Configuring the listener behind a firewall

We are setting up a database server behind a PIX firewall router. The PIX remaps IPs into internal IP addresses so inside the firewall the host IP will be 10.0.0.x for instance. Has anyone been able to make this work so that a listener inside the firewall can connect to the database? How did you set up tnsnames.ora? Please email me. Thanks.
-Tom

I read it is better to use the lastest listener to listen to both databases is this true?It's better, that's true, it's better to use the listener from the most recent release.
Nicolas.

Similar Messages

Changing the name of the PC, I cannot configure the listener

Hello,
I use
Windows 7 64 bit
Apex 4.1
Glass Fish server
Oracle Database 11g Express Edition Release 11.2.0.2.0 - Production
PL/SQL Release 11.2.0.2.0 - Production
CORE 11.2.0.2.0 Production
TNS for 32-bit Windows: Version 11.2.0.2.0 - Production
NLSRTL Version 11.2.0.2.0 - Production
I have changed the name of my PC ( for it contained "-" and "_") Then I did the following changes:
I changed the name of my PC in tnsnames.ora and listener.ora and "Hosts" file (in windows\system32\drivers\etc).
When I try to configure the listener, I get webpage saying Internal Error.
How can I reconfigure it again ????
Regards,
Fateh

Hello Fateh,
I think there are two options on how to reconfigure. In both cases, you'll have to locate your apex-config.xml .
h3. Option 1: Edit the apex-config.xml
h4. Steps
<ol>
<li>stop APEX Listener
<li>edit apex-config.xml (change hostname for the database connection)
<li>start APEX Listener
</ol>
h3. Option 2: Delete the apex-config.xml
h4. Steps
<ol>
<li>stop APEX Listener
<li>delete apex-config.xml
<li>start APEX Listener
<li>re-run the configuration process by calling http://<yourAPEXListenerHost>:<port>/apex/listenerConfigure
</ol>
-Udo

Connect Oracle 10g client to the Oracle 10g database behind a firewall

I need to connect an Oracle 10g client to the Oracle 10g database (windows server 2003 box) behind a firewall. I ran into this problem: Port redirection. Port redirection requires the Oracle client to connect to the database using a different port (usually a randomly selected TCP port) than the default or originally configured one. If there is no firewall between the server and the client, port redirection will not affect the actual connection. However, if port redirection does occur with the server behind a firewall, the client will be likely to suffer from a connectivity failure. The reason is simple: the newly assigned port based on port redirection is often blocked by the firewall. Such failures are not uncommon on Windows platforms.
I don't know how to stablished an unique TCP port.
I Enabled USE_SHARED_SOCKET on the Oracle database server, windows registry. Acording to what I read,that will force the server machine to share its port 1521 and thus all clients will stay on that port when connecting to the database. Noticeably, port redirection will not occur with USE_SHARED_SOCKET enabled, but that's true in oracle 8 or oracle 9. In oracle 10g this solution doesn't work.
I will apreciate any help about this. Please!
Thanks in advanced.

Three solutions in order of preference
1 Use Connection Manager on the server (only installed using a Custom Install). This will tunnel all traffic through a single port. It will also allow you to configure allowable nodes
2 Set up shared server to use a fixed port. Disadvantage: shared server has overhead and the number of connections is limited
3 Use shared_sockets. Disadvantage: when you stop the listener everyone is disconnected.
Sybrand Bakker
Senior Oracle DBA

Is there any problem with installing the Listener with APEX 4.1

Hi Udo,
With your help, I have already installed the listener on apex 4.0.2.
Now I tried doing the same steps, but as I click apply, in the "listenerConfigure" page, I get an empty page...
I visited :
http://localhost:5555/apex/apex_admin
http://localhost:5555/apex/
Yet, I still get an empty page....
What could be the problem ????
Regards,
Fateh

