Firewalling Oracle Net8 with Windows NT
Why port filter Net8?
Whilst it is generally a bad idea to allow Oracle Net8 traffic through a firewall, there are legitimate reasons to do so. Such as enabling Oracle replication over the Internet, where a more sophisticated VPN solution is too expensive or slow. Similarly where firewalls are deployed internally to protect an Oracle server from inappropriate traffic.
The Problem
With Oracle on NT administrators may be surprised to learn that it is using ports not listed in their Oracle listener configuration files. This is because there was a bug in Windows NT 4 before service pack 2 that prevented Oracle sharing the sockets as it does in UNIX implementations of Net8. After Microsoft released service pack 2, Oracle continues with the workaround behaviour to ensure backward compliance.
The Solution
Oracle introduced a registry setting Use_Shared_Socket to give the correct behaviour with Oracle 8.
We suggest you contact Oracle for their whitepaper on the topic, if you need details of the registry setting.
This article was written by Simon Waters when he worked for Eighth Layer Limited.