monline

Up til now I believed that all Oracle database connections are firewall-crippled by the well known SQLNET setup: client connects to server's 1521 TCP port (the TNS Listener), the server starts a DB process to handle the connection and tells the client to disconnect from TNS Listener and connect to a newly opened, random port. Ie. you've to open all ports on the server for traffic coming from the client. However today I've monitored with Wireshark a connection being estabilished through an SSH tunnel from an Oracle client (running PL/SQL Developer) to a 9iR2 database server and only a single connection was used the whole time!

I'd have guessed that SQLNET wouldn't work over an SSH tunnel, but it did. After this I've set up firewall rules to allow connection only to the 1521 TCP port and the client still connected and worked as usually. What is going on? Any ideas? The Wireshark traffic capture revealed that the client opens a connection to the server's 1521 TCP port, closes the connection, then opens a new connection to the same port. Usually I'd expect the second connection to go to a "random" port on the server. Strange.