SQL Server can operate transparently with Proxy Server to
prevent unauthorized access to your internal network. By using this
configuration, you do not have to connect the computer running SQL Server
directly to the Internet.
When you run SQL Server on a computer
located behind Proxy Server, SQL Server is protected by the packet filtering
features of Proxy Server. You can configure Proxy Server to permit or deny
inbound SQL Server access to specific users, services, ports, and IP domains.
This article describes how to configure SQL Server for use with the
Server Proxy features of Proxy Server.
If you are running Proxy
Server 2.0 on Microsoft Windows 2000, visit the following Microsoft Web site to
update the Proxy Wizard:
The information in this article does not apply to
Microsoft Internet Security and Acceleration (ISA) Server.
This article describes how to configure SQL Server for use with
Proxy Server in the following scenario:
- The computer running SQL Server is located on an internal
network and has an IP address of 18.104.22.168.
- The Proxy Server computer has two network adapters. One
network adapter is connected to the internal network and has an IP address of
22.214.171.124. The second network adapter is connected to the Internet and has
an IP address of 126.96.36.199.
- You want to gain access to the computer running SQL Server
from a client workstation that is located on the Internet.
Configure SQL Server with Proxy Server
To configure SQL Server for use with Proxy Server, follow these
- On the computer running SQL Server, configure TCP/IP
Sockets as one of the network protocols. To do so, use SQL Server Network
Utility to enter the proxy address:
Note If the IP address is set to the internal IP address of the Proxy
Server computer, it does not work.
- Click TCP/IP, and then
- In the Edit Network Library
Configuration dialog box, verify that the port is set to 1433 and the
proxy address is set to the external IP address of the Proxy Server
- Make sure that your instance of SQL Server is not running
under the context of the service account.
- In User Manager, create a user account that has all the
permissions that are required run SQL Server.
- Click the Permissions tab in the Winsock
Proxy properties, and then add the new user account. Consider assigning
Unrestricted Access to this account.
- Create the following Wspcfg.ini file on the computer
running SQL Server, and then put it in the same folder as the Sqlservr.exe
file. By default, this folder is the C:\Mssql7\Binn folder for SQL Server 7.0
and the C:\Mmssql\Binn folder for SQL Server 6.5. To do so, run the following
- Install and configure Proxy Server by using the
documentation that is provided with the product.
- Add the IP address (188.8.131.52) of the computer running
SQL Server and the internal IP address (184.108.40.206) of the Proxy Server
computer to the local address table (LAT) on the Proxy Server
- By using the computer running SQL Server, connect to the
MSPCLNT share on the Proxy Server computer, and then install the Winsock Proxy
- Restart the computer running SQL Server for the changes to
the Winsock driver to take effect.
The SQL Server service is
restarted if the SQL Server service is not set to Auto. The SQL Server 2000 error log shows the following entry:
Note The error log no longer reports the IP address of the local
server. It now shows that the computer running SQL Server is listening on
Winsock Proxy instead of IP address and port.
2002-02-12 17:11:32.28 server SQL server listening on Winsock Proxy, Shared Memory, Named Pipes.
2002-02-12 17:11:32.28 server SQL Server is ready for client connections
- Configure the client workstations to gain access to the
computer running SQL Server through the Proxy Server computer. To do so, follow
- Start SQL Server Client Network Utility, and then click
the General tab.
Note For SQL Server 6.5 clients, start the SQL Server Client
Configuration Utility, and then click the Advanced
- To create an entry for the computer running SQL Server,
click Add, and then select TCP/IP as the network library.
- Provide a server alias, and then on the
Computer Name line, type the external IP address of the Proxy
Server computer (220.127.116.11).
- Make sure that the Port Number field
contains the correct port number. By default, the port number is 1433.
- From the client computer, verify the connection to the
computer running SQL Server. To do so, start SQL Query Analyzer (in SQL Server
7.0) or start ISQL/w (in SQL Server 6.5), and then connect to the server that
you specified in step 10b.
Article ID: 216415 - Last Review: January 12, 2004 - Revision: 3.6
- Microsoft SQL Server 6.5 Standard Edition
- Microsoft SQL Server 7.0 Standard Edition
- Microsoft SQL Server 2000 Standard Edition
- Microsoft SQL Server 2000 64-bit Edition
- Microsoft Proxy Server 2.0 Standard Edition
|kbhowtomaster kbhowto kbinfo kbinterop kbnetwork KB216415|