If you enable connects through port 1521 on your firewall, you will see that after the REDIRECT packket has been sent to the client, the connectio will fail because the "random port" is not enabled in hte firewall. The REDIRECT port gets generated entirely at random. You cannot enable access through multiple ports in the firewall as you have no idea which ports will get allocated.
To workaround this problem there are several options:
1. Configure the firewall to limit IP addresses rather than port numbers. This is not a very secure option.
2. Use Connection Manager so the TNS CONNECT following the REDIRECT happens on the server side of the firewall.
3. If you are on Oracle 8 on Windows NT, you can use a WINSOCK V2 API feature called Shared Sockets. This allows a socket to be shared (or passed) between multiple processes. To use this functionality in a single Oracle Home environment, set USE_SHARED_SOCKET=TRUE in the HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE section of the registry. If you are using Multiple Oracle Homes, change to the desired Oracle8 Home and view the oracle key file in ORACLE_HOME/BIN to find which registry key to add USE_SHARED_SOCKET to.
Please Note that as WINSOCK V2 allows a socket to be shared between multiple processes, you cannot restart the listener without takeing the database down first.
也就是在注册表set USE_SHARED_SOCKET=TRUE (HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE)