Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
afrika
Master Smack Fu Yak Hacker
2706 Posts |
 Posted - 2009-07-30 : 04:06:19
|
| Hello,am trying to connect to a remote db using the IP,port number in enterprise manager.However it says the port is blocked.Its a 2008 server and i added an exception which i named sql and choose UDP protocol and port 1533, enabled all computers in the scope but still cant connect. neither does the port number come up when i run netstat -an in command prompt.Error message is belowHow do i enable this port 1533EhiTITLE: Connect to ServerA network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.) (Microsoft SQL Server, Error: 10060)For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=10060&LinkId=20476 |
|
|
afrika
Master Smack Fu Yak Hacker
2706 Posts |
Posted - 2009-07-30 : 05:30:42
|
| I got this sorted. This article was helpfulhttp://www.webhostingtalk.com/archive/index.php/t-364172.htmlThis short tutorial will show you how to use tools already with Windows to better secure your SQL 2000 server.(( PROCEED CAREFULLY ON YOUR OWN RISK, I'M NOT RESPONSIBLE FOR ANYTHING AS RESULT OF FOLLOWING THESE INSTRUCTIONS ))Please note, it is generally recommended that you use Windows Authentication for SQL server, and not using the system account.This tutorial is based on Windows 2003 Server, but should work with Windows 2000 as well:1) Once you have successfully setup the SQL server and all is going good. You'll need now to prevent unauthorized outside access to the SQL login on port 1433. Unfortunately, if you change the port SQL runs on, you'll have to make changes to your DSNs and as well ColdFusion JDBC DSNs. So the best option if you do not have a firewall is to block unauthorized IP addresses from accessing these specific ports.2) First step, click on START -> PROGRAMS -> ADMINISTRATIVE TOOLS -> LOCAL SECURITY POLICY3) On the left side, click on IP security policy4) list of items show on the right side ( Client , Secure Server, Server)5) Click on 'ACTION' -> Create IP Security Policy6) Go through the wizard, describe it : 'SQL Policies'7) One page of the wizard will say 'Activate default response rule' make sure you UNCHECK that box8) Once done, it will show you a box named 'SQL Policies Properties' with DEFAULT unchecked9) Click on 'ADD' , and go through the wizard.- Check No for tunneling- Check All Network Connections- Go to next until you reach the screen 'IP Filter List'10) Click on 'ADD' in the IP FILTER LIST11) For name type: BLOCKED SQL PORT12) Click on 'ADD' again inside that box which will come up with the IP wizard13) Continue next, the screen will show 'Source Address':select ANY IP ADDRESS and hit next14) Destination address: 'MY IP ADDRESS' and hit next15) Select a protocol type: TCP , source port: ANY , destination port: 1433 (or whatever port you want to block)16) Hit on OK, and OK until you get back to the screen that has:'All ICMP Traffic' , 'All IP Traffic' , 'SQL FILTER LIST'17) Hit on NEXT , it will now ask you what you want to do with this ruleset. There is PERMIT and other options.If you have BLOCK in there, select it. If not, hit on ADD , name it BLOCK and go next , select BLOCK from the filter action menu and go next18) Put a dot next to block instead of PERMIT and hit on OK19) Hit OK, OK, OK.20) Activate that rule set, by right click on it and choose 'ASSIGN'NOTICE: If you are logged in remotely to Windows please be careful, as this may block you out if things were not setup correctly.21) This will block all remote access to your machine, while keeping any internal IPs and localhost able to connect22) The instructions are a bit hard to follow due to the many menus open, but once you try it couple of times, you'll get the hang of it. Proceed on your own risk and use common sense when doing the wizard.23) If you want to enable specific remote IPs to connect to SQL, need to follow the steps above but select PERMIT instead of block.This should stop SQL login attacks completely. You can also use this to block or permit any type of traffic from any IP , subnet, gatewayAdvanced readings into IP Security Policy and command line interface:http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B813878http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/ipsecpol-o.aspCourtesy of mediumcube.com |
 |
|
|
|
|
|
|
|
Enabling port 1533