Connection through firewall does not work even if you unblock port 1521?
This is because the listner open the session another after connection:
You can set parameter USE_SHARED_SOCKET to true to enable use of shared sockets. If this parameter is set to true, the network listener passes the socket descriptor for client connections to the database thread. As a result, the client does not need to establish a new connection to the database thread and database connection time improves. Also, all database connections share the port number used by the network listener, which can be useful if you are setting up third-party proxy servers.
This parameter only works in dedicated server mode in a TCP/IP environment.
If this parameter is set, you cannot use the 9.0 listener to spawn Oracle7 release 7.x databases. To spawn a dedicated server for an Oracle database not associated
with the same Oracle home as the listener and have shared socket enabled, you must also set parameter USE_SHARED_SOCKET for both Oracle homes.