Publishing Oracle8 with ISA Server

How to publish an NT Oracle8 server from a private network to be accessible from a DMZ.

Readers

May 19, 2002

1 Min Read
ITPro Today logo

I recently needed to publish a Windows NT Oracle8 server from a private network to be accessible from a demilitarized zone (DMZ). My company uses back-to-back DMZ configuration with Microsoft Internet Security and Acceleration (ISA) Server 2000. By default, the Oracle client and server use dynamic ports to negotiate a subsequent connection. Thus, the ISA Server configuration isn't sufficient for the initial connection. To have connectivity through the firewall, I needed to make configuration changes to the Oracle client and server.

I used the Microsoft Management Console (MMC) ISA Management snap-in to create a protocol definition named SQL*Net (Inbound) with the following parameters.

Port number: 1521Protocol type: TCPDirection: InboundNo secondary connections

Then, I created a client address set that included the clients on the DMZ. I also created a publishing rule for the Oracle server. I applied the publishing rule to the SQL*Net (Inbound) protocol and to requests from the client set.

On the Oracle server, I added the system environment variable setting USE_SHARED_SOCKET, with the value TRUE. On Oracle8 for Windows, you can alternatively add a registry value called USE_SHARED_SOCKET to create the setting. This environment variable setting works on Windows and UNIX platforms.

I used Oracle's Net8 Easy Config utility to configure clients to point to the ISA Server's external interface. Then, I used Notepad to edit the connection string in C:orawinntet80admintnsnames.ora. I added the text (SERVER=DEDICATED) immediately after the text (SID=DB) in the connection string. UNIX requires the same change in the tnsnames.ora file. After my changes, the client connection from the DMZ to Oracle8 was successful.

—Svyatoslav Pidgorny
[email protected]

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like