I am making some application and I need to connect to database which is on Amazon server.
It works fine from local but I need direct access to database without ssl tunneling.
On AWS console 3306 port is opened
Related
I am unable to connect to my MSSQL database from outside the server despite exposing the port and setting up inbound rules both in Windows Firewall and the LightSail dashboard.
Networking dashboard image Networking dashboard image. I can reach the hosted IIS website at port 80 but SQL port is not reachable despite setting inbound rule.
I have an issue with connecting to my databases via desktop client. I use ssh key to connect to my server via console and I am able to connect to my live server.
But no luck for my database connection. I use TablePlus as my desktop client and I keep getting SSH Error, can't connect to host. That's all I get.
How can I find out what the problem is exactly?
I have an Azure VPN client that I use for connecting to a web server using RDP and to an Azure SQL Server instance using SSMS. The problem is, I cannot connect to both at the same time.
When I go to the Networking properties of the VPN connection, then select the properties of TCP/IPv4, if I select "Use default gateway on remote network", I am able to connect to RDP, but not SQL Server. If "Use default gateway on remote network" is not selected, I am able to connect to SQL Server, but not RDP.
What can I do to be able to connect to both at the same time?
As far as I know. By default, once a successful VPN connection creates, the highest priority entry will be added automatically in the local machine route table. When you select Use default gateway on remote network, data that can not be sent on the local network is forwarded to the dial-up network when you are connected to a local network and a dial-up network simultaneously. The local network prefers to select a VPN connection route. The connection to a local network is disconnected automatically by default. So you could RDP to the web server via the private VPN connection in the dial-up network. You could not access the Azure SQL server since the traffic from the dial-up network is not allowed in the firewall of Azure SQL server firewall. In this scenario, you could check if the outgoing traffic to the Internet from your dial-up network is blocking.
When you un-select Use default gateway on remote network, usually default gateway of the PPP adaptor will be empty. In this scenario, you cannot connect to resources on the remote network because you have disabled the Use Default Gateway on Remote Network setting in the VPN TCP/IP configuration. You could add routes for the desired VPN subnets. Refer to this paragraph Configuring Split Tunnel for Windows
You could use route print on the local machine to check the route entry. Compare the route table in the two situations. More details you could get from this DOC.
It sounds to me like you need to configure a service endpoint on your vnet to allow traffic to route through to your Azure SQL database.
https://learn.microsoft.com/en-us/azure/sql-database/sql-database-vnet-service-endpoint-rule-overview
Try the link above for help configuring it.
I want to connect to the database which is on Amazon AWS VM from azure website.
It is giving error "not accessible"
Any configuration I have to made in AWS VM
You need to setup a security group and open up inbound and outbound ports in AWS.
Only after your sql server port is opened you can connect to your sserver from Azure.
If you are using MySql which uses 3306 port by default (you need to change this for security reasons), you need to open up 3306 to recieve and throw bytes.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html
Have you checked your network firewall settings in both azure and aws? I suspect that's your issue. Create exceptions for the proper IP addresses.
We are building a client solution that will be hosted on servers in a data-centre. It consists of several servers all related to providing the client solution. There is no internal network to protect but for some reason our UAT environment has the notion of a DMZ in the server diagram.
We have an IIS box which will have a public IP. Then we have two servers DB(Sql Server) and APP that are only on the internal lan with no public IPs. You can only RDP to these servers via VPN. Our IIS server needs sql access so port 1433 is open from IIS box(DMZ) to the sql server. We are also opening several ports from the IIS server to the APP server which hosts WCF services.
My understanding was that a DMZ was meant to protect internal private networks and that these networks should not be accessible from the DMZ but we are now opening up ports to both our APP and DB servers so they are accessible from the DMZ. In the end most of our servers are accessible from the IIS server via certain ports.
We originally wanted to setup our SQL server for AD authentication only but since our IIS server is in the DMZ and has no AD access we will be forced to enable mixed mode authentication in SQL server. This might be another security issue in it's own since we are now forced to store passwords somewhere on the IIS server to be able to auth against sql server.
Are we not perhaps missing the idea of a DMZ?
So with a system where you have a DMZ, there is also a firewall involved.
So your system should look like this I think:
SQL-server hosting internal data
Other servers needed for the company
---- firewall ----
SQL-server hosting data for web solution
AD-server (if needed)
Web-server
FTP-server (could be on the web server also)
With this setup you don't expose company-sensitive database to the outside world and you also don't open up a port in the firewall making it possible for attackers to (maybe) get access to the internal database which has company sensitive data...
Just my suggestion based on the information provided.