Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

MySQL Access through ISA

58 views
Skip to first unread message

Peter

unread,
May 21, 2009, 2:54:13 PM5/21/09
to
Hello,
I need to manage a remote MySQL instance from behind my ISA 2004 server.
I have created a rule to allow connections on port 3306 to the IP address of
the remove server.
However the connection always fails. Looking at the ISA logs it shows the
traffic being blocked by the last default rule.
I know the IP address and other parameters are correct because the
connection works properly when I bypass ISA and go out through a
non-firewalled connection.
How can I properly configure this rule to allow access?
Thanks.
Peter

Jens Baier

unread,
May 21, 2009, 3:52:46 PM5/21/09
to
Hi,

> I need to manage a remote MySQL instance from behind my ISA 2004 server.
> I have created a rule to allow connections on port 3306 to the IP address
> of
> the remove server.
> However the connection always fails. Looking at the ISA logs it shows the
> traffic being blocked by the last default rule.

you must create a new protocol definition - MYSQL - direction outgoing -
Port 3306 TCP. Use this new protocol definition in a Firewall rule which
allows access from the client to the MYSQL Server for all users.
The client which wants to access the mysql server must be a SecureNAT or
Firewall client

--
Gruss Jens
www.it-training-grote.de
www.forefront-tmg.de
https://mvp.support.microsoft.com/profile/Marc.Grote
http://blog.it-training-grote.de

Peter

unread,
May 22, 2009, 1:08:01 PM5/22/09
to
Thanks for the response. I had done those things. Looking at it again I
discovered the problem was I was allowing outgoing traffic only on 3306.
When I looked at the logging it showed the source port on the workstation was
not 3306, it was some random port number. Once I allowed source traffic on
other ports to 3306 on the remote machine it worked fine.
Thanks for the help.

Peter

Phillip Windell

unread,
May 22, 2009, 4:39:00 PM5/22/09
to
"Peter" <Pe...@discussions.microsoft.com> wrote in message
news:78F1A7C5-CD8A-499B...@microsoft.com...

> Thanks for the response. I had done those things. Looking at it again I
> discovered the problem was I was allowing outgoing traffic only on 3306.
> When I looked at the logging it showed the source port on the workstation
> was
> not 3306, it was some random port number. Once I allowed source traffic
> on
> other ports to 3306 on the remote machine it worked fine.

Source ports are automatically acknowledged,...it is not something you have
to allow. Source Ports go into the NAT Table as an Identifier to the
session. So ISA is already fully aware of them. Source Ports are not the
same thing as a Secondary Connection.

So exactly what did you do when you did that?

--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


Peter D

unread,
May 26, 2009, 12:10:02 PM5/26/09
to
From the Porperites of the rule, I went to the Protocols tab. I had
previously set up a new protocol for MySQL allowing outbound TCP connections
to 3306 on the remote server. On the protocols tab there is a button for
"Ports". I assume in the process of setting up the protocol, I had
mistakenly set the source port to 3306 only. When I switched it to "Allow
traffic from any allowed source port" it worked.

Peter

Phillip Windell

unread,
May 26, 2009, 1:06:43 PM5/26/09
to
"Peter D" <Pet...@discussions.microsoft.com> wrote in message
news:A4ED0003-9A12-4AC0...@microsoft.com...

> From the Porperites of the rule, I went to the Protocols tab. I had
> previously set up a new protocol for MySQL allowing outbound TCP
> connections
> to 3306 on the remote server. On the protocols tab there is a button for
> "Ports". I assume in the process of setting up the protocol, I had
> mistakenly set the source port to 3306 only. When I switched it to "Allow
> traffic from any allowed source port" it worked.

Ok, I see then. That's fine. I think it is the default anyway. Maybe you
mistakenly didn't let it be that way from the begginning. You're probably
fine now.

That's one of the dialog boxes that no one hardly ever touches or changes,
so it's easy to forget it is there. It allows you to limit the source ports
to a certain range,...but I don't know anyone who actually does that.

hazee

unread,
Dec 10, 2012, 12:42:11 PM12/10/12
to
Phillip Windell wrote on 05/26/2009 13:06 ET :
> "Peter D" wrote in message
> news:
>> From the Porperites of the rule, I went to the Protocols tab. I had
>> previously set up a new protocol for MySQL allowing outbound TCP
>> connections
>> to 3306 on the remote server. On the protocols tab there is a button for
>> "Ports". I assume in the process of setting up the protocol, I had
>> mistakenly set the source port to 3306 only. When I switched it to
>> "Allow
>> traffic from any allowed source port" it worked.
>>
>>
>
> Ok, I see then. That's fine. I think it is the default anyway. Maybe you
> mistakenly didn't let it be that way from the begginning. You're probably
> fine now.
>
> That's one of the dialog boxes that no one hardly ever touches or changes,
> so it's easy to forget it is there. It allows you to limit the source ports
> to a certain range,...but I don't know anyone who actually does that.
>
> Phillip Windell
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
>
He there ..

I am facing a similar issue .. I have followed all the steps but still can pass
through the proxy.

I have developed a .net application that fetches the data from a MySql database
from internet. I am using odbc connector to connect to my server over internet.

hazee

unread,
Dec 11, 2012, 11:29:18 PM12/11/12
to
I still can not pass through***

Pls help.
0 new messages