# poke hole in firewall for port 1433



## jmoponfire (Jul 2, 2014)

I have 2008 ms sql server on a server inside of university network (Windows 2008 Standard SP 2). I have another server outside of that network on Rackspace (Windows 2008 R2 SP1.) I need to connect to the sql server from outside the university network. 

The local firewall on the university machine has a rule for 1433 open. I have verified that it is open with both netcat and nmap....from inside the university network on a different machine. 

I requested that port 1433 be opened for my specific IP address (on the rackspace server, outside the university network) at the university firewall. After like a month, I finally got a notification that they opened it. However, I still cannot connect. 

I have tried a variety of different methods to validate whether the port is open or not. 

I use the nmap to check the port: 
nmap -p 1433 <university_server_ip>

result: 
Starting Nmap 6.46 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2014-06-18 15:46 Pacific Daylight Time
Nmap scan report for <university_server_name> (<university_server_ip>)
Host is up (0.054s latency).
PORT STATE SERVICE
1433/tcp filtered ms-sql-s

Nmap done: 1 IP address (1 host up) scanned in 1.32 seconds

It said the STATE was "filtered" before I made the request, and it still says that after the port has supposedly been opened. 

I also tried netcat: 

nc -vz <university_server_ip> 1433
<university_server_name> [<university_server_ip>] 1433 (ms-sql-s): TIMEDOUT

I also verified that the IP address that I requested the university allow (that is, the rackspace server IP), is the right one. I did this by inducing a 404 in the log on the university machine by requesting it from the rackspace machine. Yes, the 404 record in the log has the IP address that I thought it was. 

I use some VB.NET code snippet i wrote to test connections to db servers. I use it all the time and am pretty confident that when the caught exception is : 

"A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) "

That is is not because the script isn't working...

I connect to this database server (the one inside the university network) all the time from remote machines (that are also inside the university network), and I can't find any attempts in the sql logs on the inside machine from the rackspace machine. I'm wondering if my request is even reaching the target machine, and is just still being blocked at the University firewall. 


So my question is, am I missing something? Am I making an assumption that I shouldn't be? How can I describe to these ISOs that the port is still not open? Is the above enough? It seems like I have to wait a month or 6 weeks to even get a response to something I needed done yesterday. I have no access to the University's firewall. I have to enter a ticket in some system and wait. Is there any way I can be more specific (e.g. doing some kind of traceroute to see EXACTLY on what machine my request is being blocked?) I was thinking that when I submit my next "ticket" to this system that I can offer some kind of proof that the port is not open and it is something on their end. 

Thanks


----------

