Re: port forwarding

From: Greg Norris (
Date: 12/04/04

  • Next message: Rainer Lay: "Re: port forwarding"
    Date: Fri, 3 Dec 2004 20:10:33 -0600
    To: Rainer Lay <>

    It sounds like you're running into Oracle's port redirection... it does
    this by default on Windows servers. The basic sequence of events is:

      1) Client connects to the database listener.

      2) Listener allocates a dynamic port, and sends back the relevant
         details... both hostname/IP-address and port number.

      3) Client reconnects to the indicated IP and port.

    Step 3 will be where the breakage occurs, as machine r is now trying to
    connect directly to w. You can address this in either of the following

      1) Set USE_SHARED_SOCKET in the registry of machine w. This is the
         simplest method, as it prevents the redirect from ever occurring.
         It's adequate in most cases, but has significant side-effects...
         most notably, all remote connections will be dropped if the
         listener is stopped or restarted.

      2) Run Oracle Connection Manager (CMAN) on either machine l or w, and
         let it handle the redirect (so the client never sees it). This
         will require changes to the database connection details, as well as
         the port you're tunnelling.

    If you have access to Metalink (Oracle Support website), just do a
    search on CMAN and/or USE_SHARED_SOCKET and you should find all of the
    necessary details with little trouble. If not, email me privately and
    I'll try to provide more specific instructions.

    On Thu, Dec 02, 2004 at 01:29:46PM +0100, Rainer Lay wrote:
    > Hi,
    > I have here a complicated setup for port forwarding. I want to forward a
    > port of a oracle database. Three computers are involved:
    > w: windows machine with oracle installed
    > r: remote, linux. Here I want to run some oracle tools
    > l: local, linux. A Box between those two
    > I want to access the database on w from r. There is no direct connection
    > between w and r. I only have a ssh tunnel from r to l.
    > To establish the connection, I startet a ssh connection to r on l and
    > forward port 11523 on r to port 1521 on w:
    > ssh -v r -R 11523:w:1521 -g -N
    > Trying to use the oracle tools on r, I cannot get the connection to w.
    > But it should work. :-)
    > Accessing the oracle port on w from l directly works without problems.
    > So there must be something wrong with the tunnel.
    > Any ideas what I am doing wrong?
    > kind regards,
    > Rainer


  • Next message: Rainer Lay: "Re: port forwarding"

    Relevant Pages

    • Re: interfaces lo:1 lo:2 lo:3? (for remote ssh tunnels)
      ... That's the problem tunneling (port forwarding) solves. ... >>can't get past the client firewall. ... > I don't understand why the server would be making the ... server initiates another connection to the client -- in this ...
    • Re: Using Remote Desktop From an SBS Domain
      ... when you tried to RDP while attached directly to a port on your router? ... So if 3389 needs forwarded on the client end too then that is what the ... Hopefully next week I can attempt a connection while my ISP watches the ...
    • Re: callbacks in TAO
      ... most firewalls will allow you to poke a hole in it by port number and then redirect the request to some internal server with a given ... port and internal IP address. ... In this case the -ORBListenEndpoints command line argument is useful on the client side. ... client-to-server connection as its callback connection, but I would hope that bidirectional IIOP would work in this case...never ...
    • Re: callbacks in TAO
      ... Most firewalls do not restrict access by inbound port number. ... Lets say your client application terminates while it still has the connection open. ... requests at the same time, the second thread will open a new connection if the existing connection is busy. ...
    • Re: callbacks in TAO
      ... have you tried just specifying the port range on the client side ORB? ... The portspan option can be used tell the server to select any port from a narrow band, which allows a collection of servers to share a limited group of addresses. ... Part of the Bidir connection negotiation is the client supplies the callback address as an alias. ...