Arup Nanda scribbled on the wall in glitter crayon:
> (1) use firewall around the subnet where both app/web server and db
> server exist; not a firewall between them.
> (2) Use TCP Node checking to restrict Net8 traffic to the db server
> only from the app server.
> (3) Use Connection Manager. USing CM, known ports are used for
> communication, typically 1630 and 1631 (or is it 1634?) and only
> those can be opened up for connection.
> (4) Use Shared Servers. The connectiosn pass through the dispatchers.
> Since the ports used by them can be known, those ports can be opened
> up. (5) Use SSH redirection.
> (6) Use a commercial firewall product that can perform
> proxy-redirection, which preserves the port number in all established
> connections, even though actual ports used may be different.
>
> If anyone has any more options, I would love to know.
Oracle has worked wit a number of firewall venders to allow their firewalls
to detect NET8 traffic. that way it can be set up to pass traffic between
two nodes with a simple rule. and i'm sorry but i'm out of the network set
up side so i don't know the current list of firewall venders this works
with, but it would pay to check with yours and see if this is available.
you sometimes need to either add a plug in or update the firewall itself.
--
Bill "Shrek" Thater ORACLE DBA
"I'm going to work my ticket if I can..." -- Gilwell song
[EMAIL PROTECTED]
------------------------------------------------------------------------
Maniac: An early computer built by nuts...
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Thater, William
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
