The one time I tried to do IIOP through a device which did network address
translation it appeared that IIOP buries source/destination addresses
inside the packet. This effectively stifled that database access method.
I have, however, had reasonably good results with SQL*NET, Oracle's
protocol for networked databases. Of course, I am using a generic TCP
proxy which takes care of mapping between the client's source/destination
address/port, the proxy's internal source/destination address/port, the
proxy's external source/destination address/port, ant the host's
source/destination address/port. I suspect the PIX may require one of
those nasty "open up a range of ports to allow for wherever the public-side
host wants to assign them" entries. Ouch
Chris Schuler <[EMAIL PROTECTED]>@lists.gnac.net on 02/19/2001
09:48:00 AM
Sent by: [EMAIL PROTECTED]
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
cc:
Subject: SQL Plus / Net and Cisco PIX
I have a developer trying to connect to an Oracle SQL database from within
my Cisco PIX (doing PAT) firewall using SQL *Plus.
The outbound connection is permitted to the database server, but the
returning connection is denied because of 'no connection'
I tried a few things with the fixup protocol support for sqlnet, and I
searched the archives and Cisco's website a bit, but have not come up with
any solid leads.
If anyone has any pointers please let me know.
The SQL *Plus client either says no initiator or no connection. The SQL
database is configured to listen to the IP address the data is leaving my
network as (my global PAT addresss).
...wait a minute.... if the fixup protocol is striping/replacing ip
addresses inside the packet, could the database think the connection is
coming from his internal private ip address instead of my global PAT
address? help!
-Chris
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
