通过NAT访问SQL Server实例 [英] Accessing SQL Server Instance through NAT
问题描述
我正在尝试访问通过IP NAT映射公开的SQL Server.所有端口都是开放的.我不知道NAT的详细信息(如果有的话),因为那是公司其他地方的一堆繁文tape节.
I'm attempting to access a SQL Server which is exposed through an IP NAT mapping. All the ports are open. I don't know the details of the NAT, if it's relevant, since that's somewhere else in the company hidden in a pile of red tape.
这就是我所想的.当您尝试访问SQL Server的命名实例时,客户端会询问该命名实例在哪个端口上运行.如果我将RDP插入SQL Server,则可以使用netstat找出该实例的端口,并且可以成功通过防火墙连接.但是,无法通过实例名称进行连接.我的猜测是服务器在某个时候使用其内部IP地址进行响应,而客户端正在使用该地址.
Here's what I figured out. When you attempt to access a named instance of SQL Server, the client asks what port the named instance is running on. If I RDP into the SQL Server I can use netstat to find out the port of that instance and can successfully connect through the firewall. However, connecting via the instance name doesn't work. My guess is that the server is responding at some point with it's internal IP address and the client is using that.
有人知道这是真的吗,还有办法解决吗?
Does anyone know if this is true and if there's a way around it?
推荐答案
The instance listening port protocol discovery is subject to the SQL Server Browser Service. This uses UDP on 1434. With a NAT forwarding of UDP 1434 your client should be able to interact with the SQL Server Browser Service (if the SQL Server Browser's UDP response packet can reach back the client, a big if), but even a successful interaction will put your client in a tight spot: now that it knows the SQL Server dynamic listen port, how does it reach it? The NAT would have to dynamically forward the port picked by SQL Server, or it would have to forward all ports.
我建议您让SQL Server在每个配置的静态分配的端口上进行侦听.请参阅如何配置SQL Server实例以侦听特定的TCP端口或动态端口.让您的NAT转发那个端口.然后,在客户端中,在连接字符串中显式使用此端口.不要使用标准端口1433,因为我认为在NAT之前是公共互联网,并且1433经常受到来自各种类型的僵尸程序和恶意群集的不断扫描.
What I recommend is to have your SQL Server listen on a per-configured, statically assigned, port. See How to configure an instance of SQL Server to listen on a specific TCP port or dynamic port. Have your NAT forward that port. Then in your client use this port explicitly in the connection string. Do not use 1433, the standard port, since I assume that ahead of the NAT is the public internet and 1433 is subject to constant and frequent scans from all sort of bots and vile clusters.
这篇关于通过NAT访问SQL Server实例的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
