OpenBSD Journal

Oracle proxy for OpenBSD?

Contributed by Dengue on from the Unbreakable-------right! dept.

lipanbsd writes :
"I have a firewall running obsd 3.0 with pf and nat. On the inside I have a oracle 9i database. I need to access the database from outside world. VPN is not an option. Is there any oracle proxy ( such in NT, NT sucks anyway) available? Thanks. "

(Comments are closed)


Comments
  1. By Andrew Pinski () on mailto:pinskia(at)nospam.physics.uc.edu

    There is no need for a proxy, just use ssh and port forwarding, it works for me (port 1520).
    Are you could forward the port at the firewall level.

    Comments
    1. By Michael Schrader-Boelsche () msb@tanum.de on mailto:msb@tanum.de

      And, where's the diffence between a VPN and SSH port forwarding? I both cases you do not have any
      control over content (and possibly commands) you are allowing to pass over your firewall.

      You always want to have a proxy which understands the used protocols and can apply ACLs or at least log all activities.

    2. By click46 () click46 at webpimps dot net on mailto:click46 at webpimps dot net

      VPN is a general term - Virtual Private Network. A connection between two computers is still a network ;)

  2. By Anonymous Coward () on

    Open up access to oracle from the outside world? You're nuts!

    Comments
  3. By Ben Goren () ben@trumpetpower.com on http://www.trumpetpower.com/

    More specifically, why do you need to access the database from the outside? Who will be doing the accessing, and do you care if the worng somebody talks to Oracle? Is it okay if the data gets sniffed? How well do you need to protect the data on the computer that's running Oracle, and how sensitive are the other machines on the inside network?

    From what little information you've supplied, I'd suggest either putting the Oracle computer outside the firewall altogether or adding another NIC to the firewall and just putting the Oracle computer on that segment. But there's no way to know if this would be acceptable without more information. It may well be that you really do need a VPN, SSH or SSL proxy, or something similar. Why isn't that an option? If it's really not an option but you really do need it...well, sorry, you're screwed.

    Good luck,

    b&

  4. By Anonymous Coward () on

    Jose,

    Can you please stop posting these kinds of "Ask Deadly how to fix my network" questions?

    That's what the mailing lists are for.

    Comments
    1. By Anonymous Coward () on

      Or post it if the question is thought provoking and comes with enough information. I want to proxy Oracle, how do I do it? Seems insufficient. First, why is a VPN not possible? Why do you want access to an Oracle box, what are you trying to achieve ?

      Otherwise, use SSH port forwarding seems sufficient. Unless you are just trying to punch a hole in a firewall between your DMZ and an internal Oracle database. In which case, pf would work quite nicely on the internal to DMZ bastion (read firewall) host.

  5. By Cep () on

    See this:

    http://gennick.com/lock_the_door.html

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]