Thanks Udo,
As I mentioned in the beginning of the thread. After I configure the listener on http://localhost:3333/apex/listenerConfigure , I get an empty page.
Now, if I visit this page http://localhost:3333/apex/listenerConfigure:
I get this message:
The APEX Listener is already configured. Please login as Administrator to access APEX Listener Administration.If I visit : http://localhost:3333/apex/listenerAdmin, I get the configuration page. When I click apply, I get an empty page...
if I visit http://localhost:3333/apex/ or http://localhost:3333/apex/apex_admin, I get an empty page....
Best Regards,
Fateh.
In the CMD, I am getting this message: Connection Pool destroyed
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Mohammad Fateh\Desktop>cd C:\Program Files (x86)\Java\jre6\bin
C:\Program Files (x86)\Java\jre6\bin>java -Dapex.port=3333 -Dapex.home=F:\listen
er -Dapex.images=C:\images -jar F:\listener\apex.war
INFO: Starting: F:\Listener\apex.war
See: 'java -jar apex.war --help' for full range of configuration options
INFO: Extracting to: F:\listener
INFO: Using classpath: file:/F:/listener/apex/____embedded/start.jar:file:/F:/li
stener/apex/WEB-INF/lib/apex.jar:file:/F:/listener/apex/WEB-INF/lib/commons-file
upload-1.2.1.jar:file:/F:/listener/apex/WEB-INF/lib/je-4.0.103.jar:file:/F:/list
ener/apex/WEB-INF/lib/ojdbc6.jar:file:/F:/listener/apex/WEB-INF/lib/ojmisc.jar:f
ile:/F:/listener/apex/WEB-INF/lib/poi-3.6-20091214.jar:file:/F:/listener/apex/WE
B-INF/lib/ucp.jar:file:/F:/listener/apex/WEB-INF/lib/xdb-11.2.0.jar:file:/F:/lis
tener/apex/WEB-INF/lib/xmlparserv2-11.2.0.jar:
INFO: Starting Embedded Web Container in: F:\listener
21-Sep-2011 7:58:54 AM ____bootstrap.Deployer deploy
INFO: Will deploy application path=F:\listener\apex\WEB-INF\web.xml
21-Sep-2011 7:58:54 AM ____bootstrap.Deployer deploy
INFO: deployed application path=F:\listener\apex\WEB-INF\web.xml
Using config file: F:\listener\apex-config.xml
-- listing properties --
PropertyCheckInterval=60
ValidateConnection=true
MinLimit=1
MaxLimit=10
InitialLimit=3
AbandonedConnectionTimeout=900
MaxStatementsLimit=10
InactivityTimeout=1800
MaxConnectionReuseCount=1000
APEX Listener version : 1.1.3.243.11.40
APEX Listener server info: Grizzly/1.9.18-o
21-Sep-2011 7:58:56 AM com.sun.grizzly.Controller logVersion
INFO: Starting Grizzly Framework 1.9.18-o - Wed Sep 21 07:58:56 GST 2011
INFO: http://localhost:3333/apex started.
Using JDBC driver: Oracle JDBC driver version: 11.2.0.2.0
Connection Pool destroyed
-- listing properties --
PropertyCheckInterval=60
ValidateConnection=true
MinLimit=1
MaxLimit=10
InitialLimit=3
AbandonedConnectionTimeout=900
MaxStatementsLimit=10
InactivityTimeout=1800
MaxConnectionReuseCount=1000this is apex-config.xml file
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
<comment> Created: Tue Sep 20 08:23:20 GST 2011 Version: 1.1.3.243.11.40 </comment>
<entry key="apex.db.username">APEX_PUBLIC_USER</entry>
<entry key="apex.db.password">@0553026F9472B479B40252036B93F9DE7F</entry>
<entry key="apex.db.connectionType">basic</entry>
<entry key="apex.db.hostname">192.168.1.19</entry>
<entry key="apex.db.port">1521</entry>
<entry key="apex.db.sid">xe</entry>
<entry key="apex.db.servicename"></entry>
<entry key="apex.db.tnsAliasName"></entry>
<entry key="apex.db.tnsDirectory"></entry>
<entry key="apex.db.customURL"></entry>
<entry key="apex.jdbc.DriverType">thin</entry>
<entry key="apex.jdbc.InitialLimit">3</entry>
<entry key="apex.jdbc.MinLimit">1</entry>
<entry key="apex.jdbc.MaxLimit">10</entry>
<entry key="apex.jdbc.MaxStatementsLimit">10</entry>
<entry key="apex.jdbc.InactivityTimeout">1800</entry>
<entry key="apex.jdbc.AbandonedConnectionTimeout">900</entry>
<entry key="apex.jdbc.MaxConnectionReuseCount">1000</entry>
<entry key="apex.jdbc.DriverType">thin</entry>
<entry key="apex.jdbc.InitialLimit">3</entry>
<entry key="apex.jdbc.MinLimit">1</entry>
<entry key="apex.jdbc.MaxLimit">10</entry>
<entry key="apex.jdbc.MaxStatementsLimit">10</entry>
<entry key="apex.jdbc.InactivityTimeout">1800</entry>
<entry key="apex.jdbc.AbandonedConnectionTimeout">900</entry>
<entry key="apex.security.inclusionList"></entry>
<entry key="apex.security.exclusionList"></entry>
<entry key="apex.security.disableDefaultExclusionList">false</entry>
<entry key="apex.security.requestValidationFunction"></entry>
<entry key="apex.security.maxEntries">2000</entry>
<entry key="apex.security.trustedProxies"></entry>
<entry key="apex.cache.caching">false</entry>
<entry key="apex.cache.procedureNameList"></entry>
<entry key="apex.cache.type">lru</entry>
<entry key="apex.cache.maxEntries">500</entry>
<entry key="apex.cache.expiration">7</entry>
<entry key="apex.cache.duration">days</entry>
<entry key="apex.cache.monitorInterval">60</entry>
<entry key="apex.cache.directory">C:\Users\MOHAMM~1\AppData\Local\Temp\apex\cache</entry>
<entry key="apex.procedure.preProcess"></entry>
<entry key="apex.procedure.postProcess"></entry>
<entry key="apex.misc.defaultPage">apex</entry>
<entry key="apex.misc.compress"></entry>
<entry key="apex.debug.debugger">false</entry>
<entry key="apex.debug.printDebugToScreen">false</entry>
<entry key="apex.error.keepErrorMessages">true</entry>
<entry key="apex.error.maxEntries">50</entry>
<entry key="apex.log.logging">false</entry>
<entry key="apex.log.maxEntries">50</entry>
</properties>Edited by: Fateh on Sep 20, 2011 9:11 PM

