Welcome to Jtech!
You are not logged in.
Login

Menu

Jtech's Miscellaneous Tips

Presently we only have ONE TIP so we'll not create sub pages for this section (yet).

Windows 2003 Server - How to allow SQL connections based on incoming IP address.

If you have an SQL server and remote users on the Internet, they obviously need to connect to your server.

But, at the same time, you don't want every hacker trying to break into your SQL connection.

This 'filtering' is NOT done in the SQL server but rather in the network configuration of your server. - In fact, you can filter ANY type of connection to come in based on IP address.

Here's how to set it up in a step-by-step scenario with screenshots:

1. Click Start -> Control Panel -> Network Connections -> Local Area Connection.


2. Click 'Properties'.


3. Click the 'Advanced' tab.


The only option here is for 'Windows Firewall' - Here is where you'll set up your special filtering.
4. Click on 'Settings'.



I'm sure you've seen this next one before. - BUT - You can't see the following screen(s) unless you got here the way I previously described. - Don't ask why. - By going to directly to 'Control Panel' -> 'Windows Firewall' WILL NOT allow you to change the 'scope' on each incoming port connection.
  • You need to make sure Windows Firewall is 'On'
  • Click on the 'Advanced' tab.


5. Click on the 'Exceptions' Tab.
Scroll down until you find 'SQL Server' - Double-Click on it.


This screen is where you can give the 'service' a diffeent name or even change the port number (if you're crazy).
6. Click 'Change scope'.


Now remember, you're only changing the 'scope' for your SQL port. - You can use this method to change the 'scope' on any port number on your server if you like.
7. Make sure 'Custom list' is selected.
8. Enter the IP address/netmask pair as the example below. You an enter as many as you want just make sure you separate the IP address/netmask pairs with a comma.


9. IMPORTANT - After you've made your changes, ensure you back out of all the boxes using each box's 'OK' button, else your changes will not take place.

10. Note: - A server re-boot will not be necessary. - These are 'on-the-fly' changes that take place as soon as you make them.