I built a LAN with Router, and Oracle was installed in the LAN. This Oracle can only be accessed by intranet PC, and the external network PC cannot be accessed. Error prompt: TNS connection timeout But listener.log indicates that the external network and database connection Establish a problem: When the Oracle database is exposed on the Internet, all PCs on the Internet can access Oracle but when the Oracle database is located on the intranet, and the intranet's Route only has a 1521 port for Oracle. The PC does not connect to the Oracle database ********************************************************************************************************************************************************************************************************************************************************************* ****************************************** RE1: The problem is that when you connect from outside Oracle, Port is firewall BLOCK ********************************************************* ************************** RE2: There is a problem to ask: Existing clients want to access database servers that are not in the same network segment There is a firewall in the middle. In the firewall plus rule restrictions, which services are needed to open. Open the 1521 port, but the connection database failed. If the firewall does not add the rules, all open, then the connection database is successful. That is to say, there may be any ports that have not been opened.
Do you need to open your other port in addition to 1521? Reply: 1521 Port Also connects to Listener and Listerner needs to start a system process to communicate with the user process. So when the actual user has access the database, it is not 1521, so if you only open 1521, it is probably an unrealistic ***** *********************************************************** ********************* RE3: 1, Open All Port to The Client's IP Address; 2, Use connection manager; from ask, IF you are on Oracle 8, you can use a WINSOCK V2 API feature called Shared Sockets. This allows a socket to be shared (or passed) between multiple processes. to use this functionality in a single Oracle Home enviroment, set USE_SHARED_SOCKET = TRUE in the HKEY_LOCAL_MACHINE / SOFTWARE / ORACLE section of the registry. If you are using Multiple Oracle Homes, change to the desired Oracle 8 Home and view the oracle.key file in ORACLE_HOME / BIN to find which registry key to add USE_SHARED_SOCKET to. ******* *********************************************************** ******************* R4: Solution: This is a problem with database settings. To set the database into shared server mode, open multiple times, you can ** *********************************************************** *********************** R5: Basic principle is A ------> Firewall ---> b --- ----> CA In addition to FireWal, set up to open the Port 1610 on FireWall, and the Connection Manager runs on B. A Contacts 1610 and B, B and C are performed on the Listener Port Rediect, Listener, and the database on C. Cman.ora is on B. Cman Serveice is actually a Listener, listening to Port 1610. Define you B, and C. ********************************************************************************************************************** **************************************************** Accessories: Configuring Oracle Connection Managerthis Chapter Describes How To Configure Oracle Connection Manager Features.This Chapter Contains these Topics:
Oracle Connection Manager Configuration Overview Configuring Oracle Connection Manager ENABLING ORACLE CONNECTION Manager Features
-------------------------------------------------- ------------------------------ NOTE: Oracle Connection Manager Is Available for Installation with Oracle9i Enterprise Edition. ------ -------------------------------------------------- ------------------------ See Also: Chapter 1, "Networking Challenges in The Internet Age" for An Introductory Level Overview of Oracle Connection Manager Concepts Chapter 4 "Architecture of Oracle Net Services"