Listener behind firewall

Hi all,
I am trying to setup 8.1.7 Database server behind a firewall (Cisco PIX), PIX has been configured
with NAT, I am using the DNS which is on the outer interface of PIX. I have opened up
the outbound DNS for the firewall. However, I do not understand why the listener does not allow
any JDBC connections started that are being made from the same server.
However, when I move the system outside the firewall I do not have this issue.
And one more thing, the listener shows that it has 3 services when outside the network, however,
when I move the system back into the secure network it says listerner has 0 services.
Can anybody help me on this issue..
-lakshmi

oracle press advanced security discusses how to do this

How to configure one Listener for 2 databases on the same server

Hello all,
Please, I am stuck as with my application server which requests the port 1521. I want to configure the repository to make use of the port 1521 which is also shared by another database on the server.
Regards,
Nadine

Maybe it is worth mentioning here that am installing it with two different users as to have two ORACLE_HOME independent of each other.
Below are the configuration files for the Listener.
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(GLOBAL_DBNAME = test.appstech.local)
(ORACLE_HOME = /d02/app/oracle/product/10.2.0/db_1)
(SID_NAME = test)
(SID_DESC =
(GLOBAL_DBNAME = testing.appstech.local)
(ORACLE_HOME = /d01/app/oracle/product/10.1.2/ora_infra)
(SID_NAME = testing)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = ebs.appstech.local)(PORT = 1521))
TRACE_LEVEL_LISTENER = USER
TEST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.15.4)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = test.appstech.local)
TESTING =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.15.4)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = testing.appstech.local)
Regards,

4402 anchor in DMZ, how to configure the Firewall

Hello,
I am not sure if there is a document or thread on this topic aleady though I have been looking.
We have a 5508 foreign controller
We have a 4402 anchor controller
We have a DMZ layer 2 only switch
We have a ASA5520 firewall
I have configured both WLC controllers for guest wireless to the DMZ. They see each other in the mobility group.
I have added vlan800 (arbitrary vlan we chose) in the DMZ switch. Currently is does not have any ip address on it and we would prefer if it stays that way.
We want the anchor to also provide the dhcp scope for all guest wireless which is why we created vlan800 on the DMZ switch as well as in the Anchor controller.
The Anchor controller vlan800 has an ip address 172.18.1.2/24.
The guest wireless network is 172.18.1.x/24 (again, provided by the anchor controller).
My firewall has a DMZ address of 172.16.67.1/24
Ok here is where I get more fuzzy, How do i configure my firewall to accept traffic from the new ip scope i created?
The firewall does not have anymore free physical ports so I think I have to somehow make the existing physical DMZ interface a trunk or give it a secondary ip address of 172.18.1.1/24 to become the gateway for the guest wireless traffic. (besides setting up the allow/deny rules for internet access in the firewall).
I have not been able to find a document that goes into the DMZ requirements for wireless so far.
Thanks!

