Oracle returns redicrect when there is NAT between client and server
384459Feb 9 2003 — edited May 23 2003I have Oracle 8i on Linux sitting behind a firewall/NAT. I have two Apache webservers that run both Tomcat and WebLogic webapps, also behind the NAT. One of them is on the same machine as the Oracle server. Those all connect just fine. I recently had to load a JBoss/Tomcat webapp (no Apache) outside the NAT which needs to talk to the Oracle server. It's using a JDBC driver, I believe calling on this class: oracle.jdbc.driver.OracleDriver. The configured URL is "jdbc:oracle:thin:@localhost:1521:qlink". Using ethereal (A GUI frontend to the packet sniffer tcpdump, which understands the TNS protocol) showed me that this is the connection request being made: "(DESCRIPTION=(CONNECT_DATA=(SID=qlink)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=oracle)))
(ADDRESS_LIST=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521))))". I notice it uses SID, where it seems everything else I've analyzed with Ethereal is using SERVICE_NAME. I was first trying to pipe the data through an SSH tunnel. This technique works with all of Oracle's tools that I have tried it with, and with TOAD. I can connect to this Oracle server with the DBA Studio and sqlplus, over an ssh tunnel. But as soon as this JBoss/Tomcat webapp tries, Oracle returns a REDIRECT message. There are two things that strike me as odd: The REDIRECT message returns the hostname of the Oracle server and a nonstandard port; and the JBoss/Tomcat webapp doesn't seem to do anything about it. I has assumed the TNSLSNR forwarded data between 1521 and the appropirate port for requested databse. The port is the same every time, so I made sure that the hostname/port returned was reachable from the client side. But like I said, the client seemed to just ignore it and hang. Getting desparate, I then tried to open up the Oracle ports on the NAT, and use ipchains to restrict what IPs could connect to it, that yielded the same results. I've seen this webapp work with Oracle running on the same machine, both configured identically. (Running Oracle behind the NAT and using SSH tunnels gives the same configuration for JBoss/Tomcat as if I was running Oracle on the same machine)