Issue connecting through firewall using jdbc connector.

We have an app in development. The front end of the app is web-based running
tomcat.
This app sits in our DMZ.
This app communicates to a sql 2000 server on our corporate network. The
connection is via microsofts jdbc 2000 connector.
We have allowed the server hosting the app to initiate connections to the
internal sql server on port 1433 only. The sql server can communicat any/any
back to the dmz.
I am seeing some interesting behavior - The front end initiates a connection
to the DB server on 1433 which is successful, but then also tries to
initiate a connection on 137 (named pipes/nbname), of course the firewall
blocks this and it eventually times out after it times out it opens
addtional pool connection on 1433. This causes the app to load very slowly
as the pages are data driven. If we open up 137 then the app runs at a
normal speed.
I dont understant why the front end is trying to communicate to the server
on anything other than 1433. The server is configured for tcp/ip only. The
JDBC driver and app on the front end is doing everything by IP address.
I've thought of trying a host file on the front end resolving the back end.
and vice versa, but this shouldnt matter as everything is IP and not name.
I am now trying to figure out if this is an issue with the microsoft jdbc
driver config - though it looks like you dont have the ability to specify
protocols in it, an issue witht he sql server - perhaps the response to the
initial connection is telling the client to talk named pipes, or if its
just an OS issue.
Leaving 137 open from the dmz app to the internal sql server is not an
option.
Thanks in advance.
Bill
I think I have ran into the same problem. I am developing an application that must reside within DMZ and must have access to a SQL server on the internal network. I think the problem is the MS odbc and jdbc drivers. They try to use NetBIOS over TCP instea
d of just pure TCP.
My case is as follows:
* Web application(ASP) in DMZ
* MS ODBC driver
* Firewall between DMZ and internal network(port 1433 open)
* SQL Server on internal network
The problem is that the ODBC driver seems to try to connect to the database through SMB, Server Message Block, wich is a windows service for file and printer sharing. SMB relies on the NetBIOS service wich in turn relies on TCP or SPX or whatever it is se
t up to use. Now, NetBIOS uses udp port 137. This port is not opened in our firewall, as in your case. Therefore the application in the DMZ can not establish a connection with the sql server.
I think there are two possible solutions for this problem:
* Find a driver that uses only TCP and not TCP via NetBIOS
* Disable NetBIOS and SMB in the web server
The second solution works very godd, I think. Not a solution for us, though, since the web master has set up a Microsoft network within the DMZ. And you have to disable Microsoft network to disable SMB.
Sorry for my bad english. Hope that what i have written helped a little, at least.
Posted using Wimdows.net NntpNews Component -
Post Made from http://www.SqlJunkies.com/newsgroups Our newsgroup engine supports Post Alerts, Ratings, and Searching.