Hi Dennis,
Yes I have gotten the two controllers talking to one another and able to do both ping test eping and the other one (i forget the name).
I do believe I have a working understanding of the anchor to foreign controller configuration.
My question is specific in as much as it relates to the DMZ switch and firewall.
The configuration of the DMZ switch and firewall is the documentation I am unable to locate with examples of this configuration.
I cannot seem to get to any link that has the word "partner" in it even though I log into my cisco account.
If there is a different link I would be happy to check it out.
As for your question about trunking the port, can you clarify which device your speaking of?
I have the DMZ switch port trunked that connects to the Anchor controller.
Thanks

I am facing problem when configuring listener.ora and tnsnamess.ora in listener side it is showing The listener supports no services The command completed successfully and in when i cross check with listener from tns it is showing the error

i am facing problem when configuring listener.ora and tnsnamess.ora in listener side it is showing The listener supports no services The command completed successfully and in when i cross check with listener from tns it is showing the error
ORA-12514: TNS:listener does not currently know of service requested in connect
descriptor
here is my listener file
lsn =
(DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.125.128)(PORT = 1575))
#ADR_BASE_LISTENER = /u01/app/oracle
(SID_LIST_LISTENER=
(SERVICE_NAME=kull)
(ORACLE_HOME=/u01/app/oracle/product/11.2.0/db_1)
tnsnames.ora
to_lsn=
(DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = server1)(PORT = 1575))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = kull )
my database name is kull
please somebody help

Biswaranjan wrote:
i have two database one is kull and another is kk
i configured listener.ora in kull
and tnsnames.ora in kk
when i am running lsnrctl start listener in database kull
This makes no sense. You don't configure a listener nor a tnsnames.ora "in a database".   I hope this is just a language issue and not reflective of a fundamental misunderstanding of how tns works.
read: http://edstevensdba.wordpress.com/2011/02/09/sqlnet_overview/ Help! I can’t connect to my database
read: http://edstevensdba.wordpress.com/2011/02/16/sqlnet_client_cfg/ Help! I can’t connect to my database (part duex)
it is showing the message
Alias                     lsn
Version                   TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date                05-JUL-2013 19:08:06
Uptime                    0 days 0 hr. 0 min. 0 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /u01/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
Listener Log File         /u01/app/oracle/product/11.2.0/db_1/log/diag/tnslsnr/server1/lsn/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1575)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=server1)(PORT=1575)))
The listener supports no services
The command completed successfully
and in another database in kk when i am giving the command tnsping to_lsn
it is giving this message
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = server1)(PORT = 1575)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = kull)))
OK (0 msec)
but when i am cross check sqlplus system/manager@ to_lsn
it is giving the following error
ORA-12514: TNS:listener does not currently know of service requested in connect
descriptor

How to configure the virtual path with our web listener

Oracle Apps Version: 11.5.10.2
Oracle database: 10.2
platform: Windows server 2003
while applying developer 6i patch ( 61954129 ) i got following error which says configure the following virtual path for your web listener
following is the output of forms6iconfig.txt file which oracale suggest to check
Configuration Steps for Oracle Forms installation of 06:21:33 2010/12/01
This file gives details of the configuration steps done for you by the installation process
(marked '[INFO]') and of any actions you need to do manually (marked '[ACTION]'). Please read
this file and perform the requested actions.
[ACTION] If you are installing in a new Oracle Home, please reboot the machine after the installation.
[ACTION] Please configure the following virtual path with your web listener: /dev60temp for
physical directory D:\CLONE\cloneora\8.0.6\tools\web60\temp.
[INFO] NT service Oracle Forms Server [Forms60Server] has been created and started for
the Forms Server.
[ACTION] Please configure the following virtual path with your web listener: /forms60java for
physical directory D:\CLONE\cloneora\8.0.6\FORMS60\java.
[ACTION] Please configure the following virtual path with your web listener: /dev60html for
physical directory D:\CLONE\cloneora\8.0.6\tools\web60\html.
[ACTION] Please configure the following virtual path with your web listener: /dev60cgi for
physical directory D:\CLONE\cloneora\8.0.6\tools\web60\cgi.
[INFO] An internet shortcut to run a standard test form, or any form of your choice, has been
created for you in the Oracle Forms program group.
[ACTION] Please configure the following virtual path with your web listener: /jinitiator for
physical directory D:\CLONE\cloneora\8.0.6\JINIT.

