Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

Open port? Expand / Collapse
Author
Message
Posted Monday, August 6, 2012 7:47 PM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Yesterday @ 9:42 AM
Points: 1,749, Visits: 3,155
Almost all our SQL servers are behind firewall. We have in house developed applications using these SQL servers.

but I heard today from one of our developers he said one SQL server is setup exposed to outside, since the web application is accessed externally by parents of students. I don't quite understand what that means, now we need to set up a new SQL server like that.

what I need to do?

the developer told me in his application connection string, it can access the old server, but not the new server.
do I need to open the port 1433 in order for the application string to connect. ?

But I know we have another SQL server used for web applications used for parents, I didn't open the port.

What is the difference?

In exact what occasion we need to open the port to outside firewall?


Thanks
Post #1340967
Posted Tuesday, August 7, 2012 3:28 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 5:51 AM
Points: 5,142, Visits: 4,937
Existing server on a VLAN which is not behind the firewall?

Yes you will need to open the port SQL runs on and if its a dynamic port, set it to a static port and open the bowser port as well so it can direct the traffic as needed.




Want an answer fast? Try here
How to post data/code for the best help - Jeff Moden
Need a string splitter, try this - Jeff Moden
How to post performance problems - Gail Shaw
CrossTabs-Part1 & Part2 - Jeff Moden
SQL Server Backup, Integrity Check, and Index and Statistics Maintenance - Ola Hallengren
Managing Transaction Logs - Gail Shaw
Troubleshooting SQL Server: A Guide for the Accidental DBA - Jonathan Kehayias and Ted Krueger

Post #1341096
Posted Tuesday, August 7, 2012 4:49 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Today @ 8:24 AM
Points: 12,887, Visits: 31,835
that sql server should not be exposed to the internet, but simply accessible to the webserver; only the web server would have an outward facing ip.


Lowell

--There is no spoon, and there's no default ORDER BY in sql server either.
Actually, Common Sense is so rare, it should be considered a Superpower. --my son
Post #1341146
Posted Tuesday, August 7, 2012 9:52 AM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Yesterday @ 9:42 AM
Points: 1,749, Visits: 3,155
The SQL server is behind the firewall.

The developer said the web server is outside of the firewall. ( I doubt this is right or not)

Should the web server be outside firewall if want external people like parents access it?

If web server is outside firewall, sql server is inside firewall, do we need to do something like open port 1433 through firewall?

I am a little confused about the security.

Thanks
Post #1341369
Posted Tuesday, August 7, 2012 10:52 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Today @ 8:24 AM
Points: 12,887, Visits: 31,835
hard to give any good advice, so many details will have to be found out;
the web server is probably in it's own DMZ, on a differnet subnet than the normal LAN; we had a setup like that where we added a VPN from the web server to access a different SQL server than the one that exists inside the DMZ; you could look into doing something similar.


Lowell

--There is no spoon, and there's no default ORDER BY in sql server either.
Actually, Common Sense is so rare, it should be considered a Superpower. --my son
Post #1341414
Posted Tuesday, August 7, 2012 1:34 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 10:15 AM
Points: 6,182, Visits: 13,329
sqlfriends (8/7/2012)
The SQL server is behind the firewall.

The developer said the web server is outside of the firewall. ( I doubt this is right or not)

Should the web server be outside firewall if want external people like parents access it?

If web server is outside firewall, sql server is inside firewall, do we need to do something like open port 1433 through firewall?

I am a little confused about the security.

Thanks

You can put both the webserver and the sql server on the internal network, with this configuration you would need to employ a reverse proxy. This can be quite secure and provide good performance when set up correctly.

Putting the webserver outside the internal LAN in your DMZ is a typical configuration and would require TCP ports to be opened. If you're smart you'll change the sql server instance port to something non standard and use the IP\port in the webserver connection string. This will negate the need to open the SQL Server browser ports.


-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs"
Post #1341509
Posted Tuesday, August 7, 2012 1:52 PM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Yesterday @ 9:42 AM
Points: 1,749, Visits: 3,155
[quoteYou can put both the webserver and the sql server on the internal network, with this configuration you would need to employ a reverse proxy. This can be quite secure and provide good performance when set up correctly.

Putting the webserver outside the internal LAN in your DMZ is a typical configuration and would require TCP ports to be opened. If you're smart you'll change the sql server instance port to something non standard and use the IP\port in the webserver connection string. This will negate the need to open the SQL Server browser ports.[/quote]

This explains clearly, thanks.
We have a SQL server 2000 in windwos erer 2003 configured like that, how can I check in it, what port is configured and to see if it is opened through firewall?
Post #1341521
Posted Tuesday, August 7, 2012 1:57 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 10:15 AM
Points: 6,182, Visits: 13,329
you're using SQL Server 2000?

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs"
Post #1341526
Posted Tuesday, August 7, 2012 2:00 PM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Yesterday @ 9:42 AM
Points: 1,749, Visits: 3,155
We are using SQL server 2008 and R2.

But we have only one 2000 server has some applications developed using Java.
And we want to migrate database to 2008 server.

I would like to setup a server with port opening configured like the old one.
so would like to know how to check that in old server
Post #1341529
Posted Tuesday, August 7, 2012 2:07 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 10:15 AM
Points: 6,182, Visits: 13,329
For SQL Server 2000 you need to use the client network utility to check the port number. You could also use the netstat command to identify which port the SQL instance is listening on

netstat -an



-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs"
Post #1341533
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse