Re: open port numbers behind the firewall

---

• From: Leythos <void@xxxxxxxxxxx>
• Date: Fri, 18 Jul 2008 08:39:49 -0400

---

In article <e0bd66a3-b964-48f8-9738-
12e81ab10baa@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, javacc2@xxxxxxxxx says...

Before adding the firewall, the applications are up and running. My
understanding is that the firewall is in front of websphere server and
database server. Now, the websphere server cannot connect to database
server on port 1521, that means port 1521 needs to be open on database
server side? Do we need to open the same port 1521 on websphere server
too? I cannot ping, cannot telnet from websphere to database.


please advice. thanks a lot!!

If the firewall is in front of BOTH the Web/DB server, but the Web and
DB server are in different networks (and they should be), then you need
to map a rule between the web servers firewall network and the database
servers network for the port that it communicates on.

Firewall PUBLIC Port (some public IP)
Firewall WEB Sv Port (192.168.8.10/24) just making up a network
Firewall DB Sv Port (192.168.9.10/24) just making up a network

By default here is no access between 192.168.8 and 192.168.9 networks,
you have to make a rule between them

Your rule should be as specific as possible, something like this:

Allow 192.168.8.10 (Web) > 192.168.9.10:TCP 1521

This limits access to the data to JUST the IP and Port of the database
server.

With a rule like this you can NOT PING or telnet to the DB server, since
you didn't create a PING/Telnet rule to permit access.

If you setup improper rules your web server could allow external users
to compromise your database - please contact the firewall administrator
to make the proper changes for you.


--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.

---

• References:
  • open port numbers behind the firewall
    • From: Steve

• Prev by Date: Re: open port numbers behind the firewall
• Next by Date: Sonicwall PRO 3060 VPN not Connecting to internet
• Previous by thread: Re: open port numbers behind the firewall
• Next by thread: Network Security and Firewall
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: How to Maintain an IIS Server? ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ... (microsoft.public.inetserver.iis.security) Re: CEICW fails at firewall config ... ISA Server prevents connection to a remote desktop when you connect through ... Remote Web Workplace on a Windows Small Business Server 2003-based computer ... Acceleration Server as a firewall. ... connection uses TCP port 4125. ... (microsoft.public.windows.server.sbs) Re: How to Maintain an IIS Server? ... >> server running on a Windows 2000 server. ... > before a firewall and antivirus have been installed]. ... > program or executable using that port. ... (microsoft.public.inetserver.iis.security) Re: Activesync / Airsync - Alternative Ports ... Setup a reverse HTTP proxy. ... Another idea is to use the PPTP capabilities of a Windows Server to allow ... Satellite - Cisco Firewall - Exchange Server ... So on the server side you would configure the port 80 to redirect to ... (microsoft.public.pocketpc.activesync) Re: Activesync / Airsync - Alternative Ports ... "Chris De Herrera" wrote: ... Another idea is to use the PPTP capabilities of a Windows Server to allow ... Satellite - Cisco Firewall - Exchange Server ... So on the server side you would configure the port 80 to redirect to 8888 ... (microsoft.public.pocketpc.activesync)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.firewalls  > 2008-07