Hi,
while applying developer 6i patch ( 61954129 ) i got following error which says configure the following virtual path for your web listener
following is the output of forms6iconfig.txt file which oracale suggest to check
Do you mean (Patch 6194129)? How do you get this error? Is it at the beginning or the end of the installation?
Configuration Steps for Oracle Forms installation of 06:21:33 2010/12/01
This file gives details of the configuration steps done for you by the installation process
(marked '[INFO]') and of any actions you need to do manually (marked '[ACTION]'). Please read
this file and perform the requested actions.
[ACTION] If you are installing in a new Oracle Home, please reboot the machine after the installation.
[ACTION] Please configure the following virtual path with your web listener: /dev60temp for
physical directory D:\CLONE\cloneora\8.0.6\tools\web60\temp.
[INFO] NT service Oracle Forms Server [Forms60Server] has been created and started for
the Forms Server.
[ACTION] Please configure the following virtual path with your web listener: /forms60java for
physical directory D:\CLONE\cloneora\8.0.6\FORMS60\java.
[ACTION] Please configure the following virtual path with your web listener: /dev60html for
physical directory D:\CLONE\cloneora\8.0.6\tools\web60\html.
[ACTION] Please configure the following virtual path with your web listener: /dev60cgi for
physical directory D:\CLONE\cloneora\8.0.6\tools\web60\cgi.
[INFO] An internet shortcut to run a standard test form, or any form of your choice, has been
created for you in the Oracle Forms program group.
[ACTION] Please configure the following virtual path with your web listener: /jinitiator for
physical directory D:\CLONE\cloneora\8.0.6\JINIT.Please make sure you source the application env file before applying this patch, and select 8.0.6 ORACLE_HOME.
Thanks,
Hussein

[ACTION] Please configure the following virtual path with your web listener: /jinitia

Hi Guys,
Would kindly suggest me. How to solve this following setting? From the documentation, I could not understand, which file or where should I do the following configuration.
[ACTION] Please configure the following virtual path with your web listener: /dev60temp for
physical directory C:\ORACLE\iSuites\tools\web60\temp.
[ACTION] Please configure the following virtual path with your web listener: /forms60java for
physical directory C:\ORACLE\iSuites\FORMS60\java.
[ACTION] Please configure the following virtual path with your web listener: /dev60html for
physical directory C:\ORACLE\iSuites\tools\web60\html.
[ACTION] Please configure the following virtual path with your web listener: /dev60cgi for
physical directory C:\ORACLE\iSuites\tools\web60\cgi.
[ACTION] Please configure the following virtual path with your web listener: /jinitiator for
physical directory C:\ORACLE\iSuites\JINIT
I appreciate your information and help.
Thanks,
Amit

Hi,
while applying developer 6i patch ( 61954129 ) i got following error which says configure the following virtual path for your web listener
following is the output of forms6iconfig.txt file which oracale suggest to check
Do you mean (Patch 6194129)? How do you get this error? Is it at the beginning or the end of the installation?
Configuration Steps for Oracle Forms installation of 06:21:33 2010/12/01
This file gives details of the configuration steps done for you by the installation process
(marked '[INFO]') and of any actions you need to do manually (marked '[ACTION]'). Please read
this file and perform the requested actions.
[ACTION] If you are installing in a new Oracle Home, please reboot the machine after the installation.
[ACTION] Please configure the following virtual path with your web listener: /dev60temp for
physical directory D:\CLONE\cloneora\8.0.6\tools\web60\temp.
[INFO] NT service Oracle Forms Server [Forms60Server] has been created and started for
the Forms Server.
[ACTION] Please configure the following virtual path with your web listener: /forms60java for
physical directory D:\CLONE\cloneora\8.0.6\FORMS60\java.
[ACTION] Please configure the following virtual path with your web listener: /dev60html for
physical directory D:\CLONE\cloneora\8.0.6\tools\web60\html.
[ACTION] Please configure the following virtual path with your web listener: /dev60cgi for
physical directory D:\CLONE\cloneora\8.0.6\tools\web60\cgi.
[INFO] An internet shortcut to run a standard test form, or any form of your choice, has been
created for you in the Oracle Forms program group.
[ACTION] Please configure the following virtual path with your web listener: /jinitiator for
physical directory D:\CLONE\cloneora\8.0.6\JINIT.Please make sure you source the application env file before applying this patch, and select 8.0.6 ORACLE_HOME.
Thanks,
Hussein

Tips on configuring the builtin firewall

Hi out there!
Don´t know if this is the right forum, anyway...
Where do I find information on how to access and configure the built in firewall that the comes with the MSI K8N NEO-2 Platinum?.
Must say that the manual is quite scarce with information about this feature.

