10. SQLNet Proxy

sqlnet-proxy is the proxy daemon for the proprietary Oracle SQL*Net Protocol. The proxy can handle features, such as session redirection, or database user checking.

Figure 5.36. SQL*Net Proxy

SQL*Net Proxy

The proxy is configured in the sql section. In the sample configuration depicted in Figure 5.36, “SQL*Net Proxy” chroot-dir defines directory into which it should be chrooted. The proxy listens transparently for requests at Kernun UTM's internal address at port 1521. As usually, the proxy must be referenced by at least one ACL in system section.

The sqlnet-proxy uses two-phase ACLs. The first phase, session-acl, is checked once for each client connection. It permits or denies client access and sets some connection parameters. The second phase, service-acl, is checked once for each CN (connect) or RD (redirect) message and it can be used e.g. to change the target server according to the SERVICE name.

The complete resulting configuration can be found in /usr/local/kernun/conf/samples/cml/sqlnet-proxy.cml. Since the protocol is proprietary, clients often violate it and it is necessary to avoid some checks using configuration directives, such as connect-string-charset. See sqlnet-proxy(8) and sqlnet-proxy(5) to learn more about sqlnet-proxy.