RE: VPN access to 9ias instance behind firewall
Title: Message Mladen/Jared - please send. I would be really grateful. Thanks, Paula -Original Message-From: Mladen Gogala [mailto:[EMAIL PROTECTED]Sent: Wednesday, August 27, 2003 5:45 PMTo: Multiple recipients of list ORACLE-LSubject: RE: VPN access to 9ias instance behind firewall Yes, there is a way of doing that through a SSH tunnel. I have the bookmark at home, I'll send it to you as soon as I get there (~7 P.M. EST, it is 4:41 EST now). Jared also has it, so he may be so nice to send it to you. --Mladen GogalaOracle DBA -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Wednesday, August 27, 2003 5:34 PMTo: Multiple recipients of list ORACLE-LSubject: RE: VPN access to 9ias instance behind firewall Any suggestions? -Original Message-From: Dong, Ping - Raleigh, NC [mailto:[EMAIL PROTECTED]Sent: Wednesday, August 27, 2003 4:54 PMTo: Multiple recipients of list ORACLE-LSubject: RE: VPN access to 9ias instance behind firewall -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Wednesday, August 27, 2003 4:30 PMTo: Multiple recipients of list ORACLE-LSubject: RE: VPN access to 9ias instance behind firewall Guys, When user trys to run our application through a VPN behind the firewall in a url they get an error. They can use ssh to get to host where I installed the application server but not run the application through their browser. Anyone deal with this issue before? Thanks, Paula Note: This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error,please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient.Wang Trading LLCand any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity.
RE: VPN access to 9ias instance behind firewall
Here it is: http://www.dbspecialists.com/presentations/net8_security.html Tested it out once, worked great. Jared [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 08/28/2003 08:14 AM Please respond to ORACLE-L To:Multiple recipients of list ORACLE-L [EMAIL PROTECTED] cc: Subject:RE: VPN access to 9ias instance behind firewall Mladen/Jared - please send. I would be really grateful. Thanks, Paula -Original Message- From: Mladen Gogala [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 5:45 PM To: Multiple recipients of list ORACLE-L Subject: RE: VPN access to 9ias instance behind firewall Yes, there is a way of doing that through a SSH tunnel. I have the bookmark at home, I'll send it to you as soon as I get there (~7 P.M. EST, it is 4:41 EST now). Jared also has it, so he may be so nice to send it to you. -- Mladen Gogala Oracle DBA -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 5:34 PM To: Multiple recipients of list ORACLE-L Subject: RE: VPN access to 9ias instance behind firewall Any suggestions? -Original Message- From: Dong, Ping - Raleigh, NC [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 4:54 PM To: Multiple recipients of list ORACLE-L Subject: RE: VPN access to 9ias instance behind firewall -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 4:30 PM To: Multiple recipients of list ORACLE-L Subject: RE: VPN access to 9ias instance behind firewall Guys, When user trys to run our application through a VPN behind the firewall in a url they get an error. They can use ssh to get to host where I installed the application server but not run the application through their browser. Anyone deal with this issue before? Thanks, Paula Note: This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Wang Trading LLC and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity.
