Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

new firewall causing issues 1

Status
Not open for further replies.
dswitzer

dswitzer

Technical User
Aug 2, 2002
298
US
Hey folks - I'm in over my head and could use a hand.

I set up a hardware firewall/router (SonicWall TZ170) that sits behind my cable modem. Attached to the firewall are several PC's (LAN) as well as a webserver (open to the www) and a SQLServer (2000). The webserver gets it's data from the standalone SQL server machine. Everything worked well on the LAN -- but when I added the firewall... I can still hit the webserver from the LAN as well as the but any page needing SQL data gives me this error:

Error Type:
Microsoft OLE DB Provider for SQL Server (0x80004005)
[DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied.
/includes/connectOpen.asp, line 12


My connectionstring(connectOpen) (which used to work fine) is:
Dim objConn
Set objConn=server.CreateObject("adodb.connection")
objConn.ConnectionString="Provider=SQLOLEDB; " & _
"User ID=xid; " & _
"Password=xpassword; " & _
"Initial Catalog=xcatalog; " & _
"Data Source=xservername\xsqlName;"
objConn.Open

I can still hit the SQL Server with query Analyzer and Enterprise manager, I can still see the server on the network. Why would this change?

Please let me know if I can provide additional info or if you have any ideas.

Thanks.
 
Sort by date Sort by votes
Are SQL Server & the WebServer on two different "sides" of the firewall? If so, the answer is that you don't have the proper port open for the communications to go through.

SQL Server's default port is 1433. I don't recommend using it because everyone knows that port # and sends attacks through it (like Slammer). You can change the port SQL Server uses in the Server properties, then just make sure the appropriate port is open in the firewall between the WebServer & SQL Server. If you have a network admin, get him/her to check up behind you to make sure all your security is tight after you're done fixing the port issue.



Catadmin - MCDBA, MCSA
"No, no. Yes. No, I tried that. Yes, both ways. No, I don't know. No again. Are there any more questions?"
-- Xena, "Been There, Done That"
 
Upvote 0 Downvote
Both webserver and SQL server are inside the firewall.

As for my issue - reboot of everything solved the issue. But now I am a bit worried - did I set this thing up correctly? No sysadmin - just me and the school of hard knocks....

I need a site that can be hit externally, then returns data from sql server using ASP. What is the recommended configuration -- any links or suggestions appreciated..in the meantime -- nobody hack my site!!!

The firewall (mid-range SonicWall) sniffs packets for viruses/malware/etc...is that enough? I know the answer already. Better question, what more can I do in general terms?

Thanks
 
Upvote 0 Downvote
What you should do is get to a computer outside your site and see if the website populates properly. It's one thing to see it working from inside the firewall, but quite another for it to work for an outside connection.

dswitzer said:
in the meantime -- nobody hack my site!!!
Click to expand...

Then don't put anything interesting up there. @=)

Seriously, though, HUH??? That comment confused me.

Security is an issue that is too large for any forum to properly and completely cover. We can recommend information for SQL Server security but it's hard to go through a complete list of other security options when we don't know all the settings you currently have on your setup. And that was NOT a request for information. You definitely should keep that information quiet.

If you have good relations with some contractors that know security, you might want to buy them lunch and ask them what other things they would do to make sure your network is locked down tight. A sniffer put on the network to see how traffic runs when the website is accessed would be a good idea.

Other than that, the usual is changing the server port, making sure your passwords are complicated, making sure your app connects through a login with the least amount of privledges needed, make sure only one or two people have SysAdmin rights on the server, don't give the passwords or permissions out to anyone who does not play a mission critical role in the day-to-day server activities.

Upgrade to SQL Server 2005 to make Injection Attacks more difficult or, if you can't upgrade, make sure the users can't enter text / T-SQL on the website. Make the users pick from drop-down boxes, etc. Lastly, verify all your application errors have catch all unexpected errors with a generic error message. I can't tell you the # of times I've gone to a web-site, clicked on something, gotten an error and it gave me the exact nature of the error, the T-SQL going along with the error and the Server's actual name & domain. Now that's a hacker's dream come true.

Anyway, I hope this helps.


Catadmin - MCDBA, MCSA
"No, no. Yes. No, I tried that. Yes, both ways. No, I don't know. No again. Are there any more questions?"
-- Xena, "Been There, Done That"
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tekpr00
  • Locked
  • Question
Hello I am new to a new organizatio
Replies
1
Views
94
johnherman
johnherman
intel233
  • Locked
  • Question
Backup/Restore DB from SQL issues
Replies
2
Views
113
intel233
intel233
grnzbra
  • Locked
  • Question
Installing new Provider 1
Replies
2
Views
96
grnzbra
grnzbra
dgillz
  • Locked
  • Question
SQL 2016 installation issues
Replies
1
Views
83
yelworcm
yelworcm
Cpreston
  • Locked
  • Question
New to BIDS and need advice on an existing project
Replies
2
Views
89
Cpreston
Cpreston

Part and Inventory Search

Sponsor

Back
Top