Firewalls with Ingres

>From: Wojtek Rappak 
>
>Can an Ingres client cooperate with a firewall?
>
>We want to place an Ingres server and a database outside the company's
>firewall.  This database will hold data delivered via the Web:  it's
>'exposed' and so has to be outside the firewall.
>
>We want our client applications (RW, OR, ESQL etc.) to retrieve this data
>from inside the firewall.  This means that we need an Ingres connection from
>the inside going out.  But the Company's security policy is very clear:  if
>you are inside and want to establish an outside connection, you must go
>through the firewall.
>
>Has anyone tackled this sort of issue?  For example, how do you specify the
>Ingres/Net connection port for the firewall?
>
>Wojtek Rappak
>BKB Client/Server (UK)

There are many issues with client's accessing Ingres from the Internet.

To use Ingres/NET, you must open the Ingres/Net port on the firewall.
I'm not sure what they mean by "through" the firewall, but it sounds like
they want you to use a "well known port".  You cannot.  

Even if you get them to open the firewall enough to let the Ingres/NET
protocol through, your troubles are not over yet.

Most CLIENTS on the Internet cannot make outgoing connections throught
the CLIENT SIDE firewall.  We have experienced this with JDBC and 
Java applets.

We have solved this problem by implementing HTTP tunnelling with 
our JDBC driver, allowing the client to use the same mechanism that
loads the Java applet to communicate back to the database.  This is also
the same mechanism CGI uses to pass data, so we are not subverting any
security.

Firewalls are fun.  Mostly because there is great "fear" associated with
them, and many misconceptions.  Your firewall problems are political.  The
firewall problems of your clients will be technical.

Cheers,

Michael Leo            mleo@cariboulake.com        mal@visi.com
Caribou Lake Software  http://www.cariboulake.com  Java/RDBMS/Ingres Solutions
Minneapolis, Minnesota (612) 323-9713
 



Hi,

You just have to open port 21064 "internal to external" in your firewall.
That way you will be able to query your DB (or any other Ingres Db in the
Internet)  located outside your network but no one can query your internal
servers.

Good luck !!

Christian Olivares.
Ingres Q & A
Back to William's Home Page

© William Yuan 2000

Email William