HiveBrain v1.2.0
Get Started
← Back to all entries
debugMinor

How do I limit Oracle to use specific ports?

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
portshowlimitspecificoracleuse

Problem

I've built a new Oracle 9iR2 instance on a Windows 2003 32-bit cluster. Of course, it's version 9i for reasons out of my control. Several application servers connect to this instance, and each opens several DEDICATED connections that they keep open for their work.

This instance is in a locked-down environment, so my network guys want to seal off as many ports as possible. To do that, I need to tell them precisely what ports or port ranges the instance needs open.

I've skimmed the Listener documentation, and I can see that I can change the default Listener port of 1521. However, every connection these application servers open against the database appears to get its own TCP port.

Is there any way to limit the range of ports these servers will use to connect to the database?

Solution

You may want to visit the Connection Manager documenatation here

I have used it to concentrate connections - we had a client that needed to access our database over a VPN. The firewall was only configured to open 1 port for all their connections. We were able to handle all their traffic over this 1 port using CMAN. Your mileage may vary though, we just used it for a handful of connections, if you are servicing dozens or hundreds of connections CMAN may run out of steam.

Your network guys should also check with the firewall vendor, there may be the ability for the firewall to open ports after the listener hands them off... So the firewall still has control over what gets opened and when after Oracle authenticates the connection. I don't know what this feature called as I am not heavy on the network side, but we had to use CMAN for some of our firewalls that did not handle this.

Context

StackExchange Database Administrators Q#16898, answer score: 4

Revisions (0)

No revisions yet.