| Subject | Re: Whitepaper on firewall-configuration? |
|---|---|
| Author | mikcaau |
| Post date | 2005-07-28T04:44:35Z |
--- In firebird-support@yahoogroups.com, "pa3erp" <john@j...> wrote:
Its not overly difficult.
Server
For Db connection you need port forwarding from gateway to DbServer:3050
To send from server you need to forward DbServer:3050 to your outside
port on your gateway.
If your external port is 3050 then
Gateway:3050 -> DbServer:3050
DbServer:3050 -> Gateway:3050
That covers your data.
Events are easier. The only problem is that by default the event port
is chosen randomly.
To fix that
first open firebird.conf and find the section
# ----------------------------
# TCP Protocol Settings
#
<<snip>>
#
# The TCP Port Number to be used for server Event Notification
# messages. The value of 0 (Zero) means that the server will choose
# a port number randomly.
#
# Type: integer
#
#RemoteAuxPort = 0
The message tells it all.
Set
RemoteAuxPort = a fairly high unprivileged port like
RemoteAuxPort = 32000
Events only go out from servers
and only go in to clients
Set up your firewall rules to suit
DbServer:RemoteAuxPort -> Gateway:RemoteAuxPort
Clients need to be able to send and receive data through 3050 (assume
that this is your data port)
Clients need to receive only through RemoteAuxPort
Client firewall needs to accept incoming traffic through port
RemoteAuxPort
You will need to restart your firebird server so it knows your new
port settings.
After you get this going you could investigate Zebedee so that your
data (which includes events) has some protection. I understand that it
can compress as well.
mick
> Hi group,John,
>
> Does anyone know of a whitepaper that describes the necessary settings
> for a firewall when both client and FB-server are behind firewalls,
> connection is over the internet and events are used?
>
> tia!
>
> John
Its not overly difficult.
Server
For Db connection you need port forwarding from gateway to DbServer:3050
To send from server you need to forward DbServer:3050 to your outside
port on your gateway.
If your external port is 3050 then
Gateway:3050 -> DbServer:3050
DbServer:3050 -> Gateway:3050
That covers your data.
Events are easier. The only problem is that by default the event port
is chosen randomly.
To fix that
first open firebird.conf and find the section
# ----------------------------
# TCP Protocol Settings
#
<<snip>>
#
# The TCP Port Number to be used for server Event Notification
# messages. The value of 0 (Zero) means that the server will choose
# a port number randomly.
#
# Type: integer
#
#RemoteAuxPort = 0
The message tells it all.
Set
RemoteAuxPort = a fairly high unprivileged port like
RemoteAuxPort = 32000
Events only go out from servers
and only go in to clients
Set up your firewall rules to suit
DbServer:RemoteAuxPort -> Gateway:RemoteAuxPort
Clients need to be able to send and receive data through 3050 (assume
that this is your data port)
Clients need to receive only through RemoteAuxPort
Client firewall needs to accept incoming traffic through port
RemoteAuxPort
You will need to restart your firebird server so it knows your new
port settings.
After you get this going you could investigate Zebedee so that your
data (which includes events) has some protection. I understand that it
can compress as well.
mick