263 lines
11 KiB
HTML
263 lines
11 KiB
HTML
<!--startcut ======================================================= -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<html>
|
|
<head>
|
|
<META NAME="generator" CONTENT="lgazmail v1.4F.k">
|
|
<TITLE>The Answer Gang 74: (no subject)</TITLE>
|
|
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
|
|
LINK="#3366FF" VLINK="#A000A0">
|
|
<!--endcut ========================================================= -->
|
|
<P> <hr>
|
|
<!--startcut ======================================================= -->
|
|
<CENTER>
|
|
<!-- *** BEGIN navbar *** -->
|
|
<!-- *** END navbar *** -->
|
|
</CENTER>
|
|
</p>
|
|
<!--endcut ========================================================= -->
|
|
<!--startcut ======================================================= -->
|
|
<P> <hr>
|
|
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<p align="center">
|
|
<table width="100%" border="0"><tr>
|
|
<td align="right" valign="center"
|
|
><IMG ALT="" SRC="../../gx/navbar/left.jpg"
|
|
WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="middle" border="0"
|
|
><A HREF="..//"
|
|
><IMG SRC="../../gx/navbar/toc.jpg" align="middle"
|
|
ALT="[ Table Of Contents ]" border="0"></A
|
|
><A HREF="../lg_answer74.html"
|
|
><IMG SRC="../../gx/dennis/answertoc.jpg" align="middle"
|
|
ALT="[ Answer Guy Current Index ]" border="0"></A></td>
|
|
<td align="center" valign="center"><A HREF="../lg_answer74.html#greeting"><img align="middle"
|
|
src="../../gx/dennis/smily.gif" alt="greetings" border="0"></A>
|
|
<A HREF="../tag/bios.html">Meet the Gang</A>
|
|
<A HREF="1.html">1</A>
|
|
<A HREF="2.html">2</A>
|
|
<A HREF="3.html">3</A>
|
|
<A HREF="4.html">4</A>
|
|
<A HREF="5.html">5</A>
|
|
<A HREF="6.html">6</A>
|
|
<A HREF="7.html">7</A>
|
|
<A HREF="8.html">8</A>
|
|
<A HREF="9.html">9</A>
|
|
</td>
|
|
<td align="left" valign="center"><A HREF="../../tag/kb.html"
|
|
><IMG SRC="../../gx/dennis/answerpast.jpg" align="middle"
|
|
ALT="[ Index of Past Answers ]" border="0"></A
|
|
><IMG ALT="" SRC="../../gx/navbar/right.jpg" align="middle"
|
|
WIDTH="14" HEIGHT="45" BORDER="0"></td></tr></table>
|
|
</p>
|
|
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<!--endcut ========================================================= -->
|
|
<P> <hr> <P>
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<center>
|
|
<H1><A NAME="answer">
|
|
<img src="../../gx/dennis/qbubble.gif" alt="(?)"
|
|
border="0" align="middle">
|
|
<font color="#B03060">The Answer Gang</font>
|
|
<img src="../../gx/dennis/bbubble.gif" alt="(!)"
|
|
border="0" align="middle">
|
|
</A></H1>
|
|
<BR>
|
|
<H4>By Jim Dennis, Ben Okopnik, Dan Wilder, Breen, Chris, and the Gang,
|
|
the Editors of Linux Gazette...
|
|
and You!
|
|
<br>Send questions (or interesting answers) to
|
|
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a>
|
|
</H4>
|
|
<p><em><font color="#990000">There is no guarantee</font></em>
|
|
that your questions here will <b>ever</b> be answered.
|
|
<em><font color="#990000">Readers at confidential sites</font></em>
|
|
must provide permission to publish. However,
|
|
<em><font color="#990000">you can be published anonymously</font></em>
|
|
- just let us know!
|
|
</p>
|
|
<p>TAG <a href="../tag/bios.html">Member bios</a>
|
|
| <a href="../../tag/members-faq.html">FAQ</a>
|
|
| <a href="../../tag/kb.html">Knowledge base</a></p>
|
|
</center>
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<p><hr><p>
|
|
<!-- begin 5 -->
|
|
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
|
|
height="50" width="60" alt="(?) " border="0"
|
|
>SQL on the internet</H3>
|
|
|
|
|
|
<p><strong>From Fabiano Bonin
|
|
</strong></p>
|
|
|
|
<p align="right"><strong>Answered By Jim Dennis
|
|
</strong></p>
|
|
<P><STRONG>
|
|
I have a Linux box connected to internet, and a NT box in my intranet.
