Blocking SQL server ports is a showstopper

[MrGray]

For many developers, iBursts dumb policy of blocking port 1433 is a complete showstopper and makes it completely pointless for me to use iBurst. I've just gone down to Cape Town with only an iBurst modem for connectivity to my client's systems. Imagine my horror to discover that I couldn't access any of their SQL servers because iBurst's nanny mentality has decided that since hackers sometimes use port 1433 for hacking, therefore they'll just block it. Well, hackers also use port 80 - why don't they block that as well, morons??

I don't want a service provider that decides for me which ports to allow. If I am dumb enough to put an unsecured sql server onto the internet then it is my responsibility, not iBurst's. And, no, I'm not prepared to reconfigure 48 SQL servers just to accomodate a hostile port blocking policy from one service provider. So, bye bye iBurst - and good riddance.

 

[Clipse]

I suspect, port 80 will be next :/

 

[titanium]

Ignoring the fact that one really shouldn't let any server listen on the Net without having a DMZ / fw in front of it, and the fact that iBurst shouldn't unilaterally block ports, why don't you just install OpenVPN. Set it to listen on any port that iBurst doesn't block, then connect to it and either IP tunnel or bridge to the relevant server.

Or use SSH and port forwarding.

 

[MrGray]

My client's servers are all behind firewalls to the best of my knowledge. It is not my responsibility to liase with hundreds of different clients' networking people to organise a vpn tunnel for each and every one, as desirable as that may be. The fact is that any network service is vulnerable to dos attacks/hackers/worms etc, but there has to be a trade off between having publicly accessible services that can talk to each other and the risk or paranoia of an attack, and it is NOT the service providers prerogative to decide on others behalfs which parts of the internet they are going to unilaterally cut off. What next - block port 25 because of email worms and expect everyone to put in custom vpn solutions between their mail servers?

 

[titanium]

I agree with your comments about the service provider - what I was trying to say is, there are usually workarounds to any given problem - and in this particular case iBurst is unlikely to accede to requests to unblock the ports you need. So, apart from leaving iBurst (which you have probably chosen to do?), another solution would be to use the likes of OpenWeb or NukeCAP, and bounce through them to your client's servers via OpenVPN. No need to liase with hundreds of different network admins - just get onto another access path that isn't blocked

Good luck with your decision.

Cheers,

 

[MrGray]

I agree that it is easily possible to use a workaround, yet we won't be using iBurst. The problem is not so much this single inconvenience, it's that we can't rely on it anymore as who knows which service will be blocked in future, leaving us high and dry until we implement another workaround? It's basically the principle that makes it unworkable in the long run. I think iBurst is as good a service as any other broadband solution on the market right now, it's just that they have clearly nailed their colours to the mast as being a service only for web surfers and email users, and don't/won't pitch their network at people who need to use it for more advanced/professional functionality.

 

[regardtv]

Garp

I agree with your approach but don't have a connectivity choice. I have implemented the following...

1) Setup openvpn on one of my privately owned servers (at an ISP that actually ALLOWS me to use all ports ;-) )
2) Use OPENVPN to that port

Now all my services work properly...all I need is to make sure that wbs continues to allow vpn... though I've already moved my vpn to port 53 just in case ;-)

 

[Hogrod]

Hi,

With the help of the NukeCAP crew. I've succesfully setup a connection using SQL Enterprise Manager to a SQL Server through my Iburst connection. It works a treat! Thanks to NukeCAP and its VPN software. It's easy to setup and i did not need to configure anything with my database host! I suggest you try it.