Re: VPN access to 9ias instance behind firewall
Hi! I've used openSSH daemon for several clients for 3 years now. Almos everything I need goes through it: sqlnet, telnet, sshscp themselves, VNC, even X11. AndOpenSSH is open-source freeware. I use putty for ssh terminal, I really like it. And it's freeware too. It didn't support certificate based authentication a year ago, that's why Ioccasionally use a commercial SSH client as well. But now it might be ok. The nice thing is that, that one of my customer was offered to buy two $1 boxes for doing VPN between their offices, but we recommended to delay the purchase a bit and see our solution. We spent about 1,5 hours (had openssh compiling problems on Tru64), and set up a fully functional system for remote operations support with less than $200 bucks :) Also, ssh tunnels solution to only needed locations is safer than "open" VPN, because it eliminates most of spreadingopportunities for viruses/worms which might get loose in one office. (at least as long you aren't doing any tunnels to M$ software ;) Tanel. - Original Message - From: [EMAIL PROTECTED] To: Multiple recipients of list ORACLE-L Sent: Friday, August 29, 2003 12:04 AM Subject: RE: VPN access to 9ias instance behind firewall Here it is: http://www.dbspecialists.com/presentations/net8_security.html Tested it out once, worked great. Jared [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 08/28/2003 08:14 AM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] cc: Subject:RE: VPN access to 9ias instance behind firewallMladen/Jared - please send. I would be really grateful. Thanks, Paula -Original Message-From: Mladen Gogala [mailto:[EMAIL PROTECTED]Sent: Wednesday, August 27, 2003 5:45 PMTo: Multiple recipients of list ORACLE-LSubject: RE: VPN access to 9ias instance behind firewallYes, there is a way of doing that through a SSH tunnel. I have the bookmark at home, I'll send it to you as soon as I get there (~7 P.M. EST, it is 4:41 EST now). Jared also has it, so he may be so nice to send it to you. --Mladen GogalaOracle DBA -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Wednesday, August 27, 2003 5:34 PMTo: Multiple recipients of list ORACLE-LSubject: RE: VPN access to 9ias instance behind firewallAny suggestions? -Original Message-From: Dong, Ping - Raleigh, NC [mailto:[EMAIL PROTECTED]Sent: Wednesday, August 27, 2003 4:54 PMTo: Multiple recipients of list ORACLE-LSubject: RE: VPN access to 9ias instance behind firewall -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Wednesday, August 27, 2003 4:30 PMTo: Multiple recipients of list ORACLE-LSubject: RE: VPN access to 9ias instance behind firewall Guys, When user trys to run our application through a VPN behind the firewall in a url they get an error. They can use ssh to get to host where I installed the application server but not run the application through their browser. Anyone deal with this issue before? Thanks, Paula Note: This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Wang Trading LLC and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity.
RE: VPN access to 9ias instance behind firewall
Title: RE: VPN access to 9ias instance behind firewall Guys, When user trys to run our application through a VPN behind the firewall in a url they get an error. They can use ssh to get to host where I installed the application server but not run the application through their browser. Anyone deal with this issue before? Thanks, Paula
RE: VPN access to 9ias instance behind firewall
Title: RE: VPN access to 9ias instance behind firewall -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Wednesday, August 27, 2003 4:30 PMTo: Multiple recipients of list ORACLE-LSubject: RE: VPN access to 9ias instance behind firewall Guys, When user trys to run our application through a VPN behind the firewall in a url they get an error. They can use ssh to get to host where I installed the application server but not run the application through their browser. Anyone deal with this issue before? Thanks, Paula
RE: VPN access to 9ias instance behind firewall
Title: RE: VPN access to 9ias instance behind firewall Any suggestions? -Original Message-From: Dong, Ping - Raleigh, NC [mailto:[EMAIL PROTECTED]Sent: Wednesday, August 27, 2003 4:54 PMTo: Multiple recipients of list ORACLE-LSubject: RE: VPN access to 9ias instance behind firewall -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Wednesday, August 27, 2003 4:30 PMTo: Multiple recipients of list ORACLE-LSubject: RE: VPN access to 9ias instance behind firewall Guys, When user trys to run our application through a VPN behind the firewall in a url they get an error. They can use ssh to get to host where I installed the application server but not run the application through their browser. Anyone deal with this issue before? Thanks, Paula
RE: VPN access to 9ias instance behind firewall
Title: Message Yes, there is a way of doing that through a SSH tunnel. I have the bookmark at home, I'll send it to you as soon as I get there (~7 P.M. EST, it is 4:41 EST now). Jared also has it, so he may be so nice to send it to you. --Mladen GogalaOracle DBA -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Wednesday, August 27, 2003 5:34 PMTo: Multiple recipients of list ORACLE-LSubject: RE: VPN access to 9ias instance behind firewall Any suggestions? -Original Message-From: Dong, Ping - Raleigh, NC [mailto:[EMAIL PROTECTED]Sent: Wednesday, August 27, 2003 4:54 PMTo: Multiple recipients of list ORACLE-LSubject: RE: VPN access to 9ias instance behind firewall -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Wednesday, August 27, 2003 4:30 PMTo: Multiple recipients of list ORACLE-LSubject: RE: VPN access to 9ias instance behind firewall Guys, When user trys to run our application through a VPN behind the firewall in a url they get an error. They can use ssh to get to host where I installed the application server but not run the application through their browser. Anyone deal with this issue before? Thanks, Paula Note: This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error,please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient.Wang Trading LLCand any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity.
