[Shorewall-users] Portforwarding didn't work

Kristopher Lalletti kris@eclipseci.com
Thu, 24 Jan 2002 09:32:16 -0500


1521 Hmm.. That's the TNS listener 8.x on Oracle.


It won't work.

The way that Oracle works with the TNS listener, is a bit like a 2 tier
system.

When SQL*NET establishes a connection to the remote host at port 1521,
the TNS listener will dispatch an oracle process on a random port, and
then returns a string to your SQL*NET that looks something in the line
of (HOST=3D<the ip of the oracle host and not the firewall> PORT=3D<the =
port
of the oracle host>).

So, if you're on the public network (say, the internet) and your SQL*NET
received the message to connect to a non-routable IP. Well, unless you
have a VPN connection, you're going nowhere.

My suggestion, make a vpn connection, or use Oracle connection manager
for Linux (I never tried oracle connection manager, but I know it exists
to bypass firewalls).=20

-----Original Message-----
From: shorewall-users-admin@shorewall.net
[mailto:shorewall-users-admin@shorewall.net] On Behalf Of Tom Eastep
Sent: January 24, 2002 9:23 AM
To: stefan.buchwald@twt-gmbh.de; shorewall-users@shorewall.net
Subject: Re: [Shorewall-users] Portforwarding didn't work

On Thursday 24 January 2002 02:20 am, stefan.buchwald@twt-gmbh.de wrote:
> Hallo Tom
> sorry =A0the line in the masq file is eth0 =A0 =A0 193.100.201.0/24
> and not eth1 as send in the email before.
> In the nat file nothing is configured
>

Then your Shorewall setup appears correct, assuming that you want to
forward=20
TCP ports 1521 and 1526 to system 193.100.201.111. I suggest that you
look at=20
the traffic on both sides of the firewall with tcpdump or ethereal to
try to=20
see what is going wrong.=20

Do you know for sure that the DB application works through NAT?=20

-Tom
--=20
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net
_______________________________________________
Shorewall-users mailing list
Shorewall-users@shorewall.net
http://www.shorewall.net/mailman/listinfo/shorewall-users