I messed around with it using the Nvidia utility tool that came with the mobo and I was able to configure it with that. Not sure why you can't find it but you may need to find the program and set it as a shortcut on your desktop like I did. I might be able to give you more information on this after checking my computer again since I am not home right now.

ACE problem - bridge mode - behind a firewall

Hello
We are having problems with one of you ACE context, this implementation was done by a supplier and I am trying to troubleshoot it.
The clients and the servers are on different subnets, there is a Nokia firewall in the middle. The firewalls are setup on a cluster.
Connecting to port 7072 is taking at least 30 seconds. If I move the server into the VLAN in front of the ACE, the connection is instant. So it does indicate a problem on the ACE.
The client IP is .99.11.
The VIP is .100.62 and the server node is .100.12.
Running the capture command I can see the following behavior:
1. The client initiates the connection to the ACE Vip
2. At the same time it looks like a second connection is initiated from the client to the server node
Please see attachment.
Is this a normal situation where the connection is duplicated?
Does this interface setup look correct?
Is the bridge mode the correct setup in this scenario?
interface vlan 10
bridge-group 2
no normalization
mac-sticky enable
access-group input PERMITALL
service-policy input VLAN10-INTER-MMPM
no shutdown
interface vlan 15
bridge-group 2
no normalization
access-group input PERMITALL
no shutdown
interface bvi 2
ip address 192.168.100.7 255.255.255.192
alias 192.168.100.6 255.255.255.192
peer ip address 192.168.100.8 255.255.255.192
no shutdown
ip route 0.0.0.0 0.0.0.0 192.168.100.1
Many thanks,
Damian

Thanks for replying James,
I am sure I configured the capture only for VLAN10 which is in the VIP side.
But you are right, it looks like is showing both VLAN10 and VLAN15. So that is one of my theories out of the window! :)
This is a new installation, still on the testing stage. So it would be good time to make changes.
Do you normally implement a routed setup behind a firewall? Rather than a bridgedâ¦.
It is quite a small setup:
â¢ Traffic is coming from a separate local subnet
â¢ Traffic is not coming from the internet so it does not required a NAT
â¢ We need 1 VIP listening on two ports
â¢ The backend servers are four Linux boxes
Thanks again,
Damian

How to configure different listener for each database in 11gR2 RAC

Hi Friends,
Current Prod Setup :
11gR2 (11.2..0.2) RAC on RHEL 5.5 with 3 SCAN Listeners on default 1521 port.
Having 4 databases which are using SCAN-IP and listening on default port only.
As per policy, we have to create separate listeners (on different port) for each database.
like,
DB1 - 1522
DB2 - 1523
DB3 - 1524
DB4 - 1525
Even If I configure 4 listeners using NETCA, how my failover & load balancing will happen using SCAN & Newly Created Listeners ???
Thanks in advance..
Regards,
Manish

