sqlplus problem with access-list

costaskyrri · ‎05-20-2005

I have configured my ios firewall with the inspect commands and have opened the port 1521 in my access-lists, when using my sys log program to see, why it does not connect, i see that it starts up fine using 1521 and all of a sudden i see other ports being created from that source eg ports 2480 and so on, it creates ports by random after wards. If i use say port 80 for browsing that works fine or ftp which is 21 and 20, if I telnet 1521 it works, only when I use sqlplus it does this strange thing , creating random ports. the ios used is 12.2 with firewall.

I have other sites connected to my site which have the same config and they work fine.

the commands uses are

access-list 150 permit tcp host 10.171.12.30 host 10.133.41.3 eq 1521

access-list 150 permit tcp host 10.171.12.30 host 10.133.41.3 eq 21

access-list 150 permit tcp host 10.171.12.30 host 10.133.41.3 eq 20

access-list 150 permit tcp host 10.171.12.30 host 10.133.41.3 eq 80.

paddyxdoyle · ‎05-20-2005

Hi,

Is this an oracle server.

I have seen problems with this in the past as sqlplus listens on 1521 but it then creates random ports for the remaining connections. This will break when passing through a firewall as the firewall won't have these random ports in its policy and thus break the connection.

I'm afraid i'm not familiar with Oracle but i found an interesting thread with people having similar issues to you with a fix by hardcoding the random ports on the oracle server and allowing these ports back in through the firewall.

http://ora-12571.ora-code.com/msg/41100.html

HTH

Paddy