for an architectural overview of Oracle Connection Manager Oracle Connection Manager Configuration OverviewOracle Connection Manager is a proxy server, an intermediate server that forwards connection requests to the database server or to other proxy servers It has three primary functions:. Session multiplexing Access control Protocol conversion Session multiplexing - You can quickly configure Oracle Connection Manager to funnel multiple client sessions through a network connection to a shared server destination Access control -.. You can use rule-based configuration to filter out certain client requests and accept others Protocol conversion-- . Oracle Connection Manager accepts connection requests in any protocol that Oracle supports Configuring Oracle Connection ManagerConfiguring Oracle Connection Manager is a three-part process:. Configure the cman.ora file on the Oracle Connection Manager computer This file specifies listening endpoints for the server, the Route Path for Oracle Conne .. Ction Manager, access control rules, and Oracle Connection Manager performance parameters Configure clients with the protocol addresses of Oracle Connection Manager and the listener (Optional) Configure the database server for session multiplexing This section contains these topics:. Configuring the Oracle Connection Manager Computer Configuring Clients for Oracle Connection Manager Configuring The Oracle Database Server for Oracle Connection Manager Computer --------------------------------------------------------------------------------------------------------------- -------------------------------------------------- --Note:
Oracle Net Manager Does Not Support Configuration Of The Cman.ora File, So Changes Must Be Made Manually. --------------------------------------------------------------------------- -------------------------------------------------- - To configure the Oracle Connection Manager computer, you can define four types of parameters in the cman.ora file: Listening endpoint list for the CMGW gateway process Listening endpoint list for the CMADMIN administrative process Access control rule list Parameter list The cman.ora file is located in the $ ORACLE_HOME / network / admin directory on UNIX and in the ORACLE_HOME / network / admin directory on Windows NT. Figure 13-1 shows an example cman.ora file. Figure 13-1 Example cman.ora File CMAN = ( Address = (Protocol = TCP) (PORT = 1630)) (ADDRESS = (Protocol = TCPS) (Host = 144.25.22.217) (port = 2484)) cman_admin = (Address = (protocol = TCP) Host = proxysvr) (port = 1830)) cman_rules = (rule = (src = 206.62.226.32 / 27) (SRV = *) (ACT = ACCEPT))) cman_profile = (parameter_list = (log_level = 2) (Tracing = on)) Liste ning Endpoint Lists (CMAN and CMAN_ADMIN) The listening endpoint list specifies protocol addresses for the gateway and administrative processes. The gateway process, CMGW, uses the CMAN parameter and the administrative process, CMADMIN, uses the CMAN_ADMIN parameter. Both processes can be configured with . multiple protocol addresses In Figure 13-1, the CMGW process has two protocol addresses The first address shown is the default listening protocol address of TCP / IP, port 1630:. (aDDRESS = (PROTOCOL = tcp) (HOST = proxysvr) ( Port =
1630)) The second is the protocol address of Oracle Connection Manager if TCP / IP with Secure Sockets Layer (SSL) is used: (ADDRESS = (PROTOCOL = tcps) (HOST = 144.25.22.217) (PORT = 2484)) Access Control rule List (CMAN_RULES) The access control rule list specifies which connections are accepted, rejected, or dropped. (rULE = (SRC = 206.62.226.32 / 27) (DST = sales-server) (SRV = *) (ACT = accept) . In the previous example, src = 206.62.226.32 / 27 designates the IP address of the client, or source DST = sales-server designates the destination host name The abbreviation ACT stands for "action" -. that is, accept, reject , or drop. -------------------------------------------------------------------- ---------------------------------- NOTE: ENTER AT Least One Rule; Otherwise The Default Option "Reject" IS Overridden and all connections are accept. ------------------------------------------------------------------------------------------------------------------------------------ ------------------------------------- Parameter List (cman_profile) The parameter List set attributes for an Oracle Connection Manager. See Also: Oracle9i N et Services Reference Guide for a complete list of parameters and their default and allowed values Configuring Clients for Oracle Connection ManagerTo route clients to the database server through Oracle Connection Manager, configure either the tnsnames.ora file or the directory server with a connect descriptor that specifies protocol addresses of Oracle Connection Manager and the listener Take note of the following:.. If using Oracle Names servers, Oracle Connection Manager automatically registers the protocol address for Oracle Connection Manager with the Oracle Names server In order for Oracle Names servers to send requests to Oracle Connection Manager, USE_CMAN =
