Open port?

Click here to monitor SSC

<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>

SQLServerCentral is supported by Red Gate Software Ltd.

Log in :: Register :: Not logged in

<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>

Recent Posts

Popular Topics

Home

Home » SQL Server 2008 » Security (SS2K8) » Open port?

Add to briefcase

17 posts, Page 1 of 2

1 2 »»

Open port?

Expand / Collapse

Author

Message

Posted Monday, August 06, 2012 7:47 PM

SSCommitted

Group: General Forum Members
Last Login: Yesterday @ 10:00 AM
Points: 1,605, Visits: 2,783

Almost all our SQL servers are behind firewall. We have in house developed applications using these SQL servers.

but I heard today from one of our developers he said one SQL server is setup exposed to outside, since the web application is accessed externally by parents of students. I don't quite understand what that means, now we need to set up a new SQL server like that.

what I need to do?

the developer told me in his application connection string, it can access the old server, but not the new server.
do I need to open the port 1433 in order for the application string to connect. ?

But I know we have another SQL server used for web applications used for parents, I didn't open the port.

What is the difference?

In exact what occasion we need to open the port to outside firewall?

Thanks

Post #1340967

Posted Tuesday, August 07, 2012 3:28 AM

SSCertifiable

Group: General Forum Members
Last Login: Friday, April 12, 2013 3:51 AM
Points: 5,075, Visits: 4,831

Existing server on a VLAN which is not behind the firewall?

Yes you will need to open the port SQL runs on and if its a dynamic port, set it to a static port and open the bowser port as well so it can direct the traffic as needed.

Want an answer fast? Try here
How to post data/code for the best help - Jeff Moden
Need a string splitter, try this - Jeff Moden
How to post performance problems - Gail Shaw
CrossTabs-Part1 & Part2 - Jeff Moden
SQL Server Backup, Integrity Check, and Index and Statistics Maintenance - Ola Hallengren
Managing Transaction Logs - Gail Shaw
Troubleshooting SQL Server: A Guide for the Accidental DBA - Jonathan Kehayias and Ted Krueger

Post #1341096

Posted Tuesday, August 07, 2012 4:49 AM

SSChampion

Group: General Forum Members
Last Login: Yesterday @ 8:39 PM
Points: 11,638, Visits: 27,713

that sql server should not be exposed to the internet, but simply accessible to the webserver; only the web server would have an outward facing ip.

Lowell

--There is no spoon, and there's no default ORDER BY in sql server either.
Actually, Common Sense is so rare, it should be considered a Superpower. --my son

Post #1341146

Posted Tuesday, August 07, 2012 9:52 AM

SSCommitted

Group: General Forum Members
Last Login: Yesterday @ 10:00 AM
Points: 1,605, Visits: 2,783

The SQL server is behind the firewall.

The developer said the web server is outside of the firewall. ( I doubt this is right or not)

Should the web server be outside firewall if want external people like parents access it?

If web server is outside firewall, sql server is inside firewall, do we need to do something like open port 1433 through firewall?

I am a little confused about the security.

Thanks

Post #1341369

Posted Tuesday, August 07, 2012 10:52 AM

SSChampion

Group: General Forum Members
Last Login: Yesterday @ 8:39 PM
Points: 11,638, Visits: 27,713

hard to give any good advice, so many details will have to be found out;
the web server is probably in it's own DMZ, on a differnet subnet than the normal LAN; we had a setup like that where we added a VPN from the web server to access a different SQL server than the one that exists inside the DMZ; you could look into doing something similar.

Lowell

--There is no spoon, and there's no default ORDER BY in sql server either.
Actually, Common Sense is so rare, it should be considered a Superpower. --my son

Post #1341414

Posted Tuesday, August 07, 2012 1:34 PM

SSCertifiable

Group: General Forum Members
Last Login: Yesterday @ 11:46 PM
Points: 5,202, Visits: 11,156

sqlfriends (8/7/2012)

The SQL server is behind the firewall.

The developer said the web server is outside of the firewall. ( I doubt this is right or not)

Should the web server be outside firewall if want external people like parents access it?

If web server is outside firewall, sql server is inside firewall, do we need to do something like open port 1433 through firewall?

I am a little confused about the security.

Thanks

You can put both the webserver and the sql server on the internal network, with this configuration you would need to employ a reverse proxy. This can be quite secure and provide good performance when set up correctly.

Putting the webserver outside the internal LAN in your DMZ is a typical configuration and would require TCP ports to be opened. If you're smart you'll change the sql server instance port to something non standard and use the IP\port in the webserver connection string. This will negate the need to open the SQL Server browser ports.

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs" Wink

Wink

Post #1341509

Posted Tuesday, August 07, 2012 1:52 PM

SSCommitted

Group: General Forum Members
Last Login: Yesterday @ 10:00 AM
Points: 1,605, Visits: 2,783

[quoteYou can put both the webserver and the sql server on the internal network, with this configuration you would need to employ a reverse proxy. This can be quite secure and provide good performance when set up correctly.

Putting the webserver outside the internal LAN in your DMZ is a typical configuration and would require TCP ports to be opened. If you're smart you'll change the sql server instance port to something non standard and use the IP\port in the webserver connection string. This will negate the need to open the SQL Server browser ports.[/quote]

This explains clearly, thanks.
We have a SQL server 2000 in windwos erer 2003 configured like that, how can I check in it, what port is configured and to see if it is opened through firewall?

Post #1341521

Posted Tuesday, August 07, 2012 1:57 PM

SSCertifiable

Group: General Forum Members
Last Login: Yesterday @ 11:46 PM
Points: 5,202, Visits: 11,156

you're using SQL Server 2000?

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs" Wink

Wink

Post #1341526

Posted Tuesday, August 07, 2012 2:00 PM

SSCommitted

Group: General Forum Members
Last Login: Yesterday @ 10:00 AM
Points: 1,605, Visits: 2,783

We are using SQL server 2008 and R2.

But we have only one 2000 server has some applications developed using Java.
And we want to migrate database to 2008 server.

I would like to setup a server with port opening configured like the old one.
so would like to know how to check that in old server

Post #1341529

Posted Tuesday, August 07, 2012 2:07 PM

SSCertifiable

Group: General Forum Members
Last Login: Yesterday @ 11:46 PM
Points: 5,202, Visits: 11,156

For SQL Server 2000 you need to use the client network utility to check the port number. You could also use the netstat command to identify which port the SQL instance is listening on

netstat -an

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs" Wink

Wink

Post #1341533

« Prev Topic | Next Topic »

Add to briefcase

17 posts, Page 1 of 2

1 2 »»

Permissions

Expand / Collapse