SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Open port?


Open port?

Author
Message
sqlfriends
sqlfriends
SSChampion
SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)

Group: General Forum Members
Points: 10730 Visits: 4207
Almost all our SQL servers are behind firewall. We have in house developed applications using these SQL servers.

but I heard today from one of our developers he said one SQL server is setup exposed to outside, since the web application is accessed externally by parents of students. I don't quite understand what that means, now we need to set up a new SQL server like that.

what I need to do?

the developer told me in his application connection string, it can access the old server, but not the new server.
do I need to open the port 1433 in order for the application string to connect. ?

But I know we have another SQL server used for web applications used for parents, I didn't open the port.

What is the difference?

In exact what occasion we need to open the port to outside firewall?


Thanks
anthony.green
anthony.green
One Orange Chip
One Orange Chip (25K reputation)One Orange Chip (25K reputation)One Orange Chip (25K reputation)One Orange Chip (25K reputation)One Orange Chip (25K reputation)One Orange Chip (25K reputation)One Orange Chip (25K reputation)One Orange Chip (25K reputation)

Group: General Forum Members
Points: 25100 Visits: 6519
Existing server on a VLAN which is not behind the firewall?

Yes you will need to open the port SQL runs on and if its a dynamic port, set it to a static port and open the bowser port as well so it can direct the traffic as needed.



Want an answer fast? Try here
How to post data/code for the best help - Jeff Moden
When a question, really isn't a question - Jeff Smith
Need a string splitter, try this - Jeff Moden
How to post performance problems - Gail Shaw
CrossTabs-Part1 & Part2 - Jeff Moden
SQL Server Backup, Integrity Check, and Index and Statistics Maintenance - Ola Hallengren
Managing Transaction Logs - Gail Shaw
Troubleshooting SQL Server: A Guide for the Accidental DBA - Jonathan Kehayias and Ted Krueger


Lowell
Lowell
SSC Guru
SSC Guru (73K reputation)SSC Guru (73K reputation)SSC Guru (73K reputation)SSC Guru (73K reputation)SSC Guru (73K reputation)SSC Guru (73K reputation)SSC Guru (73K reputation)SSC Guru (73K reputation)

Group: General Forum Members
Points: 73793 Visits: 40974
that sql server should not be exposed to the internet, but simply accessible to the webserver; only the web server would have an outward facing ip.

Lowell
--help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!
sqlfriends
sqlfriends
SSChampion
SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)

Group: General Forum Members
Points: 10730 Visits: 4207
The SQL server is behind the firewall.

The developer said the web server is outside of the firewall. ( I doubt this is right or not)

Should the web server be outside firewall if want external people like parents access it?

If web server is outside firewall, sql server is inside firewall, do we need to do something like open port 1433 through firewall?

I am a little confused about the security.

Thanks
Lowell
Lowell
SSC Guru
SSC Guru (73K reputation)SSC Guru (73K reputation)SSC Guru (73K reputation)SSC Guru (73K reputation)SSC Guru (73K reputation)SSC Guru (73K reputation)SSC Guru (73K reputation)SSC Guru (73K reputation)

Group: General Forum Members
Points: 73793 Visits: 40974
hard to give any good advice, so many details will have to be found out;
the web server is probably in it's own DMZ, on a differnet subnet than the normal LAN; we had a setup like that where we added a VPN from the web server to access a different SQL server than the one that exists inside the DMZ; you could look into doing something similar.

Lowell
--help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!
Perry Whittle
Perry Whittle
SSC Guru
SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)

Group: General Forum Members
Points: 55423 Visits: 17709
sqlfriends (8/7/2012)
The SQL server is behind the firewall.

The developer said the web server is outside of the firewall. ( I doubt this is right or not)

Should the web server be outside firewall if want external people like parents access it?

If web server is outside firewall, sql server is inside firewall, do we need to do something like open port 1433 through firewall?

I am a little confused about the security.

Thanks

You can put both the webserver and the sql server on the internal network, with this configuration you would need to employ a reverse proxy. This can be quite secure and provide good performance when set up correctly.

Putting the webserver outside the internal LAN in your DMZ is a typical configuration and would require TCP ports to be opened. If you're smart you'll change the sql server instance port to something non standard and use the IP\port in the webserver connection string. This will negate the need to open the SQL Server browser ports.

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs" ;-)
sqlfriends
sqlfriends
SSChampion
SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)

Group: General Forum Members
Points: 10730 Visits: 4207
[quoteYou can put both the webserver and the sql server on the internal network, with this configuration you would need to employ a reverse proxy. This can be quite secure and provide good performance when set up correctly.

Putting the webserver outside the internal LAN in your DMZ is a typical configuration and would require TCP ports to be opened. If you're smart you'll change the sql server instance port to something non standard and use the IP\port in the webserver connection string. This will negate the need to open the SQL Server browser ports.[/quote]

This explains clearly, thanks.
We have a SQL server 2000 in windwos erer 2003 configured like that, how can I check in it, what port is configured and to see if it is opened through firewall?
Perry Whittle
Perry Whittle
SSC Guru
SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)

Group: General Forum Members
Points: 55423 Visits: 17709
you're using SQL Server 2000?

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs" ;-)
sqlfriends
sqlfriends
SSChampion
SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)

Group: General Forum Members
Points: 10730 Visits: 4207
We are using SQL server 2008 and R2.

But we have only one 2000 server has some applications developed using Java.
And we want to migrate database to 2008 server.

I would like to setup a server with port opening configured like the old one.
so would like to know how to check that in old server
Perry Whittle
Perry Whittle
SSC Guru
SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)

Group: General Forum Members
Points: 55423 Visits: 17709
For SQL Server 2000 you need to use the client network utility to check the port number. You could also use the netstat command to identify which port the SQL instance is listening on


netstat -an



-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs" ;-)
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search