|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Oracle 8.1.6 and NAT on Firewall-1
I think you need to go to 4.1 SP2. This is from the release notes under the Feature Enhancements section... Support for Oracle Net8 Support for Oracle's Net8 protocol with NAT has been added. In order to allow Net8 connections, use the 'sqlnet2' service in the Rule Base. Note that Net8 will not work properly through the VPN/FireWall Module in a configuration where domain name is used to specify host address rather than a dotted-decimal IP address. -------------------------------------------------------------------------------------------- C. Paul Simons Corporate Network Services IHS Energy Group, Englewood, CO. Main:Direct:Fax:Mobile:[email protected] Sent by: To: [email protected] [email protected] cc: kpoint.com Subject: [FW1] Oracle 8.1.6 and NAT on Firewall-1 10-10-00 05:50 Hi: Has anyone got SQLnet under 8.1.6 working with NAT? We are currently running FW-1 4.0 and have Oracle 8.0.4 working successfully with NAT and the sqlnet2 inspect script. However it appears that the sqlnet2 inspect does not match the new data packets under 8.1.6. I have run a sniffer against the two data streams and have confirmed that the data packet containing the internal address and port number has changed between the two versions. below is an example of the two data packets as seen on the outside of the firewall. Note the 'HOST' on the 8.0.4 version is the translated address as defined and replaced by the firewall, whereas in the 8.1.6 version it is the internal address, unchanged: In both cases there is 16 bytes of non-ASCII data at the beginning which I have not shown here, the remaining is ASCII data. 8.0.4 - (ADDRESS=(PROTOCOL=tcp)(DEV=1240)(HOST=198.165.X.Y)(PORT=3299)) 8.1.6 - (ADDRES=(PROTOCOL=tcp)(HOST=192.168.A.B)(PORT=3899)) Note the missing "(DEV=1024)" in the second packet. Thanks in advance for any assistance Shawn Kearley =========================== Shawn Kearley Infrastructure Analyst Newfoundland Power Co. Ltd. Phone:Fax:Email: [email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
