Subject RE: Re: [firebird-support] Events and Firewall again
Author Gary Benner
[Reply] HI all, At 13:32 on 14/08/2005 David Johnson, wrote >I recommend against opening up your firewall. Exposing a databsae to >the internet world is kinda ... not the smartest idea. With many clients I have the FB server in a DMZ, and the client machines in a LAN segment. The Internet is connected via a third lan segment. The issue of how to handle events through a Firewall is then still a valid issue. For Firebird v1.5 there is a parameter RemoteAuxPort which when set to 0 retains the default Interbase behaviour of choosing a random Port Number (not desired in this case) for passing event notification messages. When set to a non zero number this is the port number used, allowing you to use a standard Firewall rule to 'allow' the port forwarding from one lan segment to the other on this Port Number. As the event will have been registered, in the case mentioned above, from an IP address in the "LAN" segment, the Firewall must be configured to allo
w the server in the "DMZ" segment to address this IP numbers back in the "LAN Segment". This requires purely a forwarding configuration, not NAT, as there is no "Network Address" (or port number) to be "Translated". Note the firewall must also have a similar configuration for the LAN segment to address the FB server in the DMZ on port 3050. HTH Gary > >HTTP tunneling is a common resolution, since most firewalls are >configured to pass HTTP packets. It tends to be less than transparent, >and represents a possible security hole, depending on the degree of >encryption used. > >VPN preserves transparency and security, at the expense of a little >performance. Ref#: 41006

[Non-text portions of this message have been removed]