Hi,
I tried on 11gR2 TEST RAC Server to have different listener with different port (1529) for SCAN & Node Listener & tested failover, load-balancing which was successful.
[oracle@ravish5 admin]$ cat listener.ora
LISTENER_A=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER_A)))) # line added by Agent
ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER_A=ON # line added by Agent
[oracle@ravish5 admin]$ ps -ef | grep lsnr
oracle 1985 1 0 00:46 ? 00:00:00 /11g_crs/11.2.0.2/product/home/bin/tnslsnr LISTENER -inherit
oracle 1988 1 0 00:46 ? 00:00:00 /11g_database/11.2.0.2/product/home_1/bin/tnslsnr LISTENER_A -inherit
oracle 2928 1 0 01:00 ? 00:00:00 /11g_crs/11.2.0.2/product/home/bin/tnslsnr LISTENER_SCAN1 -inherit
[oracle@ravish5 admin]$ lsnrctl status LISTENER_A
LSNRCTL for Linux: Version 11.2.0.2.0 - Production on 02-MAY-2012 03:19:35
Copyright (c) 1991, 2010, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER_A)))
STATUS of the LISTENER
Alias LISTENER_A
Version TNSLSNR for Linux: Version 11.2.0.2.0 - Production
Start Date 02-MAY-2012 00:46:42
Uptime 0 days 2 hr. 32 min. 54 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /11g_database/11.2.0.2/product/home_1/network/admin/listener.ora
Listener Log File /11g_database/11.2.0.2/diag/tnslsnr/ravish5/listener_a/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=LISTENER_A)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.3.5)(PORT=1529)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.3.16)(PORT=1529)))
Services Summary...
Service "TEST" has 1 instance(s).
Instance "TEST2", status READY, has 1 handler(s) for this service...
Service "TESTXDB" has 1 instance(s).
Instance "TEST2", status READY, has 1 handler(s) for this service...
Service "srvc_test.clover.com" has 1 instance(s).
Instance "TEST2", status READY, has 1 handler(s) for this service...
The command completed successfully
SQL> show parameter listen
NAME TYPE VALUE
listener_networks string
local_listener string (DESCRIPTION=(ADDRESS_LIST=(AD
DRESS=(PROTOCOL=TCP)(HOST=192.
168.3.16)(PORT=1529))))
remote_listener string ravish-scan:1529
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production
With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP,
Data Mining and Real Application Testing options
[oracle@ravish5 admin]$ srvctl config scan_listener
SCAN Listener LISTENER_SCAN1 exists. Port: TCP:1521,1529
[oracle@ravish5 admin]$ srvctl config scan
SCAN name: ravish-scan, Network: 1/192.168.3.0/255.255.255.0/eth0
SCAN VIP name: scan1, IP: /ravish-scan.clover.com/192.168.3.22
[oracle@ravish5 admin]$ srvctl config listener
Name: LISTENER
Network: 1, Owner: oracle
Home: <CRS home>
End points: TCP:1521
Name: LISTENER_A
Network: 1, Owner: oracle
Home: /11g_database/11.2.0.2/product/home_1
End points: TCP:1529
[oracle@ravish5 admin]$ srvctl config service -d TEST -s srvc_test.clover.com
Service name: srvc_test.clover.com
Service is enabled
Server pool: TEST_srvc_test.clover.com
Cardinality: 2
Disconnect: false
Service role: PRIMARY
Management policy: AUTOMATIC
DTP transaction: false
AQ HA notifications: true
Failover type: SELECT
Failover method: BASIC
TAF failover retries: 0
TAF failover delay: 0
Connection Load Balancing Goal: LONG
Runtime Load Balancing Goal: NONE
TAF policy specification: BASIC
Edition:
Preferred instances: TEST1,TEST2
Available instances:
TEST_NEW =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = ravish-scan.clover.com)(PORT = 1529))
(LOAD_BALANCE = yes)
(FAILOVER = ON)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = srvc_test.clover.com)
(FAILOVER_MODE =
(TYPE = SELECT)
(METHOD = BASIC)
Actually different ports for different databases are required to have separation of duties. Once Firewall enabled betwen Client & DB Server only privileged users would have access to particular database.
Regards,
Manish

How do you configure the set of port to use for FTP passive data connection

I was able to start the ftp server xml db and connect to it locally. When I tried to connect to it from home, I was able to log in but when i do a "get" command the sessions hangs. I also tried passive mode and do a "get" command and it gives me a connection refused error. I am using the default port 2100. I think this might be a firewall issue with the data connection port. I am not sure which range of ports to open for the passive ftp connection on the server side or where to go and set them for for the ftp server to use? Or this issue might not be firewall related??? Any thoughts. Thanks.

This is a typical problem with VPN/Firewall software and FTP on ports other than 21.
When you open the FTP data connection the FTP Server identifies which port the data will be sent on using the PORT command which is sent on the command port (typically 21 with a normal FTP server, 2100 by default with XDB). THe client then opens that PORT to accept the data (file, output of an ls etc).
As I understand it most VPN/Firewall are configured to monitor 21 for 'PORT' requests. They then understand to allow connection on the PORT number passed on the command PORT. Hence with Port 21 firewall / VPN software is not a problem. However since the XDB command PORT is something other than 21 they do not see / honour the PORT commands from the server and hence the client cannot open the data connection on the specified PORT
As to how to solve it, I wish I knew (After 5 years I still can't use XDB FTP from home to a machine in the office once the VPN tunnel is open :( ). I'm sure it's going to be firewall / VPN software specific and may need the VPN servers to be configured.
The best bet would be to run the FTP server on 21...
Add the following line to your listener.ora file
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP) (HOST = hostname) (PORT = 21))
(PROTOCOL_STACK = (PRESENTATION = FTP) (SESSION = RAW)))
and then restart the listener as root
Start the listener as root.
At the operating system prompt, enter tnslsnr with optional command line arguments. The usage is as follows:
tnslsnr [listener_name] [-user user] [-group group]
where:
Table 4-3 tnslsnr Utility Options
Option Description
listener_name
Specify the name of the listener. If omitted, the default name LISTENER will be used.
-user user
Specify the user whose privileges the listener will use when super user (root) privileges are not needed. After performing the privileged operations, the listener will give up root privileges irreversibly.
-group group
Specify the group whose privileges the listener will use when super user (root) group privileges are not needed. After performing the privileged operations, the listener will give up root group privileges irreversibly.
The listener will temporarily switch to the provided user and group immediately after startup. All subsequent operations will be done with the specified user and group privileges, except the system calls necessary to listen on configured endpoints. The listener will revert to super user (root) for a short period of time to listen on reserved addresses, such as TCP ports less than 1024. After the listener starts listening on all of its endpoints configured in listener.ora, it will switch to the specified user and group irreversibly. Therefore, the listener will give up the root privilege that it initially had. In the current release, -user and -group command line arguments only accept user and group identifiers specified in numeric form.
For example, to execute a root listener called mylsnr and have it use privileges of a user identified

