firewall ports to access ms sql server

paulo · August 25, 2007, 12:46pm

Hi,

What ports should be open at the iworx firewall to access a mssql server ?

I’ve tried to open ports 1433 and 1434 on iworx, but it still block connection, if i turn the firewall off, i get a successful access to the mssql server… so, it should be missing some port(s) to open (?)…

[SIZE=2] I also tried adding ports 1024-65535 (tcp/udp outgoing) to open (as [/SIZE][SIZE=2]http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q269882 )… but with no luck

Can you please help configuring the firewall ?
[/SIZE][SIZE=2]
Thank you in advance[/SIZE]

Paulo

system · August 26, 2007, 6:32am

Hi

If I remenber well the default listen port for MS SQL is 1433, so you’ll have to open this port for ingoing access and open all port for outgoing. (egress set to 0 in the config file)

What version of apf do you use ?

Do you really see in the apf log it blocks incoming requests on port 1433

Pascal

paulo · August 26, 2007, 2:47pm

Hi,

The APF version is 0.9.5 …

the egress section is configured by default (iworx 3.0.2) and it looks like:

Egress filtering [0 = Disabled / 1 = Enabled]

EGF=“0”

Common egress (outbound) TCP ports

EG_TCP_CPORTS=“22,25,80,443,2080,2443,3306,1433,1434”

Common egress (outbound) UDP ports

EG_UDP_CPORTS=“20,21,53,123,1433,1434”
Something i should do here to permit all ports open foi outgoing? or can i limit the ports 1024 thru [SIZE=2]65535 ?

Thank you in advance

Paulo

[/SIZE]

system · August 26, 2007, 3:09pm

If egf=0 it means the firewall won’t filter the outgoing datas so you don’t have to open these ports for outgoing

What is the port list for IG_TCP_CPORTS ? do you have the 1433 port in this list ?

Did you perform a “service apf restart” ?

What is the ms sql config file ? did you set a special listening port
Pascal

paulo · August 26, 2007, 3:58pm

Yes…

Common ingress (inbound) TCP ports

IG_TCP_CPORTS=“21,22,25,80,110,143,443,993,995,2080,2443,3306,1433,1434”
I also did a stop / start (using iworx gui)

and nothing at the /var/log/apf_log …

system · August 26, 2007, 4:00pm

so it is strange

Do you have some apf logs that tell it blocks port 1433 ?

Any logs in mssql ?

Pascal

paulo · August 26, 2007, 4:38pm

Do you have some apf logs that tell it blocks port 1433 ?

No …

Any logs in mssql ?
No …

It’s really strange… because, if i turn apf off, i can make the connection (telnet xxx.xxx.xxx.xxx 1433)… if turn it on with the settings descrived … no connection is made (it does not reach the mssql server).

I took a lot of reading over google searches and no result came to my mind :-S