Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: Arthur on March 29, 2000, 07:12:14 PM

Title: SQL*Net Traffic Thru e-smith
Post by: Arthur on March 29, 2000, 07:12:14 PM

Hello All,

I'm a new e-smith convert - runnig version 3, provided by my ISP.  The 2 NIC card setup was a little tricky, but 2 PCI cards does the trick quite well.

I have a Web server on the "outside" of e-smith firewall, and an internal network inside.  I have an Oracle database I'd like to get to via the web server on the outside.  
've heard that I'll have to "pierce" the firewall and let the SQL*Net traffic across.  

Anyone had experience with this?  

Thanks.

BTW:  The internal network is on generic 192.168.1.XXX addresses.

Title: RE: SQL*Net Traffic Thru e-smith
Post by: cryblood on March 30, 2000, 04:55:53 AM

oooo.... "pierce" the firewall sounds awful scarry!  Although I have NO experiance with Oracle I would think it should already work via the IP Masq assuming you are running standard SQL clients on the inside machines.  If not, in theory, it should only take a few ipchains rules to fix (assuming you know or can find out what protocols/ports the Oracle database engine uses).

Title: RE: SQL*Net Traffic Thru e-smith
Post by: Charlie Brady on March 31, 2000, 02:52:13 AM

Arthur wrote:

> Hello All,
>
> I'm a new e-smith convert - runnig version 3, provided by my
> ISP.  The 2 NIC card setup was a little tricky, but 2 PCI
> cards does the trick quite well.
>
> I have a Web server on the "outside" of e-smith
> firewall, and an internal network inside.  I have an Oracle
> database I'd like to get to via the web server on the outside.
> 've heard that I'll have to "pierce" the firewall and
> let the SQL*Net traffic across.

Assuming SQL*Net uses a single TCP stream connection (I think it does), you can create the connection you need using either packet level transparent forwarding, or you can use a trivial application level proxy started from inetd on the e-smith server/gateway. I would prefer the latter, using a simple socket connector such as socket or nc.If your ISP cannot set this up for you, you should be able to find a consultant through your local Linux user group. There is documentation on making custom changes to the e-smith server at http://www.e-smith.org/custom/.

Regards

Charlie