Discussion:
MySQL Access through ISA
(too old to reply)
Peter
2009-05-21 18:54:13 UTC
Permalink
Hello,
I need to manage a remote MySQL instance from behind my ISA 2004 server.
I have created a rule to allow connections on port 3306 to the IP address of
the remove server.
However the connection always fails. Looking at the ISA logs it shows the
traffic being blocked by the last default rule.
I know the IP address and other parameters are correct because the
connection works properly when I bypass ISA and go out through a
non-firewalled connection.
How can I properly configure this rule to allow access?
Thanks.
Peter
Jens Baier
2009-05-21 19:52:46 UTC
Permalink
Hi,
Post by Peter
I need to manage a remote MySQL instance from behind my ISA 2004 server.
I have created a rule to allow connections on port 3306 to the IP address of
the remove server.
However the connection always fails. Looking at the ISA logs it shows the
traffic being blocked by the last default rule.
you must create a new protocol definition - MYSQL - direction outgoing -
Port 3306 TCP. Use this new protocol definition in a Firewall rule which
allows access from the client to the MYSQL Server for all users.
The client which wants to access the mysql server must be a SecureNAT or
Firewall client
--
Gruss Jens
www.it-training-grote.de
www.forefront-tmg.de
https://mvp.support.microsoft.com/profile/Marc.Grote
http://blog.it-training-grote.de
Peter
2009-05-22 17:08:01 UTC
Permalink
Thanks for the response. I had done those things. Looking at it again I
discovered the problem was I was allowing outgoing traffic only on 3306.
When I looked at the logging it showed the source port on the workstation was
not 3306, it was some random port number. Once I allowed source traffic on
other ports to 3306 on the remote machine it worked fine.
Thanks for the help.

Peter
Post by Jens Baier
Hi,
Post by Peter
I need to manage a remote MySQL instance from behind my ISA 2004 server.
I have created a rule to allow connections on port 3306 to the IP address of
the remove server.
However the connection always fails. Looking at the ISA logs it shows the
traffic being blocked by the last default rule.
you must create a new protocol definition - MYSQL - direction outgoing -
Port 3306 TCP. Use this new protocol definition in a Firewall rule which
allows access from the client to the MYSQL Server for all users.
The client which wants to access the mysql server must be a SecureNAT or
Firewall client
--
Gruss Jens
www.it-training-grote.de
www.forefront-tmg.de
https://mvp.support.microsoft.com/profile/Marc.Grote
http://blog.it-training-grote.de
Phillip Windell
2009-05-22 20:39:00 UTC
Permalink
Post by Peter
Thanks for the response. I had done those things. Looking at it again I
discovered the problem was I was allowing outgoing traffic only on 3306.
When I looked at the logging it showed the source port on the workstation was
not 3306, it was some random port number. Once I allowed source traffic on
other ports to 3306 on the remote machine it worked fine.
Source ports are automatically acknowledged,...it is not something you have
to allow. Source Ports go into the NAT Table as an Identifier to the
session. So ISA is already fully aware of them. Source Ports are not the
same thing as a Secondary Connection.

So exactly what did you do when you did that?
--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Peter D
2009-05-26 16:10:02 UTC
Permalink
From the Porperites of the rule, I went to the Protocols tab. I had
previously set up a new protocol for MySQL allowing outbound TCP connections
to 3306 on the remote server. On the protocols tab there is a button for
"Ports". I assume in the process of setting up the protocol, I had
mistakenly set the source port to 3306 only. When I switched it to "Allow
traffic from any allowed source port" it worked.

Peter
Post by Phillip Windell
Post by Peter
Thanks for the response. I had done those things. Looking at it again I
discovered the problem was I was allowing outgoing traffic only on 3306.
When I looked at the logging it showed the source port on the workstation was
not 3306, it was some random port number. Once I allowed source traffic on
other ports to 3306 on the remote machine it worked fine.
Source ports are automatically acknowledged,...it is not something you have
to allow. Source Ports go into the NAT Table as an Identifier to the
session. So ISA is already fully aware of them. Source Ports are not the
same thing as a Secondary Connection.
So exactly what did you do when you did that?
--
Phillip Windell
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Phillip Windell
2009-05-26 17:06:43 UTC
Permalink
Post by Peter D
From the Porperites of the rule, I went to the Protocols tab. I had
previously set up a new protocol for MySQL allowing outbound TCP connections
to 3306 on the remote server. On the protocols tab there is a button for
"Ports". I assume in the process of setting up the protocol, I had
mistakenly set the source port to 3306 only. When I switched it to "Allow
traffic from any allowed source port" it worked.
Ok, I see then. That's fine. I think it is the default anyway. Maybe you
mistakenly didn't let it be that way from the begginning. You're probably
fine now.

That's one of the dialog boxes that no one hardly ever touches or changes,
so it's easy to forget it is there. It allows you to limit the source ports
to a certain range,...but I don't know anyone who actually does that.
--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
hazee
2012-12-10 17:42:11 UTC
Permalink
Phillip Windell wrote on 05/26/2009 13:06 ET
"Peter D" wrote in messag
news
Post by Peter D
From the Porperites of the rule, I went to the Protocols tab. I ha
previously set up a new protocol for MySQL allowing outbound TC
connection
to 3306 on the remote server. On the protocols tab there is a button fo
"Ports". I assume in the process of setting up the protocol, I ha
mistakenly set the source port to 3306 only. When I switched it t
"Allo
traffic from any allowed source port" it worked
Ok, I see then. That's fine. I think it is the default anyway. Maybe yo
mistakenly didn't let it be that way from the begginning. You're probabl
fine now
That's one of the dialog boxes that no one hardly ever touches or changes
so it's easy to forget it is there. It allows you to limit the source port
to a certain range,...but I don't know anyone who actually does that
Phillip Windel
The views expressed, are my own and not those of my employer, or Microsoft
or anyone else associated with me, including my cats
He there .

I am facing a similar issue .. I have followed all the steps but still can pas
through the proxy

I have developed a .net application that fetches the data from a MySql databas
from internet. I am using odbc connector to connect to my server over internet.
hazee
2012-12-12 04:29:18 UTC
Permalink
hazee wrote on 12/10/2012 12:42 ET
Post by hazee
Phillip Windell wrote on 05/26/2009 13:06 ET
"Peter D" wrote in messag
news
Post by Peter D
From the Porperites of the rule, I went to the Protocols tab. I ha
previously set up a new protocol for MySQL allowing outbound TC
connection
to 3306 on the remote server. On the protocols tab there is a button fo
"Ports". I assume in the process of setting up the protocol, I ha
mistakenly set the source port to 3306 only. When I switched it t
"Allo
traffic from any allowed source port" it worked
Ok, I see then. That's fine. I think it is the default anyway. Maybe yo
mistakenly didn't let it be that way from the begginning. You're probabl
fine now
That's one of the dialog boxes that no one hardly ever touches or changes
so it's easy to forget it is there. It allows you to limit the source port
to a certain range,...but I don't know anyone who actually does that
Phillip Windel
The views expressed, are my own and not those of my employer, or Microsoft
or anyone else associated with me, including my cats
He there .
I am facing a similar issue .. I have followed all the steps but still ca
pas
Post by hazee
through the proxy
I have developed a .net application that fetches the data from a MySq
databas
Post by hazee
from internet. I am using odbc connector to connect to my server ove
internet
I still can not pass through**

Pls help.

Loading...