Contributed by Dengue on from the Unbreakable-------right! dept.
"I have a firewall running obsd 3.0 with pf and nat. On the inside I have a oracle 9i database. I need to access the database from outside world. VPN is not an option. Is there any oracle proxy ( such in NT, NT sucks anyway) available? Thanks. "
(Comments are closed)
By Andrew Pinski () on mailto:pinskia(at)nospam.physics.uc.edu
Are you could forward the port at the firewall level.
Comments
By Michael Schrader-Boelsche () msb@tanum.de on mailto:msb@tanum.de
control over content (and possibly commands) you are allowing to pass over your firewall.
You always want to have a proxy which understands the used protocols and can apply ACLs or at least log all activities.
By click46 () click46 at webpimps dot net on mailto:click46 at webpimps dot net
By Anonymous Coward () on
Comments
By negative () negative@farawayfromhome.org on mailto:negative@farawayfromhome.org
By Ben Goren () ben@trumpetpower.com on http://www.trumpetpower.com/
More specifically, why do you need to access the database from the outside? Who will be doing the accessing, and do you care if the worng somebody talks to Oracle? Is it okay if the data gets sniffed? How well do you need to protect the data on the computer that's running Oracle, and how sensitive are the other machines on the inside network?
From what little information you've supplied, I'd suggest either putting the Oracle computer outside the firewall altogether or adding another NIC to the firewall and just putting the Oracle computer on that segment. But there's no way to know if this would be acceptable without more information. It may well be that you really do need a VPN, SSH or SSL proxy, or something similar. Why isn't that an option? If it's really not an option but you really do need it...well, sorry, you're screwed.
Good luck,
b&
By Anonymous Coward () on
Can you please stop posting these kinds of "Ask Deadly how to fix my network" questions?
That's what the mailing lists are for.
Comments
By dengue () dengue@deadly.org on mailto:dengue@deadly.org
By Anonymous Coward () on
Otherwise, use SSH port forwarding seems sufficient. Unless you are just trying to punch a hole in a firewall between your DMZ and an internal Oracle database. In which case, pf would work quite nicely on the internal to DMZ bastion (read firewall) host.
By Cep () on
http://gennick.com/lock_the_door.html