Net8 Connection Manager

The requirement requires the Oracle connection and firewalls. A remote Oracle client making a connection to an Oracle database can fail if there is a firewall installed between the client and the server if port redirection is taking place. The firewall will block the connection to the new port when the Oracle client connects to the database ORA-12203 or ORA-12535 or ORA-12564. The client connection failure is due to port redirection from the Database Server‘s operating system. Port redirection requires the client to connect to the database using a different port than originally configured in the configuration files. Solution: Oracle Connection Manager (CMAN)

Oracle Connection Manager is available from Oracle Net8 and requires configuration of CMAN to allow the clients to connect through firewall. CMAN is executable that allows clients to connect despite a firewall being in place between the client and the server. CMAN is similar to the listener that it reads a CMAN.ORA configuration file, which contains an address that Oracle Connection Manager listens for in comming connections, usually default port of 1610 or 1630. The oracle client must be Net8 or above.

The following configuration is based on a working CMAN acting as a proxy to access a database on a firewalled segmented piece of network.

   192.168.x.x -> 192.168.10.131    -|   DMZ  |-> 192.168.14.4
       AnyHost -> Gamma (sql proxy) -|firewall|-> Beta (Database)

Files affected in the configuration are TNSNAMES.ORA (client), CMAN.ORA (connection manager) and LISTENER.ORA (remote site)

TNSNAMES.ORA

Resides on the client machines needing access to the firewalled database.

 # TNSNAMES.ORA Network Configuration File: C:\oracle\ora92\network\admin\tnsnames.ora
 
 EXTPROC_CONNECTION_DATA.DBZOO.COM =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
    )
    (CONNECT_DATA =
      (SID = PLSExtProc)
      (PRESENTATION = RO)
    )
  )

 ## MUON - Via connection manager
 test.dbzoo.com =
   (DESCRIPTION=
      (SOURCE_ROUTE=yes) 
      (ADDRESS=
         (PROTOCOL=tcp) 
         (HOST=gamma)
         (PORT=1610))
      (ADDRESS=
         (PROTOCOL=tcp) 
         (HOST=beta) 
         (PORT=1521))
      (CONNECT_DATA=
         (SERVICE_NAME=muon.dbzoo.com)))

CMAN.ORA

The CMAN.ORA file. There are 3 sections in the CMAN.ORA. file that need to configure, CMAN, CMAN_ADMIN & CMAN_PROFILE.

 cman = (ADDRESS_LIST=
           (ADDRESS=(PROTOCOL=tcp)(HOST=gamma)(PORT=1610)(QUEUESIZE=32))
       )

 CMAN_ADMIN = (ADDRESS=(PROTOCOL=tcp)(HOST=gamma)(PORT=1830))

cman's configurable params

  • MAXIMUM_RELAYS defaults to 128
  • LOG_LEVEL defaults to 0
  • TRACING defaults to no
  • TRACE_DIRECTORY defaults to …/network/trace
  • RELAY_STATISTICS defaults to no
  • SHOW_TNS_INFO defaults to no
  • USE_ASYNC_CALL defaults to yes
  • AUTHENTICATION_LEVEL defaults to 0
  • Note: If AUTHENTICATION_LEVEL=1 then use SQLNET.AUTHENTICATION_SERVICES= (NTS) in SQLNET.ORA
  • MAXIMUM_CONNECT_DATA defaults to 1024
  • ANSWER_TIMEOUT defaults to 0
  • MAX_FREELIST_BUFFERS defaults to 2048
 CMAN_PROFILE = (PARAMETER_LIST=
        (MAXIMUM_RELAYS=32)
        (LOG_LEVEL=1)
        (TRACING=no)
        (SHOW_TNS_INFO=YES)
        (RELAY_STATISTICS=NO)
        (AUTHENTICATION_LEVEL=0)
 )

Startup the Connection Manager services. The command to activate is CMCTL.
Type CMCTL START CMAN|ADM. And you should be able to check the services up and running using windows services.

LISTENER.ORA

The LISTENER.ORA in the SQL Proxy server must include a listening port for CMAN that is 1610.

 LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS_LIST =
        (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
      )
      (ADDRESS_LIST =
        (ADDRESS = (PROTOCOL = TCP)(HOST = GAMMA)(PORT = 1521))
      )
 # FOR CMAN
      (ADDRESS_LIST =
        (ADDRESS = (PROTOCOL = TCP)(HOST = GAMMA)(PORT = 1610))
      )
    )
  )

 SID_LIST_LISTENER =
  (SID_LIST =
    (SID_DESC =
      (SID_NAME = PLSExtProc)
      (ORACLE_HOME = C:\oracle\ora92)
      (PROGRAM = extproc)
    )
  )

Controlling the Connection manager

From CMD on the box with the connection manager software installed.

 cmctl start  - Will startup the admin and cm daemons
 cmctl start cm - Connection manager deamon only.
 cmctl start admin - Admin daemon only