• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 9417
  • Last Modified:

Open port 1433 with Linksys router

I am running a simple Medical Database program that uses MSDE/MSSQL server.  I am also using a Linksys VPN router at home and at my office.   So 2 subnets.    192.168.1.xxx and  192.168.2.xxx

How precisely do I open port 1433 in the Linksys router?  I have set "forwarding" port 1433 and TCP/IP to connect to the local IP machine address.   But the port stills seems to be blocked.  I disabled the Windows XP (sp2) firewall so it shoulod not be blocking in software and added port 1433 just in case.

What do I do now?

thanks
0
bodywise
Asked:
bodywise
  • 6
  • 5
  • 2
  • +2
1 Solution
 
lrmooreCommented:
Did you open TCP or UDP 1433? I think sql uses UDP.
Are you really sure you want to open that database up to the world? Does your database hold any ePHI that would be covered under HIPAA?
0
 
AutoSpongeCommented:
Change to a different port because slammer worm attacks SQL on 1433 and 1434.

"Data Source=ServerName, PortNumber"

And yes, it's UDP.
0
 
bodywiseAuthor Commented:
Thank you for your comments.  I am still confused how to open port  TCP/IP 1433 in the Linksys router whic is the port that SQL is looking for -- not UDP.   UDP 1434 is already open.  

What is the exact procedure I need to follow?  

It says that you simply add a forwarding address to local IP but then need to disable the DHCP.  That is a mess.

I am fully aware of the slammer issue, but the MSDE/MSSQL server requires that I open that port.  If I can easily reassign the port -- great.

to the comment: "Data Source=ServerName, PortNumber"
Where exactly is this entered or formatted?   I do not have enterprise manager because I am only using a limited version supplied with Windows XP not the full Windows 2003 server version.  

And to the issue of HIPAA, that most draconian of all government edicts, yes, this may be an issue, but first I just want to open open the port to the local internal subnet.  Then I want to be able to open to the VPN.   ePHI  is a new issue to me.  Right now my hardware-based firewall protection is exceptionally high.




 
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
AutoSpongeCommented:
Using the Client Network Utility.
Specifying the port number with the "Server" or "Data Source" name-value pair supplied to the connection string. Use a string with the following format: "Data Source=ServerName, PortNumber"

The client side will also need to be modified to the appropriate port, but that's still far more secure than staying on the default port.

As for turning off DHCP, you only have to turn off DHCP for that one server.  For the DHCP settings, you only have to enter the starting address, for example, make it .100.  Then give the server a static IP of .99.  This way, the server is always .99 and you can setup all the SQL port forwarding you need to.

Make sure you check the "enable" box or the rule isn't in effect for your port forwarding.
0
 
bodywiseAuthor Commented:
hmmm ..

Thanks ... but that caused all sorts of havoc.  My system has been down tyring to implement this.

1.  I have a peer to peer network in Windows XP.  That is my strength.  I do not have a "true," expensive Windows server system.  The MSDE is really only for one medical program.

2. I don't know where the Clinet Network Utility is.  I am not even certain I have asccess to this.

3. There is no possibility of just setting .100 and .99.  The full adress needs to be set.  The gateway starts at x.x.2.1.  Again, my system just crashed for the last few hours.

4. the LinkSys router just does not respond to the forwarding of port 1433.  I have actually been trying to do this for a year with no success.  That is why I seek help here with experts.    But, if you might inudlge me, don't assume too much from step tp step.

I am at a loss.  Luckily the progam works fine.  It just does not allow fro true networking from other client stations.

with regards





0
 
lrmooreCommented:
>the LinkSys router just does not respond to the forwarding of port 1433
It could be blocked at your ISP. This port is used by many worms and many cable ISP's block it.
0
 
AutoSpongeCommented:
Ok, I'm assuming that you log into your linksys router and get a bunch of tabs at the top (one of which should be DHCP).  If that's true, then it probably has a place for you to change the DHCP pool.  That's what I meant by starting the pool at 100 (only serving 100-255 thereby leaving <=99 available for statics--this was just an example).  So, once you tell your router that only certain IPs on your subnet will be given out, give your server a static address that's not going to get given out.  If it's a windows server, go to the connection icon and give it a static address on your subnet.

