Tom's Hardware > Forum > General Networking > Routers & Gateways > Block 1433 port with access list for specific ip address
Related Content
You have searched for "Block 1433 port with access list for specific ip address" . You might be interested in the following threads:
- Block 1433 port with access list for specific ip address
- SQL attack - port 1433 - HELP!!
- IPSEC not blocking specific IP address per Ethereal
- Windows XP client with SP2 cannot connect to SQL over 1433
- Port 1433 is blocked (filtered) on some of PC's
See more for "Block 1433 port with access list for specific ip address"
General Discussion
|Routers & Gateways
|VPN, Remote Connection, VoIP & Video Conferencing
|LAN/WAN
|Firewalls
hello,
so it looks like you are enabling access correctly to the server on tcp port 1433.
ip access-list extended WAN permit tcp host [external host ip] [server ip] eq 1433.
and then you explicitly block everyone to the same server on tcp 1433. that second line actually isn't necessary because there is an implicit deny at the end of every access-list, so everything gets denied that hasn't already been explicitly permitted.
i suspect you might need more ports open (but i say that not knowing what you're doing with this sql server. so you might want to start by applying this acl:
ip access-list extended WAN permit ip any [server ip] log
this will log all traffic that's going to the server - this will let you know if your external hosts are in need of more ports (just check the router logs).
you can apply a similar access-list to the interface closest to the sql server - again permit the server to talk to anyone and log it. look in the logs to see what ports the server needs open.
finally, where you apply the access-list matters... A LOT 
decide if it should be on an external facing interface, on the internal, or one for each (depends on how tightly you want to lock things down).
when in doubt, look at your traffic to see what's going on (logging the acl or a packet capture).
did you check out the access-list tutorial? i know they have several more that cover more advanced access-list issues.
good luck!
| rajesh_dongre wrote : Dear 1sAND0s
|
- How do I Restrict port access to single IP Address
- Block specific IP address
- Firewall with MAC address ACL that is dynamic
- Mac address block for internet
- Port forward only from specific external IP
- How to block all traffic but SQL Server
- D-Link admits DI-624 will not renew client IP address from..
- Port Scan and different IP addresses
- IP Address
- Blocking IP/MAC address with firewall...
- restricting access to a share for only a specific IP address
- Is Zotob A MS Plot . . . .
- How use Kerio to block app accessing an IP address?
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
2000-2009 Bestofmedia Group
Page generated in 1.712 seconds
Ad
Latest best answer
General IT Vocabulary Help 
By TheViper, 907 days ago:
Bus Speeds - The most commonly inferred bus is the Front Side Bus. This is the...
They won a badge
Join us in greeting them
- 17:08 aoaom won the Freshman badge
- 16:27 wuyu2241 won the Freshman badge
- 15:01 Cooky1992 won the Uniformed badge
- 15:01 medu5a won the Uniformed badge
- 15:01 mefa_star won the Uniformed badge
- 15:01 C4ptainpanda won the Uniformed badge
- 11:45 googlman won the Freshman badge
- 04:50 underwater mike won the Uniformed badge
- 04:40 tomstoms won the Freshman badge
- 04:24 dibetter won the Freshman badge
Partners
