> According to their documentation 'SQL*Net and Firewalls' (the only doc I have > on the subject), > The connection sequence is: > > -- client calls listener on the server on port 1521 > > -- listener receives the request and does the authentication > > -- if authenticated, then the listener redirects the client to new > port for it to connect to. > > -- the client is supposed to drop the old connection and startup a new > one on the redirected port. > > > The new port number is supposed to be random, so tunneling it does not seem > practical. The initial > authentication sequence on port 1521 seems like it should be able to be > tunneled. Take a look at SSA from www.privador.com. It tunnels SQL*Net into SSL tunnel by decoding the initial connection and establishing new tunnel dynamically. SSA has similar support for Postgres, Webspeed and FTP protocols. In case of FTP SSA will also change the direction of active data connection (PORT command), so that all FTP connection go through single port in one direction. It makes configuring firewalls much easier and safer. Arne
This archive was generated by hypermail 2b30 : Wed Aug 07 2002 - 09:33:25 PDT