Thanks, It is seeing the Server tunnel address - the only way it works at all is by specifying the server tunnel address as the server name (in host file) on the client side.
FYI: This is the scenario where the Oracle client is located in the PSN and the Oracle server is in the PRO - pretty much opposite the norm. Unfortunately, I have no say in the matter. It was engineered this way (behind the firewall), and now I have to make it work in the firewall scheme. I am very much aware of the risks with this setup - this is why I have filters that specifically state "any IP other than the one for the client will be denied" - to everything else, and vice-versa. I also have filters set so that excessive traffic will trigger alarms - in case someone cracks the client and starts cracking at my PRO net. Another piece of information: I was surprised at how large the data stream was for the SQL_NET packets. I am getting about 80K of data per transaction. Transactions include initiating connection, logging into database, submitting query... In some cases this jumped to about 250K, with about 5 to 10 transactions per query. This is far more than I expected, but probably not enough to impact firewall performance itself. I am totally in the dark on this. I have looked at everything (I think) twice. Danny -----Original Message----- From: Steve Leach [mailto:[EMAIL PROTECTED] Sent: Friday, March 28, 2003 10:06 AM To: [EMAIL PROTECTED] Subject: Re[2]: [gb-users] SQL_NET Proxy... Danny, Is the target server seeing the raw address of the client connector or the gateway address of the Gnatbox? If it is the Gateway you could try this fairly simple test? On the target server just add an entry in it's host file (if it uses DNS & hosts) to resolve to gateway like 192.168.x.254 gateway Or something like that......it may help out, and once you know one way or the other you can determine how to deal with it permanently. -- Best Regards, Steve Leach Network Manager MI International Ltd Tel: +44 (0)1642 356 205 Fax: +44 (0)1642 356 229 [EMAIL PROTECTED] www.mi-int.com www.askalix.com DISCLAIMER Any opinions expressed in this e-mail are those of the individual and not necessarily of MI International Ltd. This e-mail and any information or files transmitted with it, including replies and forwarded copies, are confidential and intended solely for the use of the intended individual or entity. If you are not the intended recipient, please e-mail [EMAIL PROTECTED], along with a copy of the e-mail. ---------------------------------- Friday, March 28, 2003, 5:58:49 PM, you wrote: CDH> I know that FTP and many web performance issues can be related to CDH> configuring a WWW server to attempt RDNS. Any inability to resolve RDNS CDH> causes the server to "hang", until a specified timeout passes. CDH> It was a similar cause on another box I managed in the past that was CDH> quickly remedied by turning that feature off. The improvement in CDH> performance was very dramatic. CDH> I like the sniffer idea. Just need to find one for Win 2k (for my CDH> laptop). CDH> Danny CDH> -----Original Message----- CDH> From: David Morris [mailto:[EMAIL PROTECTED] CDH> Sent: Friday, March 28, 2003 9:50 AM CDH> To: Cox, Danny H. CDH> Cc: CDH> Subject: Re: [gb-users] SQL_NET Proxy... CDH> Use a network sniffer if you can, I'd bet there is a RDNS associated CDH> with CDH> the oracle activity. I get similar awful performance when I initiate FTP CDH> connections from the PRO to PSN for web server update purposes. CDH> Something that FTP is attempting to lookup is going thru a reverse DNS CDH> timeout before it is apparently successful. Since I do updates a couple CDH> times a year, this hasn't been worth tracking down. CDH> Dave Morris CDH> On Fri, 28 Mar 2003, Cox, Danny H. wrote: >> I have managed to get partial resolution to my Oracle connectivity CDH> issue >> on GTA-PRO. >> >> >> >> I had to create a filter, with tunnels and alias' that allows all >> protocols to use port 66. It seems a bit weak on performance, and it CDH> may >> be weak on security with <all> on protocols. >> >> >> >> It works, but connectivity is very slow - about 15 seconds for the CDH> main >> page to appear, and another 30 for the Oracle inputs to migrate to and >> fro. >> >> >> >> So far, all my attempts to crack through have failed. >> >> >> >> Perhaps because I also added filters that say everything else (IP >> addresses) is blocked to the service and IP. >> >> >> >> Anyone know of a good crack tool I can test with? >> >> >> >> Anyone have ideas what may be causing my performance issues, other CDH> than >> IDENT, and RDNS related issues? I allow IDENT and am checking RDNS >> (feature to be off) on the WWW configuration. >> >> >> >> I am certain it is my firewall configuration - I am missing something! >> >> >> >> All help is appreciated. >> >> >> >> Danny H. Cox >> >> Yield Dynamics, Inc. >> >> (408) 764-9822 >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> To subscribe to the digest version first unsubscribe, then >> e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> Archive of the last 1000 messages: >> http://www.mail-archive.com/[EMAIL PROTECTED] CDH> --------------------------------------------------------------------- CDH> To unsubscribe, e-mail: [EMAIL PROTECTED] CDH> To subscribe to the digest version first unsubscribe, then CDH> e-mail: [EMAIL PROTECTED] CDH> For additional commands, e-mail: [EMAIL PROTECTED] CDH> Archive of the last 1000 messages: CDH> http://www.mail-archive.com/[EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[EMAIL PROTECTED]