Request for assistance setting up the listener. 11.2.0.2 on 64 bit Linux,

I have installed Oracle and am able to access it locally. Unfortunately, I can't access it remotely. lsnrctl status does not list the XE instance. The following are the contents of the relevant files/command outputs:
listener.ora
# listener.ora Network Configuration File:
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = /u01/app/oracle/product/11.2.0/xe)
(PROGRAM = extproc)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC_FOR_XE))
(ADDRESS = (PROTOCOL = TCP)(HOST = Neon)(PORT = 1521))
DEFAULT_SERVICE_LISTENER = (XE)
/etc/hosts
127.0.0.1     localhost.localdomain     localhost     Neon
::1     localhost.localdomain     localhost6     localhost
lsnrctl status
LSNRCTL for Linux: Version 11.2.0.2.0 - Production on 04-SEP-2012 12:27:21
Copyright (c) 1991, 2011, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC_FOR_XE)))
STATUS of the LISTENER
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.2.0 - Production
Start Date 31-AUG-2012 16:49:12
Uptime 3 days 19 hr. 38 min. 9 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Default Service XE
Listener Parameter File /u01/app/oracle/product/11.2.0/xe/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/11.2.0/xe/log/diag/tnslsnr/Neon/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC_FOR_XE)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
I am able to log into the database using sqlplus mkhan/password and run the following query, select * from all_users and get the following output:
SQL> select * from all_users;
USERNAME               USER_ID CREATED
XS$NULL           2147483638 28-AUG-11
MKHAN                    49 30-AUG-12
LKEDONGA               48 23-JUL-12
APEX_040000               47 28-AUG-11
APEX_PUBLIC_USER          45 28-AUG-11
FLOWS_FILES               44 28-AUG-11
HR                    43 28-AUG-11
MDSYS                    42 28-AUG-11
ANONYMOUS               35 28-AUG-11
XDB                    34 28-AUG-11
CTXSYS                    32 28-AUG-11
USERNAME               USER_ID CREATED
OUTLN                         9 28-AUG-11
SYSTEM                         5 28-AUG-11
SYS                         0 28-AUG-11
14 rows selected.
SQL>
but attempting sqlplus mkhan/password@XE or mkhan/password@Neon/XE or mkhan/password@localhost/XE results in the following:
SQL*Plus: Release 11.2.0.2.0 Production on Tue Sep 4 13:42:36 2012
Copyright (c) 1982, 2011, Oracle. All rights reserved.
ERROR:
ORA-12514: TNS:listener does not currently know of service requested in connect
descriptor
Enter user-name:
Needless to say that Apex isn't working either but I'll tackle that later. I can log into the database using user oracle in group dba using "sqlplus / as sysdba". I can shutdown the database and start it back up. So I know I installed correctly.

user11414072 wrote:
Thanks Ed.
On my PC, I installed the instant client 11.2. As I understand it, when I run sqlplus in a dos box as follows, I the DB server should respond and allow a connection
sqlplus mkhan/password@XE
In this case it should use the local tnsnames.ora to determine where the XE instance is, and initiate a connection.
I've also tried
sqlplus mkhan/password@Neon/XE and
sqlplus mkhan/[email protected]/XE and
sqlplus mkhan/[email protected]/XE
sqlplus mkhan/[email protected]:1521/XE
all of them give me
ORA-12170: TNS:Connect timeout occurred
AdThanksVance,the most common cause from ORA-12170 is a FireWall on or between client & DB server
what is OS name & version for both client & DB server?

Configuring the listener behind a firewall

Similar Messages

Maybe you are looking for