true must be set in the sqlnet.ora file on computers where each Oracle Names server resides. To set this parameter, follow the procedure in "Routing Connection Requests". If using a tnsnames.ora file or a directory, the protocol addresses and the SOURCE_ROUTE parameter must be set To configure the local or directory naming methods for Oracle Connection Manager, perform these tasks:. "Task 1: Configure an Oracle Connection Manager Protocol Address" "Task 2: Configure a Listener Protocol Address" Task 1: Configure an Oracle Connection Manager Protocol AddressTo configure a protocol address for Oracle Connection Manager: Start Oracle Net Manager See Also:.. "Starting Oracle Net Manager" In the navigator pane, expand Directory or Local> Service Naming Click plus ( ) from the toolbar, Or Choose Edit>
Create. The Welcome page of the Net Service Name Wizard appears. Enter any name in the Net Service Name field. Click Next. The Protocol page appears. Select the protocol on which Oracle Connection Manager is configured to listen on. By default this protocol is .... TCP / IP Click Next The Protocol Settings page appears Enter the appropriate parameter information for the selected protocol in the fields provided If you are using TCP / IP, the default port to use is 1630. See Also: Oracle9i Net Services Reference Guide for protocol parameter settings Click Next. The Service page appears. Select a release, and then enter the name of destination database service. If the destination service is and Oracle9i or Oracle8i database, select Oracle8i or later, and enter a service name in the Service Name Field. If Destination Service IS An Oracle Release 8.0 Database, SELECT ORACLE8 or PREVIOUS, AND ENTER AN ORACLE ISTAS IDENTIFIER (SID) for An Instance in The Database Sid Field. See Also: "Abou T Connect Descriptors
For further information about setting the service name string click next. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ------------------------------------------ NOTE: DO NOT CLICK TEST, BECAUSE A Connection Cannot Be Tested At this point. ----------------------------------------- --------------------------------------- Click Finish To Save Your Configuration and Disciss Net Service Name . Wizard The new net service name and the Oracle Connection Manager protocol address is added to the Service Naming folder Task 2:. Configure a listener Protocol AddressAfter the Oracle Connection Manager protocol address is specified, create an address for the listener, so that the Oracle Connection Manager can connect to the server to configure the protocol address for the listener:. in the Oracle Net Manager, select the net service name that you created in. "Task 1: Configure an Oracle Connection Manager Protocol address" Notice that the Oracle Connection Manager Protocol Address Is Displayed in The Addr ESS 1 Tab: Text Description of the Illustration Cman1.gif in The Address Configuration Box, Click Plus (
..) A new Address tab displays Select a protocol configured for the listener, and then enter the appropriate parameter information for that protocol If you are using TCP / IP, the default port number to use is 1521:. Text description of the illustration cman2 .gif See Also: Oracle9i Net Services Reference Guide for further information about protocol addresses and parameters in the address Configuration box, click Advanced The address List Options dialog box appears:. Text description of the illustration cman3.gif Select Use each address in order until destination reached, and then click OK. This option sets SOURCE_ROUTE = on. It tells the client to connect to the first protocol address, the Oracle Connection Manager, and from the first protocol address to the second protocol address, the listener. Choose File> Save NetWork Configuration. ------------------------------------------------ ---------------------------------- NOTE: if You Specify The Addresses of Two or More Oracle Connection Managers in the connect descriptor, you can manually include parameters for load balancing and connect-time failover. See the Oracle9i Net Services Reference Guide for examples of how to configure multiple listeners for load balancing and failover. --------- -------------------------------------------------- . Oracle Connection Manager entries are shown in boldface text. Figure 13-2 tnsnames.ora File with and without Oracle Connection Managersales = (DESCRIPTION = (ADDRESS = (PROTOCOL = tcp) (HOST = sales-server) (PORT =
