Hello everyone,
yesterday I found the following questions worth asking, since this has been
asked before but apparently not been answered
(port usage and firewall setup
http://listserv.sap.com/pipermail/sapdb.general/2002-April/011497.html).
Today I did some researching and experimenting and can answer quite a bit
myself. But not everything is clear to me, yet. So if you are interested,
please read on and help to clear things up more.
The problem
-------------
We are using a Linux server (SuSE 7.3) and Windows NT 4 (SP 6) workstations.
We would like to put the database (on the Linux server) behind a firewall
and do the administration via "SQL Studio" and "Database Manager" through a
secure-shell-tunnel, ODBC access would be required, too.
So my question is: What ports are used for communication between client and
server by these tools? I.e. what ports need to be forwarded through ssh or
what ports need to be open on the firewall to access the server?
And further: What are the functions of the different components listening on
tcp sockets, especially the niserver and the second port used by the vserver
(for "ADABAS coexistence" as mentioned in
/opt/sapdb/depend/env/vserver.use)?
Here is what I have found out so far:
---------------------------------------
The web tools (i.e. the SAPdb web server) is listening on port 9999 on
default, which can be configured in /opt/sapdb/web/config/WebAgent73.ini. If
another webserver is used, this will be different, of course.
The niserver seems to be listening on 7269.
The vserver seems to be listening on both 7200 (sql30 = adabasd remote sql)
and 7210 (sql6 = sapdb).
The vserver (which is started with the x_server command) automatically
starts the niserver. One can prevent this using the '-Y' switch. To prevent
opening of the second port 7200 (for "ADABAS coexistence") one can issue the
'-X' switch. (see /opt/sapdb/depend/env/vserver.use).
So only one open port (7210 = sql6 = sapdb) seems to be necessary to connect
to the dbmserver via "Database Manager" for example. "SQL Studio" works
under these conditions as well as an ODBC connection (e.g. via MS ACCESS).
Changing the port:
--------------------
Starting the vserver with 'x_server -Y -S <PORTNUMBER>' allows you to choose
this one port freely. The tools are having problems with that, however.
An ODBC-connection works well if the datasource is defined with the server
specified as <IPADDRESS>:<PORTNUMBER>.
"SQL Studio" works with this notation, too.
"Database Manager" gives an '-4 communication error' when confronted with
this notation as well as with a comma (,) instead of a colon (:).
Port forwarding with SSH:
---------------------------
With openssh one can forward ports on remote machines through an encrypted
tunnel with something like the following command
ssh -L <LOCALPORTNUMBER>:<REMOTEIPADDRESS>:<REMOTEPORTNUMBER>
<USERNAME>@<REMOTEIPADDRESS>
The servive listening on <REMOTEPORTNUMBER> on the remote machine should
then be reachable on the local machine (localhost).
If <LOCALPORTNUMBER> is 7210 the situation is as follows (and quite the
opposite of the "Port change"-Scenario):
The "Database Manager" works well with this if "localhost" or "127.0.0.1" is
specified as server.
"SQL Studio" complains about an inactive XSERVER:
ODBC-Error[SAP AG][SQLOD32 DLL][SAP DB]Unable to connect to data
source;-709 CONNECT: (XSERVER might be inactive).
return-code: SQL-ERROR (-709)
An ODBC-Connection fails with a very similar message (SQL-ERROR -709 with
some remarks from the ODBC driver).
Our main problem here is to get the ODBC/SQL-Studio connection to work
through the ssh-tunnel. Additionally it would be very nice to be able to use
ports different from 7210 to be able to connect to more than one instance of
sapdb at a time (e.g. to transfer data from the test-environment to the
production-environment).
Does anyone know how to do this? Has anyone experimented with similar
settings?
I would be very glad about any feedback!
Best regards,
Andreas Mohrig
- IT-Entwicklung -
cadooz AG
Osterbekstr. 90b
22083 Hamburg
Email: [EMAIL PROTECTED]
Tel.: +49.40.271 482-13
Fax.: +49.40.271 482-11
Web: www.cadooz-business.de
www.cadooz.de
_______________________________________________
sapdb.general mailing list
[EMAIL PROTECTED]
http://listserv.sap.com/mailman/listinfo/sapdb.general
