Way back (at least two weeks ago :-)) I posted on this list about
MS SQL and firewalls and I have gotten quite a number of email about
it (mostly q:s) so I thought that I would post a summary here.
Anywhay, I did some intense research and this is the conclusion.
They installed WinNT server (Swedish) first without TCP/IP than
they installed MS SQL server and then they installed TCP/IP.
No service packs (I installed sp4 Swedish version)
One interesting aspect is the Swedish Windows NT server, I have
seen problems with english applications on the Swedish version.
Might be the same with MS SQL server, na seems kinda doubful but
you never know. Trying that next.
Their IRX has a default gateway as the "internet" router. The IRX
sends everything to the default gateway!, even stuff thats going to
hosts on the same subnet as the adapter.
The problem was with the "internet" router, a Cisco 2501. Their
Internet provider had set up an filter that was supposed to stop
IP spoofing. The problem was that they didn´t apply the filter to
the outside adapter, the filter was eihther on the inside adapter or
on the whole router, can´t tell because I don´t have the complete
configuration, just some excerpts from it.
Since the IRX pushed everything to the default gateway (the
"internet" router) the router´s filter stopped what it thought was
an IP spoofing attempt.
So, The q:s are:
Is the IRX misconfigured or is that "normal" behaviour?
If I only have excerpts from the configuration, how do I check if
it is the inside or outside adapter that the filter is applied to?
Assuming that you can apply inside/outside on the "internet" router.
And still, what kind of traffic goes on between the MS SQL servers?
Back to the RnD lab...
Information Highway Center AB
voice: +46 (0)8 445 18 00
fax: +46 (0)8 445 18 01