Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Web server in DMZ & Oracle in LAN
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Web server in DMZ & Oracle in LAN - 24.Mar.2004 4:52:00 PM
|
|
|
v-2amjai
Posts: 4
Joined: 7.Feb.2004
From: India
Status: offline
|
Hello,
I was successfully able to publish the web server in DMZ which is accessible in a fly now.
We ensured that the web server in DMZ resolves the name of the oracle server to the dmz ip address of the isa nic so that the oracle client on the web server in dmz would have no problems in connecting to the oracle server in LAN.
I server published the oracle server which is in LAN on port 1521 tcp incoming so that the WEB SERVER in dmz can talk to the oracle server in the LAN.
But still when we go to the link in the website to pull data from the oracle database, we are not successful.
I took the netmon captures with dmz, when its not working and without dmz when its working.
What i am seeing in the GOOD capture is that after the successful tcpip handshake, oracle client pushes some oracle command (.AP...) as seen in the capture and when the server replies (.AP...) to it, it is also asking the client to initiate another connection on some port which keeps on changing i.e. dynamic. (2965,2966 etc)
What i am seeing in the BAD capture is that after the successful tcpip handshake, when client pushes a command (.AP...) & server replies (.AP...) to it, asking the client to initiate another connection on some dynamic port, the web server does not do anything and just finsihes the tcp ip handshake.
i wish i could attach the netmon captures.
I am feeling that since we have opened only port 1521 tcp incoming, isa would not allow any other connection on any other port due to which it is failing.
please let me know how can i resolve this as connection between the client in dmz and server in lan seems to be using dynamic ports as well other then just 1521.
This is the production environment and I am in deep trouble.
Thanks & Regard,
Aman
Email: v-2amjai@mssupport.microsoft.com
|
|
|
|
RE: Web server in DMZ & Oracle in LAN - 24.Mar.2004 5:10:00 PM
|
|
|
ppeetoom
Posts: 262
Joined: 22.Dec.2003
From: The Netherlands
Status: offline
|
Hi Aman Jain,
it's just an idea, but what if you enable secondary connections on the Protocol Definition in- and outbound for ports 2000-65000. I know this is no solution for the problem, but it's a good test to see if it solves the problem. If it does, you can check the Firewall Logs to see what ports it is using. If not, what have we lost.......
Really curious.....
ps. What version of Oracle are you using ?
|
|
|
|
|
RE: Web server in DMZ & Oracle in LAN - 24.Mar.2004 5:16:00 PM
|
|
|
v-2amjai
Posts: 4
Joined: 7.Feb.2004
From: India
Status: offline
|
Hello Pascal,
Thanks for such an prompt help,
I also thought of doing exactly the same and will certainly try that tomorrow. I am also of the view that it might hit.
Let see if it makes any difference.
Thanks & Regards,
Aman
quote:
Originally posted by Groofster:
Hi Aman Jain,
it's just an idea, but what if you enable secondary connections on the Protocol Definition in- and outbound for ports 2000-65000. I know this is no solution for the problem, but it's a good test to see if it solves the problem. If it does, you can check the Firewall Logs to see what ports it is using. If not, what have we lost.......
Really curious.....
ps. What version of Oracle are you using ?
|
|
|
|
|
RE: Web server in DMZ & Oracle in LAN - 24.Mar.2004 5:22:00 PM
|
|
|
v-2amjai
Posts: 4
Joined: 7.Feb.2004
From: India
Status: offline
|
The version is Oracle 9
|
|
|
|
|
RE: Web server in DMZ & Oracle in LAN - 28.Jun.2005 8:22:00 AM
|
|
|
dogfartbig
Posts: 23
Joined: 21.Jun.2004
Status: offline
|
Oracle Listener use 1521 for incoming and after that it is bring the secondary port 1024-65535,
Try to configure Oracle for dicpeching on fixed port this secondary connection so You can permit only that
|
|
|
|
|
RE: Web server in DMZ & Oracle in LAN - 8.Jul.2005 3:40:00 PM
|
|
|
sergiovc
Posts: 4
Joined: 8.Jul.2005
From: Santa Cruz - Bolivia
Status: offline
|
I used the Microsoft Management Console (MMC) ISA Management snap-in to create a protocol definition named SQL*Net (Inbound) with the following parameters.
Port number: 1521
Protocol type: TCP
Direction: Inbound
No secondary connections
Then, I created a client address set that included the clients on the DMZ. I also created a publishing rule for the Oracle server. I applied the publishing rule to the SQL*Net (Inbound) protocol and to requests from the client set.
On the Oracle server, I added the system environment variable setting USE_SHARED_SOCKET, with the value TRUE. On Oracle8 for Windows, you can alternatively add a registry value called USE_SHARED_SOCKET to create the setting. This environment variable setting works on Windows and UNIX platforms.
I used Oracle's Net8 Easy Config utility to configure clients to point to the ISA Server's external interface. Then, I used Notepad to edit the connection string in C:\orawinnt\net80\admin\tnsnames.ora. I added the text (SERVER=DEDICATED) immediately after the text (SID=DB) in the connection string. UNIX requires the same change in the tnsnames.ora file. After my changes, the client connection from the DMZ to Oracle8 was successful
This configuration also works with Orcale 10g.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