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
My NT box is running SQL server (port 1433) and i want that people outside
|
|
can access this port through the Linux port.
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
Example:
|
|
- In the SQL Server client, i put the address of my Linux box (real IP) and
|
|
the connection is forwarded to my local NT box.
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
Is there some way?
|
|
</STRONG></P>
|
|
<blockQuote>
|
|
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
First, please realize that this is a reckless way to expose your
|
|
database server. If you accomplish this, you will be wholly dependent
|
|
on the SQL server's own robustness for the integrity of your data.
|
|
</blockQuote>
|
|
<blockQuote>
|
|
At first it sounds like you want a port forwarder. With IP Masquerading
|
|
it's possible for you to "hide" your NT box on an RFC1918 reserved
|
|
IP address (such as any from the 192.168.0.0/16 block of class C nets)
|
|
behind a Linux box (which, naturally has both an internal address <EM>and</EM>
|
|
some sort of DRIP -- directly routable IP). You'd then configure any of
|
|
several port forwarding utilities to simply forward packets that arrive
|
|
on the DRIP TCP port 1433 to the internal NT port 1433.
|
|
</blockQuote>
|
|
<blockQuote>
|
|
Normally, the portforwarder would only change the destination IP address.
|
|
The source (return) address would remain unmodified. Thus the NT box
|
|
would attempt to route response packets as normal. The Linux box,
|
|
NATurally would be configured as the default router for the NT box so
|
|
it's return packets would then be routed appropriately after they arrive
|
|
at the Linux system.
|
|
</blockQuote>
|
|
<blockQuote>
|
|
NATurally, the Linux box must be configured to <em>do</em> routing, usually
|
|
with a command like:
|
|
</blockQuote>
|
|
<blockQuote><BLOCKQuote><code>
|
|
'echo 1 > /proc/sys/net/ipv4/ip_forward'
|
|
</code></BLOCKQuote></blockQuote>
|
|
<blockQuote>
|
|
... though many distributions may hide the ugly details by offering
|
|
some friendlier interface.
|
|
</blockQuote>
|
|
<blockQuote>
|
|
This all sounds easy enough. However you have also said that
|
|
you want to configure the MS SQL Server to simply accept addresses
|
|
that appear to be from the Linux gateway. In the example I gave,
|
|
the Linux gateway is transparent (more like a router). So the SQLServer
|
|
connections "appear" to come from some public address on the Internet.
|
|
Arguably this is what most people would prefer, since they can then
|
|
configure the SQLServer to selectively allow or deny access to specific
|
|
blocks of public IP addresses. (Also, it's easier that way).
|
|
</blockQuote>
|
|
<blockQuote>
|
|
You could write a proxy. This sort of proxy could be written in
|
|
PERL, Python, C, Java or just about any language that offers lower-level
|
|
access than awk and the shell. It would accept connections on the
|
|
DRIP/interface TCP port 1433, initiate new connections on the internal
|
|
IP address, and relay the application level data from one to the other
|
|
and vice versa. It could be blocking (only one connection at a time)
|
|
or non-blocking (handling multiple concurrent connections). If it was
|
|
written to be called via inetd, and non-blocking, then one child/proxy
|
|
process would be started for each connection (and the code would be
|
|
much simpler, though the latency and overhead would be higher). If
|
|
it was written to run "standalone" it could use any of several models
|
|
of threading and/or forking (process spawning) to handle concurrent
|
|
connections, lower latency and (possibly) lower it's memory footprint.
|
|
</blockQuote>
|
|
<blockQuote>
|
|
The disadvantage of writing a proxy is that you might have to know a bit
|
|
about the application's protocol. In particular it might be that the
|
|
MS SQL Server networking protocol uses additional "ephemeral" or
|
|
"negotiated" TCP ports. In other words, there might be traffic on
|
|
ports other than the TCP 1433 port. I don't know the details.
|
|
</blockQuote>
|
|
<blockQuote>
|
|
It's possible that a simple "plug-gw" proxy might work (plug-gw was
|
|
part of the TIS, Trusted Information Systems, FWTK, firewall toolkit).
|
|
TIS was eventually absorbed by McAfee Associates (later Network Assoc.
