| Subject | Re: [firebird-support] Re: Whitepaper on firewall-configuration? |
|---|---|
| Author | John vd Waeter |
| Post date | 2005-07-28T06:12:21Z |
> John,Yeah, right... :-)
> Its not overly difficult.
> ServerYes... portmappings from WAN to a single server on the LAN is no
> For Db connection you need port forwarding from gateway to DbServer:3050
> To send from server you need to forward DbServer:3050 to your outside
> port on your gateway.
> If your external port is 3050 then
> Gateway:3050 -> DbServer:3050
> DbServer:3050 -> Gateway:3050
>
> That covers your data.
> Events are easier. The only problem is that by default the event port
> is chosen randomly.
> To fix that
>
> first open firebird.conf and find the section
> # ----------------------------
> # TCP Protocol Settings
> #
> <<snip>>
> #
> # The TCP Port Number to be used for server Event Notification
> # messages. The value of 0 (Zero) means that the server will choose
> # a port number randomly.
> #
> # Type: integer
> #
> #RemoteAuxPort = 0
>
> The message tells it all.
> Set
> RemoteAuxPort = a fairly high unprivileged port like
> RemoteAuxPort = 32000
>
> Events only go out from servers
> and only go in to clients
>
> Set up your firewall rules to suit
>
> DbServer:RemoteAuxPort -> Gateway:RemoteAuxPort
>
>
> Clients need to be able to send and receive data through 3050 (assume
> that this is your data port)
> Clients need to receive only through RemoteAuxPort
>
> Client firewall needs to accept incoming traffic through port
> RemoteAuxPort
problem, but you cannot map a WAN-port to a single client on the LAN if
there are more than 1 clients on that LAN that need
event-notification.... how would the firewall know to which client the
eventnotification should be sent to? Am I right?
I think that is the main reason that FB/IB originally chooses a random
port, so that every connected client has its own event-notification-port
and that a firewall between the WAN and the clients LAN knows to which
client an event-notification should be forwarded....
> After you get this going you could investigate Zebedee so that yourJust downloaded it. I'll give it a try...
> data (which includes events) has some protection. I understand that it
> can compress as well.
Thanks.
John