Mon Jul 5 23:29:57 1999 Delivered-To: freebsd-net@freebsd.org Received: from mtk.comcor.ru (mtk.comcor.ru [212.45.0.156]) by hub.freebsd.org (Postfix) with SMTP id AA8491532F for ; Mon, 5 Jul 1999 23:29:46 -0700 (PDT) (envelope-from ryndin@mtk.comcor.ru) Received: by mtk.comcor.ru(Lotus SMTP MTA v4.6.3 (733.2 10-16-1998)) id C32567A6.0023A99A ; Tue, 6 Jul 1999 10:29:31 +0400 X-Lotus-FromDomain: COMCOR From: ryndin@mtk.comcor.ru To: net@freebsd.org Message-ID: Date: Tue, 6 Jul 1999 10:29:37 +0400 Subject: Firewall and Oracle SQLNet Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi everybody! Does anybody manage to install firewall before an Oracle SQL Server? We need to allow a few remote users to connect to our Oracle SQL Server. We install FreeBSD box with ipfw and discover next problem: we allow for remote users to connect to the Oracle box using port mentioned in SQLNet listener configuration (1521). But remote user try to connect twice: first time using port mentioned above and second time using some other port, which, as we suggest, Oracle server sent him during first connection. This port value start from 1030 (after Oracle restart) and increase after each connection and we don't manage to find it upper limit. As we suggest, Oracle uses second port to resolve sessions. We think that it is not a very good idea to allow users to connect to our server using such a wide port range. We look through all Oracle documentation and don't find any mention about the second connection. Oracle's people said that we need to use Oracle certified firewall, but it cost about 30000 backs and what hell of it!!!!! The question is does anybody managed to restrict Oracle in range of using second port values or have any idea about how to do it (there is no way to configure it in SQLNet configuration file). Thanks in advance, Alexey Ryndin. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message