SQL Server – Linux – Configuring Firewalld

Background

Tried to access our recently upgraded SQL Server on Linux, but unable to do so from a different computer.

Troubleshooting

Introduction

Let use see which network ports our Microsoft SQL Server Instance is using.

Tools

lsof

Syntax


sudo lsof -i TCP

Sample

sudo lsof -i TCP | grep sqlservr | grep LISTEN

Output

 

lsof.01.20190908.0656AM

Explanation

  1. SQL Server is listening on a couple of ports
    • services
      • ms-sql-m
    • Ports
      • 56405

 

/etc/services

Syntax


sudo cat /etc/services

Sample


sudo cat /etc/services | grep ms-sql-d

 

Output

 

etc-services.01.20190908.0705AM

Explanation

  1. Service ms-sql-s is mapped to
    • tcp/1433
    • udp/1433

 

Remediation

firewalld

Knowing that we are on CentOS and running firewalld (as our firewall), let us see if it is configured to allow access to our SQL Server.

If it is not currently configured to allow access to SQL Server, we will allow access.

Outline

  1. List Network Interfaces
    • ifconfig
  2. Firewalld
    • firewall-cmd
      • Get Active Zones
      • List Services
      • Wireless Device – Change Zone
      • Move Application To Zone

Tasks

List Network Interfaces

ifconfig

Using ifconfig, list Network Interfaces

Syntax

ifconfig

Output

ifconfig.wireless.01.20190907.1138PM (brushedup).PNG

Explanation
  1. Our Database host has two Network Interfaces, a NIC card and a wireless adapter
  2. The wireless adapter is wlp2s0

 

Firewalld

firewall-cmd

Get Active Zones
Command

sudo firewall-cmd --get-active-zones

Output

getActiveZones.initial.01.20190907.1135PM.PNG

Explanation
  1. Zones
    • Public
      • Interfaces
        • wlp2s0
          • Wireless
        • enp0s31f6
          • Network Interface Card ( NIC )
List Services
Objective

List services in the Home Zone

Command

sudo firewall-cmd --zone=home --list-services

Output

listServices.home01.20190907.1148PM.PNG

Explanation
  1. Services
    • ssh
    • mdns
    • samba-client
    • dhcpv6-client

Wireless Device – Change Zone
Objective
  1. Change the zone for wireless interface to home
    • Interface :- wlp2s0
    • Targeted Zone :- home
Command

sudo firewall-cmd --zone=home --change-interface=wlp2s0

Output

changeZone.wireless.01.20190907.1139PM.PNG

Explanation
  1. Successfully changed interface zone to home
Change the zone for Service ( mssql )
Objective
  1. Change the zone for Service ( mssql ) to home
    • Service :- mssql
    • Targeted Zone :- home
Command

sudo firewall-cmd --zone=home --add-service=mssql

Output

moveAppToZone.01.20190907.1150PM.PNG

Explanation
  1. Successfully added service ( mssql ) to zone ( home )

Make Changes PERMANENT
Objective
  1. Change the zone for our wireless adapter
    • Network Interface Adapter :- wlp2s0
    • Targeted Zone :- home
  2. Change the zone for Service ( mssql ) to home
    • Service :- mssql
    • Targeted Zone :- home
Command -> Network Interface – Wireless to Home Zone – Permanent

sudo firewall-cmd --zone=home --change-interface=wlp2s0 --permanent

Output

changeZone.wireless.02.20190909.0320AM

Explanation
  1. Successfully transitioned Interface wlp2s0 to the home zone
  2. Change is permanent
Command -> Service – mssql to Home Zone – Permanent

sudo firewall-cmd --zone=home --add-service=mssql --permanent

Output

moveAppToZone.permanent.01.20190907.1151PM.PNG

Explanation
  1. Successfully added service ( mssql ) to zone ( home )
  2. Change is permanent

 

Command -> Service – mssql to Home Zone – Permanent

sudo firewall-cmd --zone=home --add-service=mssql --permanent

Output

moveAppToZone.permanent.01.20190907.1151PM.PNG

Explanation
  1. Successfully added service ( mssql ) to zone ( home )
  2. Change is permanent

 

Dedicated

Dedicated to Justin Ellingwood.

Writing for Digital Solutions, he wrote one for the ages :-

How To Set Up a Firewall Using FirewallD on CentOS 7
Link

References

  1. Microfocus
    • Novell
      • Jonathan Peck
        • Novell Cool Solutions: Tip
          • How to use the lsof command
            Link
  2. Digital Solutions
    • Justin Ellingwood
      • How To Set Up a Firewall Using FirewallD on CentOS 7
        Link

One thought on “SQL Server – Linux – Configuring Firewalld

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s