Re: VPN access to 9ias instance behind firewall
Title: RE: VPN access to 9ias instance behind firewall Hi! How is the "VPN" set up? Is it just a ssh tunnel or is it a real VPN with routing etc..? 1) check whether the url your users type in is directed through proxy. And proxy server isn't aware of this VPN. In this case disable the proxy or make it aware of vpn 2) if no proxy is used, then ask your users just to telnet to the url (for http://site.com they have to telnet site.com 80, and see if they get an error. If not (the telnet seems hanging, type GET / in it and see whether any html is returned). That way you should at least isolate whether the problem is in browser or not) 3) if you are dealing with local ssh tunnels, then you probably have to change your c:\winnt\system32\drivers\etc\hosts accordingly (if using windows), to set that the site.com where you want to connect, actually points to your own machine (127.0.0.1) and ssh directs your connections to the right point from there. I've used this mechanism for several customers support. Tanel. - Original Message - From: [EMAIL PROTECTED] To: Multiple recipients of list ORACLE-L Sent: Wednesday, August 27, 2003 11:29 PM Subject: RE: VPN access to 9ias instance behind firewall Guys, When user trys to run our application through a VPN behind the firewall in a url they get an error. They can use ssh to get to host where I installed the application server but not run the application through their browser. Anyone deal with this issue before? Thanks, Paula
RE: VPN access to 9ias instance behind firewall
Title: RE: VPN access to 9ias instance behind firewall Dear Tanel, Thanks for the reply. I have some questions: -Original Message-From: Tanel Poder [mailto:[EMAIL PROTECTED]Sent: Wednesday, August 27, 2003 5:49 PMTo: Multiple recipients of list ORACLE-LSubject: Re: VPN access to 9ias instance behind firewall Hi! How is the "VPN" set up? Is it just a ssh tunnel or is it a real VPN with routing etc..?[Stankus, Paula G] SSHis allowed through the hosts.allow file in Unix 1) check whether the url your users type in is directed through proxy. And proxy server isn't aware of this VPN. In this case disable the proxy or make it aware of vpn[Stankus, Paula G]How would I know this. 2) if no proxy is used, then ask your users just to telnet to the url (for http://site.com they have to telnet site.com 80, and see if they get an error. If not (the telnet seems hanging, type GET / in it and see whether any html is returned). That way you should at least isolate whether the problem is in browser or not)[Stankus, Paula G]Can I have them do a ssh http.site.com portid instead? Telnet is not allowed at all. 3) if you are dealing with local ssh tunnels, then you probably have to change your c:\winnt\system32\drivers\etc\hosts accordingly (if using windows), to set that the site.com where you want to connect, actually points to your own machine (127.0.0.1) and ssh directs your connections to the right point from there. I've used this mechanism for several customers support.[Stankus, Paula G]If client is coming from Texas and we are in Florida whose c:\winnt\system32\drivers\etc\hosts file needs to be setup(9ias is runningunder Unix) - we have localhost setup in our Unix host file. Can you explain #3 in more detail or point me to a document? Thanks, Paula Tanel. - Original Message - From: [EMAIL PROTECTED] To: Multiple recipients of list ORACLE-L Sent: Wednesday, August 27, 2003 11:29 PM Subject: RE: VPN access to 9ias instance behind firewall Guys, When user trys to run our application through a VPN behind the firewall in a url they get an error. They can use ssh to get to host where I installed the application server but not run the application through their browser. Anyone deal with this issue before? Thanks, Paula
Re: VPN access to 9ias instance behind firewall
