Replication - One machine in a DMZ

  • I'm trying to figure out the most secure way to do this. 

    I've got a SQL Server on the private network (Publisher), a SQL server onsite in a DMZ (Distributor) and a SQL Server (subscriber) off-site that will be connecting to the Distributor VPN to VPN.

    I've tried disabled RPC in my Remote Server mappings, but then nothing can talk.  Is there any way to setup replication without using RPC, and using only TCP/IP traffic over the SQL service port? 

  • Jon

    look at the following MSDN article

    http://support.microsoft.com/default.aspx?scid=kb;en-us;164667

    which I have used to set up replication through the firewall to the DMZ

     

    Regards

     

    Andoi

  • Its still not working for me.  I've configured the SQL server per the KB article provided, and they still won't "talk". 

    Once I configure Server1 to listen on a specified port (and restart the service), I can still connect locally to the service on port 1433, even though I added the registry key to listen on port 1500, and I cannot connect to the service on port 1500.  I assume its because I have shared memory protocol enabled, but if I disable it, I can't connect to the service at all.

    Also, I can do a netstat -a and it will show about a dozen or so connections on ports over 3000 (I assume sockets dedicated for RPC services).

    Once I add that registry key for the specified port, shouldn't I be able to establish a raw TCP conection to the service (telnet 127.0.0.1 1500) ?

  • Got it working, required 10 ports opened from the DMZ -> Publisher on the private network.  Not a big deal.

    154596 HOWTO: Configure <st1laceName>RPC</st1laceName> <st1laceName>Dynamic</st1laceName> <st1laceType>Port</st1laceType> Allocation to Work with Firewall

    http://support.microsoft.com/?id=154596

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply