Ehlo,
AFAIK, Oracle's Listener (Net8 Environnement) could be configured in 2 modes :
- listener and clients answers on the same port
- listener redirects (wrapper) clients to another _dynamic_ port :(
Hope this help ...
Lionel.

-----Message d'origine-----
De : Chris Cheshire [mailto:***@bigredwire.com]
Envoyé : vendredi 22 octobre 2004 04:38
À : ***@securityfocus.com
Objet : port forwarding and oracle

Has anyone got port forwarding to work with an oracle database?

I have OpenSSH 3.9p1 on my database server (Oracle 8i running Solaris
2.6) and my client is a PowerBook (running OSX 10.3.5) with OpenSSH
3.6p1 (I wish apple would update this) and when I try to set up the port
forward the connection (using java thin client drivers) through it times
out. Running the following from the client :

ssh -v -L 2521:dbserver:1521 ***@dbserver

connects successfully and starts up a shell and then when I connect
using the java thin client () I get :

debug1: Connection to port 2521 forwarding to dbserver port 1521 requested.
debug1: channel 3: new [direct-tcpip]
debug1: channel 3: open confirm rwindow 131072 rmax 32768
debug1: channel 3: read<=0 rfd 9 len 0
debug1: channel 3: read failed
debug1: channel 3: close_read
debug1: channel 3: input open -> drain
debug1: channel 3: rcvd eof
debug1: channel 3: output open -> drain
debug1: channel 3: obuf empty
debug1: channel 3: close_write
debug1: channel 3: output drain -> closed
debug1: channel 3: ibuf empty
debug1: channel 3: send eof
debug1: channel 3: input drain -> closed
debug1: channel 3: send close
debug1: channel 3: rcvd close
debug1: channel 3: is dead
debug1: channel 3: garbage collecting
debug1: channel_free: channel 3: direct-tcpip: listening port 2521 for
dbserver port 1521, connect from 127.0.0.1 port 49818, nchannels 4


All this happens almost immediately, and the connection takes a further
minute or so to time out.

Any suggestions?

Thanks

Chris



Ce message et toutes les pièces jointes (ci-après le « message ») sont confidentiels et établis à l'intention exclusive de ses destinataires. Toute utilisation de ce message non conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. Si vous recevez ce message par erreur, merci de le détruire sans en conserver de copie et d'en avertir immédiatement l'expéditeur. Internet ne permettant pas de garantir l'intégrité de ce message, la Caisse des dépôts et consignations décline toute responsabilité au titre de ce message s'il a été modifié, altéré, déformé ou falsifié.

This message and any attachments (the « message ») are confidential and intended solely for the addressees. Any use not in accord with its purpose, any dissemination or disclosure, either whole or partial, is prohibited except formal approval. If you receive this message in error, please delete it without storing any evidence and immediately notify the sender. Internet can not guarantee the integrity of this message, neither Caisse des depots et consignations shall be liable for the message if modified, altered, changed or falsified.

I don't know about thin client, but when I did this with SQL*Net or
Oracle Net, I had to use Connection Manager. I'll bet the same is true
for you. See this URL:

http://www.oracle.com/technology/products/oraclenet/htdocs/cman_overview.htm

Or you can look up the documentation in the Oracle9i Net Services
Administrator Guide (or whatever version you are using).

Are you trying to connect to somewhere different than localhost? If that
is the case use the -g option.

from ssh(1):
-g Allows remote hosts to connect to local forwarded ports.

if you don't use -g it will allow connections only to localhost
(127.0.0.1).

hope it helps,

-Mauricio

this should do what your looking for,

ssh -v -L 2521:localhost:1521 ***@dbserver

I'm assuming your using a dns name to resolve "dbserver". You don't want
to send traffic back out to another possible host, just keep it on the
localhost of the Host Server you are connecting to. If this is a
question about allowing remote db software clients connect to the server
then you might want to check your configs to see what needs to be
changed to allow this behavior without tunneling (unless its exposed to
the internet).

HTH,
Jesse Waters

I've done this successfully without problems between a winnt and oracle
8.1.7 this is my config:
listener.ora in the Solaris server:
lst_estad =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST=whatever)(PORT = 1528))
)
)
)

SID_LIST_lst_estad =
(SID_LIST =
(SID_DESC =
(GLOBAL_DBNAME = ESTAD)
(ORACLE_HOME = /opt/oracle/product/8.1.7)
(SID_NAME = ESTAD)
)
)

STARTUP_WAIT_TIME_lst_estad = 0
CONNECT_TIMEOUT_lst_estad = 10

The tnsnames.ora on the localmachine is:
ESTAD_TUNNEL =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = LOCALHOST)(PORT = 1702))
)
(CONNECT_DATA =
(SID = ESTAD)
)

Making a tunnel with cygwin with this line, i think this is your problem:
ssh -L 1702:localhost:1528 ***@whatever

you can do this:
C:\oracle\ora81\network\ADMIN>tnsping estad_tunnel
TNS Ping Utility for 32-bit Windows: Version 8.1.7.0.0 - Production on
26-OCT-2004 09:25:55
(c) Copyright 1997 Oracle Corporation. All rights reserved.
Attempting to contact (ADDRESS=(PROTOCOL=TCP)(HOST=LOCALHOST)(PORT=1702))
Realizado correctamente (440 mseg)


Best regards
David Roman Esteban