Francisco Tapia
my.lists at verizon.net
Wed Jun 18 10:24:33 CDT 2003
In general yes Arthur, you are opening up your server to attack mostly because 1433 is such a common port. Instead with most firewalls what you can do is NAT the IP address and the port effectivly removing all recognition that it could be a SQL Server. If FreeBSD supports this (and I see no reason it shouldn't) see if you can re-route some abstract port other than 1433 to port 1433 for your server. -Francisco http://rcm.netfirms.com/ On Wednesday, June 18, 2003 7:31 AM [GMT -8], Arthur Fuller <artful at rogers.com> wrote: : I should begin by saying that I know little about networking, etc. : : I have two connections to remote databases, both at colleges for whom : I do occasional work. In both cases the network/DBA guys gave me an : IP address, a UID and a PSWD. I opened ODBC and created a connection : using the supplied specs, and it works like a charm. If I didn't know : better, I'd think I was actually on their local LANs. : : I need to do this for another client, who doesn't have a network : specialist on staff. One specialist did set everything up in the : first place. FreeBSD firewall, Terminal Services box for remote : access, database server for SQL 2000, etc. I want to explore the : possibility of directly connecting to the db server, as I can do with : the other two clients. I know next to nothing about freeBSD (but I do : know some linux). : : Can anyone describe what needs to be done to the firewall to allow : access to the db server? We are not using integrated security, so : assuming that an attempt to connect gets piped to the db server, the : user will still have to log in, to get access to the SQL db. : : Is there anything more to it than poking a 1433 hole in the firewall : and directing said traffic to the db server? : : I have been pretty dictatorial about the passwords (no recognizable : words, use numbers and #$%-type chars in your pswd, no pswds with : fewer than 10 chars, etc.). Will poking a 1433 hole in the firewall : expose said db server to serious risk? : : Arthur : : _______________________________________________ : dba-SQLServer mailing list : dba-SQLServer at databaseadvisors.com : http://databaseadvisors.com/mailman/listinfo/dba-sqlserver : http://www.databaseadvisors.com