Hey computer geeks - Oracle 8i

[wildblue 7]

We have enough geeks on here, thought I'd ask... I'm not having any luck elsewhere.
First of all - I'm pretty ignorant when it comes to Oracle, this is just part of a 'turn-key system' that isn't turn-key at all.
Anyway... here's the problem - Webserver on the secure net of a firewall (DMZ) trying to access Oracle 8i db on the internal network. The version of Oracle we had before this (7.something) worked just fine - pop open TCP 1521 and I think it was 1526, and life was good. Now, in Larry's infinite wisdom, things have changed. As near as I've been able to figure, the initial contact with the db server is on 1521, then it assigns a random port somewhere above 1024. Without opening everything above 1024 up, how do we make this work?
I've tried the USE_SHARED_SOCKETS thing - it didn't work.
Thoughts? Suggestions? Prayers?
You don't scare me! I got chunks of guys like you in my stool!!

[kingbunky 3]

are you on nt or unix with this?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bunky
get crazy, before it gets you.

[AndyMan 7]

Oracle 8i out of the box on Windows 2000 has always worked just fine for us with just port 1521 on the foreign system.
Perhaps you should be more concerned with the outgoing port?
I just did a netstat, and it looked something like this:
C:\>netstat
Active Connections
Proto Local Address Foreign Address State
TCP BUILDVIEW-AM:1885 someForeignHost.net:1521 ESTABLISHED
TCP BUILDVIEW-AM:1951 someForeignHost.net:1521 TIME_WAIT
TCP BUILDVIEW-AM:1968 someForeignHost.net:1521 TIME_WAIT
ICQ: 5578907
MSN Messenger: andrewdmetcalfe at hotmail dot com
AIM: andrewdmetcalfe
Yahoo IM: ametcalf_1999

[wildblue 7]

Andy,
This is on Win 2000
Your "someForeignHost.net" is the server with oracle on it? Are you sure it's Oracle 8? The initial connection is sent to 1521, but, from what I understand, then the Oracle server radomly picks a port to communicate on.
A netstat for me looks like:
TCP termserv:4664 dbserv:2153 ESTABLISHED
TCP termserv:4666 dbserv:2154 ESTABLISHED
TCP termserv:4765 dbserv:2197 ESTABLISHED
TCP termserv:4883 dbserv:2251 ESTABLISHED
---
You don't scare me! I got chunks of guys like you in my stool!!

[AndyMan 7]

Yup - SomeForeign host was my oracle server on win2k.
Connected to:
Oracle8i Enterprise Edition Release 8.1.7.0.0 - Production
With the Partitioning option
JServer Release 8.1.7.0.0 - Production
_Am
ICQ: 5578907
MSN Messenger: andrewdmetcalfe at hotmail dot com
AIM: andrewdmetcalfe
Yahoo IM: ametcalf_1999

[lummy 4]

Is it not possible to open up the firewall based on the IP of the server in the DMZ? Give me a sec and I'll grab my ruleset
This is what I use to connect from my work to my home . This allows the the conenction to be setup from only this address.
${fwcmd} add pass log tcp from (my.ip.at.work) to any 21 in via ${oif} setup
I also have another rule where any TCP connection that HAS been established will be let thru
${fwcmd} add pass tcp from any to any established
Probably not exactly what you are looking for, but it allows me to establish a connection on the control port and let the software pick it's own port once the connection is made....
I've got to stop wishing, got to go fishing, I'm down to rock bottom again....

[wildblue 7]

No... Borderware Sucks.
Andy -
If that's just more than the initial connection - how did you make it do that? Because I've looked on 2 different 8i servers now, and they both were making connection up in the 2000s
You don't scare me! I got chunks of guys like you in my stool!!

[AndyMan 7]

The port Oracle "Listens" on is defined in the "Listener". Go into Start/Programs/Oracle/Network Administration/Net 8 Assistant and look at the configuration of /local/listeners/LISTENER. That's where you specify the TCP/IP port.
_Am
ICQ: 5578907
MSN Messenger: andrewdmetcalfe at hotmail dot com
AIM: andrewdmetcalfe
Yahoo IM: ametcalf_1999

[wildblue 7]

Right, I understand that much. I've double checked the tnsnames file and it is in fact setup to start communication on 1521. The problem comes when oracle randomly picks a port to continue communication. That's why I asked how your 'netstat' display shows you still communicating on 1521 - I've checked multiple workstations here, and even had a friend of mine check his environment and every workstation's connection to the db is on some random port number, usually in the 2,000 - 4,000 range.
From Oracle:
Firewalls, Windows NT, and Redirections:
========================================
On Windows NT, when a connect request comes in to the listener, the listener
spawns an Oracle thread. This thread is a listening thread and is started
on a wild-card address, meaning that the thread is listening for connections
on the current IP address and an unused port number given to the thread by
the networking software. The Oracle thread will contact the listener using
IPC and inform the listener of its listening address, connection load, and
some other status information. The listener sends back to the client a
REDIRECT address. This tells the client to reconnect to the newly spawned
Oracle thread. Since this Oracle thread is on a random port (a range of ports
cannot be defined), the firewall will not let the connection through.
The resulting error is usually a TNS-12203.
You don't scare me! I got chunks of guys like you in my stool!!

[jacksonwr 0]

Oracle and most other DBMS I have worked with uses more than one TCP connection between the client and the database. We all agree on this. According to the Oracle web site you need to use Session Multiplexing. This limits the connections to a single port. More than likely you firewall admin has only opened one port for your application to work with.
I have run into the same problem with MS SQL sever and thats how we solved the problem. I'm sorry I dont know the exact command but I hope this gets you going in the right direction.
Randy