Skip to Main Content
Forums

SQL Developer

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

PL/SQL Debugger and Firewall

74641May 16 2007 — edited May 25 2007
I work for a large, national, corporation with database servers all over the country. I've been working with my firewall system administrator to get the PL/SQL debugger working between my (client) machine and a database (server). The server is behind a firewall. The SA punched 1521 through the firewall for my database connection. Now I connect fine. But, then I found that the PL/SQL debugger wouldn't work. I tried setting the 'debugging port range' to 4000 and had the SA punch a second port out for me (4000). But, that didn't work either.

I got these error messages (with the ip removed...)

<<<
Executing PL/SQL: ALTER SESSION SET PLSQL_DEBUG=TRUE
Executing PL/SQL: ALTER SESSION SET PLSQL_COMPILER_FLAGS=INTERPRETED
Executing PL/SQL: CALL DBMS_DEBUG_JDWP.CONNECT_TCP( 'xx.xx.x.xxx', '4000' )
ORA-30683: failure establishing connection to debugger
ORA-12535: TNS:operation timed out
ORA-06512: at "SYS.DBMS_DEBUG_JDWP", line 68
ORA-06512: at line 1
Process exited.
>>>

Little by little, I came to understand that the debugger works on a call-back in which the database server itself establishes the second connection - this time from itself (client) to my computer (server) using a second session. Because of this, I can't simply reduce the ports used for the second (db to my machine) connection. The database is responsible for what port it chooses to connect to me on. That is, although it's connecting to port 4000 on my computer, it's going out of it's computer on whatever port it chooses - and it's not 4000.

By trial and error, the SA was able to setup a firewall rule in which he allows the database to make use of ANY port to talk to my computer. Obviously, leaving a hole in the firewall you could drive a truck through between the server and my computer is far from ideal from a security standpoint.

:However, we suspect that Oracle doesn't use just any random port for this purpose. What he'd like to do is limit the hole in the firewall to the range of ports that Oracle is using to establish the second connection. Can you give me that range of ports so that at least we don't have to leave the firewall wide open for me to debug?

Thanks!
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jun 22 2007
Added on May 16 2007
#sql-developer
6 comments
2,642 views