1521)) (service_name = sales.us.Acme.com))) Sales = (Source_Route = YES) (Host = Cman-Server) (port = 1630) (ADDRESS = (protocol = TCP) (port = sales-server)) (connection_data = (service_name = sales.us.acme.com)) TNSNAMES.ORA FILE Element description source_route = YES THIS ENTRY CREATES A source route of protocol addresses through an Oracle Connection Manager to the destination database. (ADDRESS = (PROTOCOL = tcp) (HOST = cman-server) (PORT = 1630)) (ADDRESS = (PROTOCOL = tcp) (HOST = sales-server ) (PORT = 1521)) The first protocol address enables the client to connect to Oracle Connection Manager. From here, the Oracle Connection Manager connects to the database service through a second protocol address. Figure 13-3 depicts a client using TCP / IP To Connect to Oracle Connection Manager, and Oracle Connection Manager Using TCP / IP with S SL to connect to a database server. Figure 13-3 tnsnames.ora File Configured for Protocol Conversion Supportsales = (DESCRIPTION = (SOURCE_ROUTE = yes) (ADDRESS = (PROTOCOL = tcp) (HOST = cman-server) (PORT = 1521) (Address = (protocol = tcps) (port = 1521)) (connection_data = (service_name =
sales.com))) Configuring the Oracle Database Server for Oracle Connection ManagerConfiguring the database server involves optionally configuring the server for session multiplexing. To enable Connection Manager to take advantage of session multiplexing, set the DISPATCHERS parameter in the initialization parameter file with the attributes PROTOCOL and MULTIPLEX DISPATCHERS = "(PROTOCOL = tcp) (MULTIPLEX = on)" See Also:... "Enabling Session Multiplexing" for configuration details Chapter 14, "Configuring Shared Server" for more information about configuring shared server Enabling Oracle Connection Manager FeaturesThis section contains these topics: Enabling Session Multiplexing Enabling Access Control Enabling Protocol Conversion Support The first feature is enabled using the parameter DISPATCHERS in the initialization parameter file, the second and third using the parameters RULE_LIST and CMAN parameters in the cman.ora file Enabling. Session Multiplexingonce The Attributes Protocol and MU LTIPLEX have been added to the parameter DISPATCHERS in the initialization parameter file, enabling session multiplexing is simply a matter of ensuring that MULTIPLEX is set to on or to an equivalent value See Also:. "Enabling Session Multiplexing"
You can set different levels of multiplexing, as Table 13-1 shows. Table 13-1 Session Multiplexing ParametersAttribute Description PROTOCOL (PRO or PROT) The network protocol for which the dispatcher generates a listening endpoint. MULTIPLEX (MUL or MULT) Used to enable session multiplexing If 1, on, yes, true, or both is specified, then multiplexing is enabled for both incoming and outgoing network sessions. If in is specified, then multiplexing is enabled for incoming network sessions from the client. If out is specified, THEN MULTIPLEXING IS ENABED for Outgoing Network Sessions. IF 0, NO, OFF, OR FALSE IS Specified, Then Multiplexing IS Disabled for Both incoming and outgoing network sessions. ----------------- -------------------------------------------------- ------------- Note: You CONFIGURE The Dispatcher Parameter Using The Database Configuration Assistant. ----------------------- -------------------------------------------------- ------- Enabling Access Controloracle C onnection Manager includes a feature that enables you to control client access to designated database servers in a TCP / IP environment By specifying certain filtering rules, you can allow or restrict specific clients access to a database server To configure access control:.. Manually create a cman.ora file, if one does not already exist Add the parameter CMAN_RULES with the following subparameters:. (CMAN_RULES = (RULE_LIST = (RULE = (SRC = source_host) (DST = destination_host) (SRV = service) (ACT =
accept | reject | drop)))) Add the following parameters for each rule described in Table 13-2 as needed Table 13-2 Per-Rule ParametersParameter Description SRC Specify the source host name or IP address of the client DST Specify the.. destination host name or IP address of the database server. SRV Specify the service name of the Oracle9i or Oracle8i database (obtained from the SERVICE_NAME parameter in the initialization parameter file) or SID value of the pre-release 8.1 database (obtained from the ORACLE_SID environment variable or registry value) ACT Specify to accept, reject, or drop incoming requests based on the preceding three parameters See Also:.. Oracle9i Net Services Reference Guide for default values and allowed values of Oracle Connection Manager parameters You can define multiple rules in the Rule_list. The Action (ACT) In The First Matched Rule IS Applied To The Connection Request. IF No Rules Are Defined, All Connections Are Accept. In The Following Example, Client Computer Client1-PC Is Denied Access To The Service Sales.us.Acme.com, But Client 144.25.23.45 IS Grand Access To The Service DB1. (Rule_List = (Rule = (SRC = Client1-PC) (DST = Sales-Server (SRV = Sales.us.Acme.com) (ACT = Reject)) (rule = (SRC = 144.25.23.45) (DST = 144.25.187.200) (SRV = DB1) (ACT =
