Post reply

SQL Server 6.5 - Database connectivity issue via DMZ (Internet) Web Server

  • November 16, 2005 at 5:32 am

    #166217

    SQL Server - Database connectivity issue

    Q - We need to seek technical advice on feasibility of connecting to SQL Server 6.5 from the web server in DMZ zone with the existing configuration and setup (Windows NT security mode and named pipes).

    - We have an application running on the an web server (2003, 64 bit) attempting to connect to our client's database server. The application uses ODBC drivers to connect to the database.

    - Our database server (SQL Server 6.5) is running in "Windows NT" security mode and listening through named pipes.

    - With both the web and database servers running on the same domain internally, our application successfully connects to the database via named pipes.

    - When the web server is moved into the DMZ zone, connections to the same database server via named pipes failed. (works via TCP/IP settings)

  • November 16, 2005 at 10:41 am

    #604244

    You need to open ports on the DMZ firewall. Not sure what they are for 6.5, but your firewall people should be able to log attempts from the db server and open those ports with a route for those specific machines.

    ]

  • November 16, 2005 at 12:13 pm

    #604263

    Hi

    Thanks but i think, required ports are open. As connectivity works when protocol is TCP/IP. It has problem when it is named pipes.

    Are port to be open different for these two ?

    Best Regards

    Trupti Varma

  • November 16, 2005 at 4:45 pm

    #604322

    I don't know if named pipes uses different ports, but an easy way to determine this would be to have someone watch your firewall as connection attempts are made.  This would ensure right away that all of the correct ports are open.

    John Rowan

    ======================================================
    ======================================================
    Forum Etiquette: How to post data/code on a forum to get the best help[/url] - by Jeff Moden

  • November 17, 2005 at 7:55 am

    #604423

    Hello,

     

    I believe that Named Pipes would require that the following ports be open on the firewall:

     

     UDP port 137 (name services)

     UDP port 138 (datagram services)

    TCP port 139 (session services)

     

    These are the "legacy" NetBios ports.  It is also possible that the following, by itself, might work, depending on the Windows O/Ss involved:

    TCP port 445 (Direct Host TCP)

     

    This information is extracted from a TCP/IP document from Microsoft.  http://www.microsoft.com/windows2000/techinfo/howitworks/communications/networkbasics/tcpip_implement.asp

     

    If my suggestion(s) don't work, you may need to use a protocol analyzer to figure out what's going on.  I've never actually tried the methods I'm suggesting because I use the standard TCP port, as opposed to using Named Pipes.

     

    hth jg

     

  • November 17, 2005 at 11:58 am

    #604501

    Here is something a bit more comprehensive:

    1433 TCP

    1434 UDP

    3389 TDP --> used for support - RDP

    445 TCP

    445 UDP

    135 TCP

    135 UDP

    137 UDP

    138 UDP

    139 TCP

    This information was garnered using ethereal on a project through a firewall with a default access rule of 'deny all'. We had SQL v7.0 and SQL2K on Win 2K.

     

    RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply