Set Up SQL Server with Proxy Server

SUMMARY
SQL Server can operate transparently with Proxy Server to prevent unauthorized access to your internal network. By using this configuration, you do not have to connect the computer running SQL Server directly to the Internet.

When you run SQL Server on a computer located behind Proxy Server, SQL Server is protected by the packet filtering features of Proxy Server. You can configure Proxy Server to permit or deny inbound SQL Server access to specific users, services, ports, and IP domains.

This article describes how to configure SQL Server for use with the Server Proxy features of Proxy Server.

If you are running Proxy Server 2.0 on Microsoft Windows 2000, visit the following Microsoft Web site to update the Proxy Wizard: http://www.microsoft.com/isaserver/evaluat...s2000HotFix.asp

Note The information in this article does not apply to Microsoft Internet Security and Acceleration (ISA) Server.

Configuration Scenario

This article describes how to configure SQL Server for use with Proxy Server in the following scenario:

? The computer running SQL Server is located on an internal network and has an IP address of 209.58.170.10.
? The Proxy Server computer has two network adapters. One network adapter is connected to the internal network and has an IP address of 209.58.170.20. The second network adapter is connected to the Internet and has an IP address of 157.57.25.30.
? You want to gain access to the computer running SQL Server from a client workstation that is located on the Internet.

Configure SQL Server with Proxy Server

To configure SQL Server for use with Proxy Server, follow these steps:

1. On the computer running SQL Server, configure TCP/IP Sockets as one of the network protocols. To do so, use SQL Server Network Utility to enter the proxy address: a. Click TCP/IP, and then clickProperties.
b. In the Edit Network Library Configuration dialog box, verify that the port is set to 1433 and the proxy address is set to the external IP address of the Proxy Server computer.
Note If the IP address is set to the internal IP address of the Proxy Server computer, it does not work.
2. Make sure that your instance of SQL Server is not running under the context of the service account.
3. In User Manager, create a user account that has all the permissions that are required run SQL Server.
4. Click the Permissions tab in the Winsock Proxy properties, and then add the new user account. Consider assigning Unrestricted Access to this account.
5. Create the following Wspcfg.ini file on the computer running SQL Server, and then put it in the same folder as the Sqlservr.exe file. By default, this folder is the C:\Mssql7\Binn folder for SQL Server 7.0 and the C:\Mmssql\Binn folder for SQL Server 6.5. To do so, run the following code: [sqlservr]
ServerBindTCPPorts=Port_number
Persistent=1
KillOldSession=1

6. Install and configure Proxy Server by using the documentation that is provided with the product.
7. Add the IP address (209.58.170.10) of the computer running SQL Server and the internal IP address (209.58.170.20) of the Proxy Server computer to the local address table (LAT) on the Proxy Server computer.
8. By using the computer running SQL Server, connect to the MSPCLNT share on the Proxy Server computer, and then install the Winsock Proxy Client.
9. Restart the computer running SQL Server for the changes to the Winsock driver to take effect.

The SQL Server service is restarted if the SQL Server service is not set to Auto. The SQL Server 2000 error log shows the following entry: 2002-02-12 17:11:32.28 server SQL server listening on Winsock Proxy, Shared Memory, Named Pipes.
2002-02-12 17:11:32.28 server SQL Server is ready for client connections

Note The error log no longer reports the IP address of the local server. It now shows that the computer running SQL Server is listening on Winsock Proxy instead of IP address and port.
10. Configure the client workstations to gain access to the computer running SQL Server through the Proxy Server computer. To do so, follow these steps: a. Start SQL Server Client Network Utility, and then click the General tab.

Note For SQL Server 6.5 clients, start the SQL Server Client Configuration Utility, and then click the Advanced tab.
b. To create an entry for the computer running SQL Server, click Add, and then select TCP/IP as the network library.
c. Provide a server alias, and then on the Computer Name line, type the external IP address of the Proxy Server computer (157.57.25.30).
d. Make sure that the Port Number field contains the correct port number. By default, the port number is 1433.

11. From the client computer, verify the connection to the computer running SQL Server. To do so, start SQL Query Analyzer (in SQL Server 7.0) or start ISQL/w (in SQL Server 6.5), and then connect to the server that you specified in step 10b.

APPLIES TO
? Microsoft SQL Server 6.5 Standard Edition
? Microsoft SQL Server 7.0 Standard Edition
? Microsoft SQL Server 2000 Standard Edition
? Microsoft SQL Server 2000 64-bit Edition
? Microsoft Proxy Server 2.0 Standard Edition