[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 411
  • Last Modified:

Build ssh tunnels between two MSCS clustered virtual IP addresses & two SQL virtual IP

I have a pair of MS SQL 2008 clustered using MSCS servers
at datacenter A & another pair at a remote datacenter M.

For illustration purpose,  let's call the
- SQL cluster IP addr at DC A,   a.b.c.d  (not the MSCS cluster IP but SQL IP)
- SQL DTC IP addr at DC A,        e.f.g.h  (used by MS DTC)
- SQL cluster IP addr at DC M, m.n.p.q (not the MSCS cluster IP but SQL IP)
- SQL DTC IP addrat DC M,        r.s.t.u

Firewall rules for ssh is permitted for Tcp22 in both directions.

I have an ssh server (WinSSHD) running/listening at m.n.p.q & r.s.t.u.

If I have putty ssh client at a.b.c.d & e.f.g.h, how can I build an ssh
tunnel from a.b.c.d to m.n.p.q  and from e.f.g.h to r.s.t.u ?

Reason for building this tunnel is I have an urgent need to have
Tcp135 & a couple other Tcp ports to be transported over but it
takes 2 weeks for new firewall requests to be approved+implemented.

Note that all IP addresses above are virtual IP addresses on the
MS SQL 2008 servers
  • 6
  • 3
3 Solutions
sunhuxAuthor Commented:
& by building the ssh tunnels, I'll still need existing traffic of
Tcp 1433 to be able to go thru via the usual channel (not thru
the tunnel) ie from a.b.c.d to m.n.p.q
are you aware that at least one end of the tunnel cannot be i.e. port 135?
if so, can you please specify which server A or M is the one where to forward (tunnel) port 135 over ssh
for example: do you want that a user/process on A connects to localhost:1135 which is tunneld to M:135
sunhuxAuthor Commented:
User in server A to be able to issue "telnet M_server_IP 135"
(& the packets that originate from user in A will show the
 source IP address of server A)

Do we need additional IP address to be assigned to both
tunnel ends?
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

sunhuxAuthor Commented:
Rather than user/process, it's actually MS SQL client (in server A) & 
MS SQL server 2008 (in server M)
> User in server A to be able to issue "telnet M_server_IP 135"
for that you don't need a tunnel, as M is already listening on 135

where is you problem with
   telnet M_server_IP 135
sunhuxAuthor Commented:
>where is you problem with     telnet M_server_IP 135
There's currently no firewall rule permitting Tcp 135 from A to M
but there's a firewall rule for Tcp22 (ssh) from A to M.

I'll need my SQL client (running in A) to be able to send traffic
to M (on Tcp port 135)
on A% ssh -L 4235:M:135 user@M
on A% telnet M 4235

a bit more secure:
on A% ssh -L localhost:4235:M:135 user@M
sunhuxAuthor Commented:
I'm not on Linux/UNIX,  I'm on Windows 2008, so ssh command
is not applicable in my case.  Can you give the steps needed to
set this up, say, using putty
sunhuxAuthor Commented:
What's required is for Windows environment, not Linux/Unix

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now