Here's the link to the CNU:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/architec/8_ar_aa_0qux.asp
If you're running SQL2k it's already in there.  If you're not an admin, then you probably can't touch it.  Save this for last though.

When you're setting up port forwarding on the linksys, I assume that you see the tab for port forwarding, you entered SQL where it asks for the application name, port 1433 in the port box, check the UDP check box, then check the enable check box.  If your screen is different, you will have to explain.
0
 
AutoSpongeCommented:
I just saw lrmoore's update.  This is again why you'd need to change the port settings in SQL.
0
 
bodywiseAuthor Commented:
AutoSponge,

Thanks again.  Still does not work.  But ... you have shown me a few valuable items.

I now better understand the difference between the static and DHCP enabled dynamic addresses.  I have been using these up to now for this reason, but I understand better your point of dividing those lower than the starting range as static and those above the stating range as dynamic.

The link you provided is nice, but I always find these Microsoft references to be too cyrptic.  Tells you too much, much of which is unintelligble and then fails to provide you with the software downloads or specfic references to where the named exe file is located.

As I have been saying, I do not have full Server2000 or Server 2003 or anything.  I only have a vendor provided start to enabling .net framework and then installs MSDE which is supposed to be a subset of MSSQL.  But not the real deal.  

So I still see no way of changing or reassigning the ports or "instances" (which I find a strange term) or other parameters.

Port 1433 TCP/IP remains blocked (as tested internally and with Gibson Research ShiledsUp), but I went back and now the medical prgoram works across my home network as advertised despite the internal block.   So I remain puzzled.

So as has been the case in the past, you provided me with clear answers, although they did not entirely solve my problem for reasons that continue to ellude me.

Thanks for your kind assistance.


0
 
AutoSpongeCommented:
No problem.  You probably need the full version of SQL to get the CNU package--I'm not familiar with the lite version your running.  If you find a way to change it on the client side, you may still be able to forward the traffic using UPnP (if you router has the option in port forwarding) to forward port XXXX as 1433 when it hits the LAN.  This may be what's needed to get around the ISP block if that's what's blocking you now.
0
 
bodywiseAuthor Commented:
Thanks again.  I've never used the UPnP option.   Interesting thought.   I don't think it's my ISP that is blocking the 1433 port, but another provocative thought.

0
 
11_dpnCommented:
Linksys routers have firewalls as well.  Perhaps if you disabled the router fw, it might be of some help
0
 
bodywiseAuthor Commented:
Thank you for the continued comments.   But given the worry about 1433 and 1434, why would I want to entirely disable the FW?   I wanted to be far more surgical about this.  I have deferred this problem as unsolvable at present.  I have tried all alternatives (actually for at least a year) and the ports remain closed.  

But for some reason the subnet is now allowing me to communicate with the Medical Program as desired.  Something changed in the somewhat proprietary setup that use MS net frame.  Again, I am not running a full server, just MSDE which I think is a subset.    It does not allow me nearly the same flexibility and control that a full $1200 version of Windows 2003 would allow.

with regards
0
 
orhanoCommented:
Hi all.

I have a Linksys DSL modem with FW/Router/WLAN. It's model is WAG54G.
I had problems with port forwarding with it. Some investigation revealed that single port forwarding is buggy in this model. It just stops forwarding the set up ports after a few minutes or so. (I use eMule, which might be causing the bug appear shortly)

But "Port Range forwarding" works perfectly. You can set it up similar to "Single port forwarding".

This will solve your problem if your device is using a shared code with mine.

Regards,

Orhano
0
 
bodywiseAuthor Commented:
Orhano,

Thanks for the input.   May be the answer.  I really like LinkSys products, but have found them to be less than fully reliable in the newer models.  I even bought a LinkSys wireless VPN router, but had to return it twice because it just didn't work.    It may be that this is the source of my port forwarding and 1433 problem.

Apreciate the follow-up.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 6
  • 5
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now