?
Solved

Is is possible to use TCP.INVITED_NODES for a specific listener

Posted on 2005-02-24
9
Medium Priority
?
1,086 Views
Last Modified: 2008-01-09
I'm tired of trying to decipher the docs and I'm getting lazy so I'm using some points:

Explaination attempt #1 (there will be another to follow.  I always hate trying to explain what I mean.......):
I have a DB server that was once limited to intranet applications.  We now have a need to expose access to an Internet web site.  I would like to obscure as many of the specifics as I can.  So what I was thinking is that I could bind a different ip address to the DB server, create another listener on a different port using this new ip address and potentially use INVITED_NODES for just that listener from that specific web server.

Explaination attempt #2:
Have server DBSVR1 who's data is access from several machines well protected in an intranet.  We now wish to expose WEBSVR1 to the internet and have an application access data on DBSVR1.  Without affecting any current applications/users I would like to protect a majority of the DB connection stuff in the event WEBSVR1 is hacked.  The thought was that all current apps use the existing listener which connects to the existing IP etc...  and to create a bogus IP and a new listener specifically for this IP and use this info for the tnsnames on WEBSVR1.



From the reading I've done, it appears that using INVITED_NODES is set for the entire instance in the sqlnet.ora file and I can't set it up for a specific listener (listener1 everyone welcome.  listener2 only a specific node is welcome).

I already know about creating a replicated/standby/etc... DB but would prefer to do it with the existing DB and set up a restricted user specifically for this app.

That said:  Has anyone come up with a solution to a similar problem.

P.S.
Version 10.1.0.3  Client and Server

and I'll be leaving for the evning very soon and won't be able to respond until tomorrow.  Hopefully my inbox will be full of valid soultions w/o the need for further explaination (I can hope can't I....)
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 
LVL 22

Expert Comment

by:earth man2
ID: 13397684
If you have linux/unix you should be able to define iptables chain rule to restrict access to listener port.
0
 
LVL 77

Author Comment

by:slightwv (䄆 Netminder)
ID: 13398023
Damn.... forgot to mention:  Windows only (trust me...at times I really really miss UNIX!!!)
0
 
LVL 22

Expert Comment

by:earth man2
ID: 13404255
Setting TNS_ADMIN environment variable to point to a different sqlnet.ora should work
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 77

Author Comment

by:slightwv (䄆 Netminder)
ID: 13405040
Can you explain this in a little more detail?

The DB connection comes from WEBSVR1 using ODP.Net.  How will creating a different sqlnet.ora file on the DB server work?
0
 
LVL 77

Author Comment

by:slightwv (䄆 Netminder)
ID: 13423219
ping

earth to earthman.....
0
 
LVL 22

Accepted Solution

by:
earth man2 earned 2000 total points
ID: 13423653
Rather than windows listener service running lsnrctl make it run a script that sets TNS_ADMIN environment variable before it calls lsnrctl start
0
 
LVL 77

Author Comment

by:slightwv (䄆 Netminder)
ID: 13423699
That sounds just crazy enough to work.....

It might take me a couple of days to try it out.
0
 
LVL 77

Author Comment

by:slightwv (䄆 Netminder)
ID: 13451400
I appreciate you comments.  As is most things in the life of an IT person:  Other fires have popped up and I have not had time to mess with this and probably won't for a while.

Therefore, I'm deciding to award you the points even without a confirmed kill.  May you use them wisley.  See ya around.
0
 
LVL 77

Author Comment

by:slightwv (䄆 Netminder)
ID: 13451420
You know....  sometimes I type like I have an IQ of 40.......  (it's actually 50):

change:
 I appreciate you comments.
to:
 I appreciate your comments.

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Truncate is a DDL Command where as Delete is a DML Command. Both will delete data from table, but what is the difference between these below statements truncate table <table_name> ?? delete from <table_name> ?? The first command cannot be …
How to Create User-Defined Aggregates in Oracle Before we begin creating these things, what are user-defined aggregates?  They are a feature introduced in Oracle 9i that allows a developer to create his or her own functions like "SUM", "AVG", and…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
This video shows information on the Oracle Data Dictionary, starting with the Oracle documentation, explaining the different types of Data Dictionary views available by group and permissions as well as giving examples on how to retrieve data from th…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question