• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1143
  • Last Modified:

Is is possible to use TCP.INVITED_NODES for a specific listener

I'm tired of trying to decipher the docs and I'm getting lazy so I'm using some points:

Explaination attempt #1 (there will be another to follow.  I always hate trying to explain what I mean.......):
I have a DB server that was once limited to intranet applications.  We now have a need to expose access to an Internet web site.  I would like to obscure as many of the specifics as I can.  So what I was thinking is that I could bind a different ip address to the DB server, create another listener on a different port using this new ip address and potentially use INVITED_NODES for just that listener from that specific web server.

Explaination attempt #2:
Have server DBSVR1 who's data is access from several machines well protected in an intranet.  We now wish to expose WEBSVR1 to the internet and have an application access data on DBSVR1.  Without affecting any current applications/users I would like to protect a majority of the DB connection stuff in the event WEBSVR1 is hacked.  The thought was that all current apps use the existing listener which connects to the existing IP etc...  and to create a bogus IP and a new listener specifically for this IP and use this info for the tnsnames on WEBSVR1.



From the reading I've done, it appears that using INVITED_NODES is set for the entire instance in the sqlnet.ora file and I can't set it up for a specific listener (listener1 everyone welcome.  listener2 only a specific node is welcome).

I already know about creating a replicated/standby/etc... DB but would prefer to do it with the existing DB and set up a restricted user specifically for this app.

That said:  Has anyone come up with a solution to a similar problem.

P.S.
Version 10.1.0.3  Client and Server

and I'll be leaving for the evning very soon and won't be able to respond until tomorrow.  Hopefully my inbox will be full of valid soultions w/o the need for further explaination (I can hope can't I....)
0
slightwv (䄆 Netminder)
Asked:
slightwv (䄆 Netminder)
  • 6
  • 3
1 Solution
 
earth man2Commented:
If you have linux/unix you should be able to define iptables chain rule to restrict access to listener port.
0
 
slightwv (䄆 Netminder) Author Commented:
Damn.... forgot to mention:  Windows only (trust me...at times I really really miss UNIX!!!)
0
 
earth man2Commented:
Setting TNS_ADMIN environment variable to point to a different sqlnet.ora should work
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
slightwv (䄆 Netminder) Author Commented:
Can you explain this in a little more detail?

The DB connection comes from WEBSVR1 using ODP.Net.  How will creating a different sqlnet.ora file on the DB server work?
0
 
slightwv (䄆 Netminder) Author Commented:
ping

earth to earthman.....
0
 
earth man2Commented:
Rather than windows listener service running lsnrctl make it run a script that sets TNS_ADMIN environment variable before it calls lsnrctl start
0
 
slightwv (䄆 Netminder) Author Commented:
That sounds just crazy enough to work.....

It might take me a couple of days to try it out.
0
 
slightwv (䄆 Netminder) Author Commented:
I appreciate you comments.  As is most things in the life of an IT person:  Other fires have popped up and I have not had time to mess with this and probably won't for a while.

Therefore, I'm deciding to award you the points even without a confirmed kill.  May you use them wisley.  See ya around.
0
 
slightwv (䄆 Netminder) Author Commented:
You know....  sometimes I type like I have an IQ of 40.......  (it's actually 50):

change:
 I appreciate you comments.
to:
 I appreciate your comments.

0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now