|
|
Inc). Although the sources are freely available *for non-commercial
|
|
and internal use*, TIS FWTK is not "free software" (no derivative
|
|
works, limitations on re-distribution, consultants are not allowed
|
|
to install it for customers, etc).
|
|
</blockQuote>
|
|
<blockQuote>
|
|
However, there are tools <EM>like</EM> plug-gw. The most notable is
|
|
probably the Juniper FWTK from Obtuse Systems (<A HREF="http://www.obtuse.com"
|
|
>http://www.obtuse.com</A> ).
|
|
That is currently distributed under a BSDish license.
|
|
</blockQuote>
|
|
<blockQuote>
|
|
I don't know much about the MS SQL Server or the net/wire protocol
|
|
that it uses. However, there is a free (GPL) package by David Muse
|
|
called SQLRelay (<A HREF="http://www.firstworks.com/sqlrelay.html"
|
|
>http://www.firstworks.com/sqlrelay.html</A> ) which
|
|
incoporates quite a bit of knowlege about it and various other
|
|
SQL servers. SQL relay is probably overkill for what you want,
|
|
but it might give you the information you need, and a small subset
|
|
of its features might do the trick for you.
|
|
</blockQuote>
|
|
|
|
<!-- end 5 -->
|
|
<P> <hr> </p>
|
|
<!-- *** BEGIN copyright *** -->
|
|
<H5 align="center">This page edited and maintained by the Editors
|
|
of <I>Linux Gazette</I>
|
|
<a href="http://www.linuxgazette.com/copying.html"
|
|
>Copyright ©</a> 2002
|
|
<BR>Published in issue 74 of <I>Linux Gazette</I> January 2002</H5>
|
|
<H6 ALIGN="center">HTML script maintained by
|
|
<A HREF="mailto:star@starshine.org">Heather Stern</a> of
|
|
Starshine Technical Services,
|
|
<A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
|
|
</H6>
|
|
<!-- *** END copyright *** -->
|
|
<!--startcut ======================================================= -->
|
|
<P> <hr>
|
|
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<p align="center">
|
|
<table width="100%" border="0"><tr>
|
|
<td align="right" valign="center"
|
|
><IMG ALT="" SRC="../../gx/navbar/left.jpg"
|
|
WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="middle" border="0"
|
|
><A HREF="..//"
|
|
><IMG SRC="../../gx/navbar/toc.jpg" align="middle"
|
|
ALT="[ Table Of Contents ]" border="0"></A
|
|
><A HREF="../lg_answer74.html"
|
|
><IMG SRC="../../gx/dennis/answertoc.jpg" align="middle"
|
|
ALT="[ Answer Guy Current Index ]" border="0"></A></td>
|
|
<td align="center" valign="center"><A HREF="../lg_answer74.html#greeting"><img align="middle"
|
|
src="../../gx/dennis/smily.gif" alt="greetings" border="0"></A>
|
|
<A HREF="../tag/bios.html">Meet the Gang</A>
|
|
<A HREF="1.html">1</A>
|
|
<A HREF="2.html">2</A>
|
|
<A HREF="3.html">3</A>
|
|
<A HREF="4.html">4</A>
|
|
<A HREF="5.html">5</A>
|
|
<A HREF="6.html">6</A>
|
|
<A HREF="7.html">7</A>
|
|
<A HREF="8.html">8</A>
|
|
<A HREF="9.html">9</A>
|
|
</td>
|
|
<td align="left" valign="center"><A HREF="../../tag/kb.html"
|
|
><IMG SRC="../../gx/dennis/answerpast.jpg" align="middle"
|
|
ALT="[ Index of Past Answers ]" border="0"></A
|
|
><IMG ALT="" SRC="../../gx/navbar/right.jpg" align="middle"
|
|
WIDTH="14" HEIGHT="45" BORDER="0"></td></tr></table>
|
|
</p>
|
|
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<!--endcut ========================================================= -->
|
|
<P> <hr>
|
|
<!--startcut ======================================================= -->
|
|
<CENTER>
|
|
<!-- *** BEGIN navbar *** -->
|
|
<!-- *** END navbar *** -->
|
|
</CENTER>
|
|
</p>
|
|
<!--endcut ========================================================= -->
|
|
<!--startcut ======================================================= -->
|
|
</BODY></HTML>
|
|
<!--endcut ========================================================= -->
|