well the network guys claim that there is no blocking set up in the iptables. i enabled sqlnet tracing and found the following entry: [31-AUG-2005 10:38:00:399] nserror: nsres: id=7, op=72, ns=12586, ns2=0; nt[0]=0, nt[1]=0, nt[2]=0; ora[0]=0, ora[1]=0, ora[2]=0 when i run the trace file through trcassist i get the following: Error found. Error Stack follows: id:7 Operation code:72 NS Error 1:12586 NS Error 2:0 NT Generic Error:0 Protocol Error:0 OS Error:0 NS & NT Errors Translation TNS-04315: Trace Assistant Internal error: Can't find resource for bundle oracle.net.trcasst.mesg.TnsError, key 12586 ...metalink and google aren't turning much up. any ideas? On 8/30/05, Mario Cariggi <gelfand.transform@xxxxxxxxx> wrote: > Hi Paul, note below > > On 8/30/05, Paul Drake <bdbafh@xxxxxxxxx> wrote: > > Chris, > > > > That sounds like a classis case of attempting to obtain a dedicated server > > session through a listener where NAT or a firewall is involved. The incoming > > request to the listener is translated inbounds, but the redirected client > > never finds its port in the storm. One can tnsping and get a reply, but not > > create a session. > > > > Might you have setup iptables whereby all incoming connection attempts are > > blocked except for those explicitly allowed? That is a laudable objective, > > but you'll need to open the high TCP ports (>1024) for dedicated server > > connections. You can restrict the range of ports used in the kernel > > settings, if desired. > > sorry if I miss something but it seems > to me that Linux uses shared socket, > so there is no need to open the high > TCP ports but 1521: it ain't so? > > Mario from Rome. > -- //www.freelists.org/webpage/oracle-l