debugMinor
How do I limit Oracle to use specific ports?
Viewed 0 times
portshowlimitspecificoracleuse
Problem
I've built a new Oracle 9iR2 instance on a Windows 2003 32-bit cluster. Of course, it's version 9i for reasons out of my control. Several application servers connect to this instance, and each opens several
This instance is in a locked-down environment, so my network guys want to seal off as many ports as possible. To do that, I need to tell them precisely what ports or port ranges the instance needs open.
I've skimmed the Listener documentation, and I can see that I can change the default Listener port of 1521. However, every connection these application servers open against the database appears to get its own TCP port.
Is there any way to limit the range of ports these servers will use to connect to the database?
DEDICATED connections that they keep open for their work.This instance is in a locked-down environment, so my network guys want to seal off as many ports as possible. To do that, I need to tell them precisely what ports or port ranges the instance needs open.
I've skimmed the Listener documentation, and I can see that I can change the default Listener port of 1521. However, every connection these application servers open against the database appears to get its own TCP port.
Is there any way to limit the range of ports these servers will use to connect to the database?
Solution
You may want to visit the Connection Manager documenatation here
I have used it to concentrate connections - we had a client that needed to access our database over a VPN. The firewall was only configured to open 1 port for all their connections. We were able to handle all their traffic over this 1 port using CMAN. Your mileage may vary though, we just used it for a handful of connections, if you are servicing dozens or hundreds of connections CMAN may run out of steam.
Your network guys should also check with the firewall vendor, there may be the ability for the firewall to open ports after the listener hands them off... So the firewall still has control over what gets opened and when after Oracle authenticates the connection. I don't know what this feature called as I am not heavy on the network side, but we had to use CMAN for some of our firewalls that did not handle this.
I have used it to concentrate connections - we had a client that needed to access our database over a VPN. The firewall was only configured to open 1 port for all their connections. We were able to handle all their traffic over this 1 port using CMAN. Your mileage may vary though, we just used it for a handful of connections, if you are servicing dozens or hundreds of connections CMAN may run out of steam.
Your network guys should also check with the firewall vendor, there may be the ability for the firewall to open ports after the listener hands them off... So the firewall still has control over what gets opened and when after Oracle authenticates the connection. I don't know what this feature called as I am not heavy on the network side, but we had to use CMAN for some of our firewalls that did not handle this.
Context
StackExchange Database Administrators Q#16898, answer score: 4
Revisions (0)
No revisions yet.