SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Firewall changes prevent ODBC SQL access


Firewall changes prevent ODBC SQL access

Author
Message
Cropsy
Cropsy
Grasshopper
Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)

Group: General Forum Members
Points: 14 Visits: 5
I'm wondering if anyone has come across this before. To achieve PCI-DSS compliance, we have been forced to segment our network behind a firewall.

Previously, our SQL server was on the same IP range as our clients (10.0.0.0/24), but has now been moved to a different IP range (192.168.4.0/24). The firewall, as far as I can tell, has been properly configured. All clients on the 10.0.0.0/24 range can ping the SQL server by name or by IP address.

However, when I try and configure clients to connect to the SQL Server by ODBC, I get the same error:

Connection failed.
SQL State: '01000' SQL
Server Error: 10061 [Microsoft][ODBC SQL Server Driver][TCP/IP Sockets] ConnectionOpen (Connect())
Connection failed:
SQLState: '08001'
SQL Server Error: 17
[Microsoft][ODBC SQL Server Driver][TCP/IP Sockets] SQL Server does not exist or access denied.



I've ensured I'm using the correct username and password, and also played about with the client configuration settings (trying named pipes, tcp/ip etc. The port I'm attempting to use is 1433, which has been opened on the firewall).

We're using SQL Server 2000, fully patched, running on Windows 2003 Enterprise Server. The clients are all Windows XP SP2.
Can anyone help?
jgrubb
jgrubb
SSC-Addicted
SSC-Addicted (402 reputation)SSC-Addicted (402 reputation)SSC-Addicted (402 reputation)SSC-Addicted (402 reputation)SSC-Addicted (402 reputation)SSC-Addicted (402 reputation)SSC-Addicted (402 reputation)SSC-Addicted (402 reputation)

Group: General Forum Members
Points: 402 Visits: 567
Check the SQL server and be sure you are running on the default port.
Steve Jones
Steve Jones
SSC Guru
SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)

Group: Administrators
Points: 63450 Visits: 19115
Is this a named instance? If so, you connect to the browser service on 1433 and it lets you know which port the named instance is on. You need to set a specific port for the firewall (and have it opened) if you have named instances.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
sgmunson
sgmunson
SSCertifiable
SSCertifiable (7.1K reputation)SSCertifiable (7.1K reputation)SSCertifiable (7.1K reputation)SSCertifiable (7.1K reputation)SSCertifiable (7.1K reputation)SSCertifiable (7.1K reputation)SSCertifiable (7.1K reputation)SSCertifiable (7.1K reputation)

Group: General Forum Members
Points: 7084 Visits: 4376
I'm not sure if it's necessary, but you may need to create a "DNS Name" for the server. That way, it's only created in one place, instead of having to modify the HOSTS file on every single client. Talk to your domain admin and/or network person about it. I don't know exactly how that's done, but it would be an administrative task on your DNS server.

Steve
(aka smunson)
SmileSmileSmile

Steve
‌(aka sgmunson)
Smile Smile Smile
Health & Nutrition
Cropsy
Cropsy
Grasshopper
Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)Grasshopper (14 reputation)

Group: General Forum Members
Points: 14 Visits: 5
Thanks for your replies, chaps. Problem is solved... it was something as simple as a DENY_ALL rule on our firewall preventing traffic between the two segments of the network. The ALLOW rule we'd added to allow the communication was beneath this and therefore being ignored.

I spanked our network admin Wink
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search