Title: RE: VPN access to 9ias instance behind firewall The issue is, that when you ssh to your site, it uses probably port 22 or 22022. But when you just go to http://site.com , the browser actually connects to your site port 80, unless there's a proxy specified, then your browser connects to proxy server and hands the http request over to it. Now, could it be that port 22 is open in fiewall for your clients to connect, but port 80 isnt? You gotta ask from your network administrator about it. But a simple way to test it without a browser is just to telnet to your site's port 80. I think by "telnet isn't allowed" you mean that all telnet daemons are shut down in your servers. But that's ok, you actually can telnet to any webserver, just telnet to your sitesport 80 and see what happens. * If youget a connection refused or like error then either some firewall blocks your access to webserver. * If your connection just hangs, even when and pressing enter in telnet window, then it's probably firewall again. * If your telnet connection seems to hang, but quits when you press enter (or spits out HTML when you type GET / in prompt) then the connection to webserver is available, but the problem is in browser or proxy. You can verify the proxy settings somewhere from tools-options-network...blah or smth like that, somebody should know it for sure in your office... About point 3 - a good starting point would be to nslookup or ping the hostname which you're trying to connect to and see whether the net name is even resolved to ip address? Tanel. - Original Message - From: [EMAIL PROTECTED] To: Multiple recipients of list ORACLE-L Sent: Thursday, August 28, 2003 1:34 AM Subject: RE: VPN access to 9ias instance behind firewall Dear Tanel, Thanks for the reply. I have some questions: -Original Message-From: Tanel Poder [mailto:[EMAIL PROTECTED]Sent: Wednesday, August 27, 2003 5:49 PMTo: Multiple recipients of list ORACLE-LSubject: Re: VPN access to 9ias instance behind firewall Hi! How is the "VPN" set up? Is it just a ssh tunnel or is it a real VPN with routing etc..?[Stankus, Paula G] SSHis allowed through the hosts.allow file in Unix 1) check whether the url your users type in is directed through proxy. And proxy server isn't aware of this VPN. In this case disable the proxy or make it aware of vpn[Stankus, Paula G]How would I know this. 2) if no proxy is used, then ask your users just to telnet to the url (for http://site.com they have to telnet site.com 80, and see if they get an error. If not (the telnet seems hanging, type GET / in it and see whether any html is returned). That way you should at least isolate whether the problem is in browser or not)[Stankus, Paula G]Can I have them do a ssh http.site.com portid instead? Telnet is not allowed at all. 3) if you are dealing with local ssh tunnels, then you probably have to change your c:\winnt\system32\drivers\etc\hosts accordingly (if using windows), to set that the site.com where you want to connect, actually points to your own machine (127.0.0.1) and ssh directs your connections to the right point from there. I've used this mechanism for several customers support.[Stankus, Paula G]If client is coming from Texas and we are in Florida whose c:\winnt\system32\drivers\etc\hosts file needs to be setup(9ias is runningunder Unix) - we have localhost setup in our Unix host file. Can you explain #3 in more detail or point me to a document? Thanks, Paula Tanel. - Original Message - From: [EMAIL PROTECTED] To: Multiple recipients of list ORACLE-L Sent: Wednesday, August 27, 2003 11:29 PM Subject: RE: VPN access to 9ias instance behind firewall Guys, When user trys to run our application through a VPN behind the firewall in a url they get an error. They can use ssh to get to host where I installed the application server but not run the application through their browser. Anyone deal with this issue before? Thanks, Paula