Sunday, December 16, 2007

On Oracle XDB repository, FTP, WebDAV and firewall issues

After recovering the situation as described in my previous posting, i was finally ready to access my Oracle XE XDB repository via FTP or at least, that was what i thought...

Enabling XDB access via FTP protocol is just a matter of setting a valid port value in the ftp-port parameter inside xdbconfig.xml (theoretically). Typically this value will not be 21, the standard FTP port, because that would conflict with the main FTP server, if any, so the suggested value in many examples is 2100. That is the value i used. If you carefully read the Oracle documentation there is a note about setting XDB FTP on port 21.

I was ready to test my connection and i wanted to try it out with the built-in FTP client of Windows but at first i failed to understand how to specify the port number, so, after a couple of unsuccessful attempts, i gave up with ftp.exe and i went straight to Filezilla.

But even with Filezilla, i hit soon a major problem because it wasn't able to list the root folder after connecting to XDB. Here is the error message that you can receive in such situation:
Transfer channel can't be opened.
Reason: A connection attempt failed because the connected party did not properly
respond after a period of time, or established connection failed
because connected host has failed to respond.

Then a bell rang in my head and i changed the configuration from "Default" to Active Mode.
Using FTP in active mode is mentioned in the documentation, as i found out after a while.
Whether you can get FTP to work in passive mode or not is hard to say. The documentation says that it depends on the presence of either localhost or as HOSTNAME in listener.ora, however i tried using passive mode on a server having listener.ora pointing to an address other than and it didn't work.

After setting active mode, Filezilla started working eventually, however i find that the default 60 seconds session timeout is far too short and the "keep alive" method of Filezilla is giving some troubles, so i disabled it.

Once i got filezilla to work, i went back to ftp.exe. I just couldn't believe that i could not specify a port. Indeed there is a way, but not from the command line (as far as i know), from the command prompt execute ftp.exe, then from the ftp prompt, enter:
open host port
in my case this is:
open localhost 2100
It may take a while for the connection to be established, but then it should work.

So far so good, but what about FTP access from another computer?
Well, it all depends on the firewall(s) in between and/or the firewall rules. When there are no active firewalls between client and server, then you just need to repeat the set up already explained, the only difference being the XDB server IP address.

However, if there are active firewalls, then it may be tricky to configure the firewall rules for the FTP protocol in active mode, because you don't know exactly on which port XDB is going to
talk back to your client. The communication will occur on some port above 1023, but i am not aware of any parameter in xdbconfig.xml where one can force this random port to be chosen in a given range, thus the only option is to open up the whole range between 1024 and 65535.

I made a test on my Mac and after disabling the firewall, i could connect to XDB without problems. Unfortunately disabling the firewall altogether doesn't seem the best idea these days.

Given this situation, the best option is probably to set up a tunnelled FTP connection through SSH. May be this will be the subject of a future posting...

At this point i can draw some conclusions:
  • the best option, provided it works flawlessly, is to set up a WebDAV connection to XDB. WebDAV worked out-of-the-box in my case, (save the problem i had when i saved the xdbconfig.xml file on my Mac...) and makes no distinction between local or remote access from a configuration point of view. It's also "firewall friendly" because it uses the same port as Oracle Apex, which means that if Apex is working from a remote machine, then WebDAV access to XDB should be working as well (see the note about HTTP(S) when working on Windows XP SP2).
  • Ftp works well when client and server reside on the same machine but it can be troublesome when the client is located on a remote machine and there are firewalls in between.


Marco Gralike said...

The FTP bit can be set like shown im y post here:

The MTS bit (called shared server nowadays) can be tunneled through a firewall if dispatcher setting have been set like explained here:

or here

This is old stuff but will probably still work.



Byte64 said...

Hi Marco,
thanks for linking the detailed procedure for setting each parameter, i was totally focused on the client configuration aspects.


Anonymous said...

I created a workspace in Oracle 10g on my laptop giving DBA privileges inorder to enter a trigger. Now I am prompted for a Username and Password by the following "The server at XDB requires a username and password." I have tried the system as a password without success. Can you help?

Byte64 said...

I am not clear with the relationship between the workspace, the trigger and XDB.

Can you explain exactly what you are doing?

Are you trying to access an Apex workspace or are you trying to browse the XDB using Webdav?

yes you can!

Two great ways to help us out with a minimal effort. Click on the Google Plus +1 button above or...
We appreciate your support!

latest articles