10-20-2003 10:50 AM - edited 02-20-2020 11:03 PM
I have a quick question about configuring a PIX firewall and jdbc. I have two distinct networks running behind a PIX firewall. My webserver, jsp's, and JDBC driver are on one machine (on network 'A') and I have my SQL Server database running on another machine on network 'B'. Now in order to allow my webserver access to the database I have to add a couple lines to the firewall. One is the 'fixup' line and the other is the 'conduit'. My question is on the fixup line. Do I do a fixup for http or for sqlnet or both. For instance, do I do this...
fixup protocol http 1433
or
fixup protocol sqlnet 1433
I am just trying to figure out what I am doing before I break something;-)
10-20-2003 10:55 AM
HI,
You need fixup protocol sqlnet 1433. as well as conduit or access-list
Thanks
Nadeem
10-20-2003 10:59 AM
So sqlnet isn't just an Oracle thing? For some reason I was thinking that I was just supposed to use SQLnet when using Oracle databases. Then again I'm just a software guy what do I know;-) Thank you.
10-20-2003 11:06 AM
Hi,
It is for SQLnet protocol either from Oracle or from Micrsoft.
Thanks
Nadeem
10-20-2003 11:52 AM
OK I added the below lines to the PIX config...
fixup protocol sqlnet 1433
conduit permit tcp host 10.0.5.45 eq 1433 host 192.168.100.113
-------------------------------------------
10.0.5.45 is my database server
192.168.100.113 is my webserver
I tested my connection to see if the two computers were able to see each other by telneting from the webserver....
telnet 10.0.5.45 1433
This just hangs and says "trying 10.0.5.45..."
Am I missing something? If I could telnet from one box to another at least I would know that the boxes could see each other. Any ideas?
10-20-2003 11:56 AM
Hi,
DO you have static for 10.0.5.45?
I am not sure if you could test this by just telnet to port1433. Can you try to see if by bypassing firewall, you can get some prompt? Try also to get syslogs from the firewall
Thanks
Nadeem
10-20-2003 12:12 PM
Yes, I set the static IP to 10.0.5.45. I also double checked the SQL Server listening port to see if it is on port 1433. It is.
I can telnet successfully from my laptop to the database server. The DB server is in the Windows default domain WORKGROUP.
Where are the syslogs to the firewall kept?
10-20-2003 01:39 PM
Hi,
Could you share the configs? YOu can change the IP addresses and remove the password lines.
Syslogs can be stored on buffer, syslog server, can be dumped on the console or telnet/terminal sessions.
Thanks
Nadeem
10-20-2003 07:45 PM
Nadeem's correct need the configs.
10-21-2003 04:19 AM
I prefer not to post the FW configs in an open forum. I can send via email though...
10-21-2003 10:46 AM
Hi,
change the ip addresses and take out passwords, that is all you have to do.
Thanks
Nadeem
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide