Cant TELNET my MSSQL SERVER After 1:1 NAT From Internet Side

dilhanmail

Hi,

My requirement is to create a HyperV Windows 10 VM with MS Sql Server which will be accessed by an certain application from both Intranet and Internet.

PfSense FW - LAN IP - 192.168.1.254 / WAN IP - xxx.xxx.219.154
I have 5 public ips from xxx.xxx.219.153 - xxx.xxx.219.158
xxx.xxx.219.153 is the WAN gateway

I have two virtual Servers

One web server which I have 1:1 NAT from xxx.xxx.219.158 >>>>192.168.1.10 through port 80 which is working fine.
Windows 10 VM with MS SQL Server which I'm trying to NAT from xxx.xxx.219.157 >>>>192.168.1.11 through port 1433 which is not working.
I can ping xxx.xxx.219.157 from both WAN and 192.168.1.11 from LAN.
I can telnet port 1433 from LAN side to the 192.168.1.11
But i cant telnet xxx.xxx.219.157 from WAN
I even tried by making the destination port any in the firewall rule.
Because of this my application can't access the database from WAN side. It is only working from LAN side. I do not want to make the DB server facing internet directly.

Really appreciate if you can advice me on this regard. (Screen shots are below)

VERTUAL IP.PNG

NAT 1-1 Entry.PNG

FW rule for 1-1 NAT.PNG

kiokoman

i can't ping but
x.x.219.157:1433 port is open
maybe check windows firewall

your ip is on the cmd screenshot, you forgot to hide it

check pfsense firewall log, you enabled packets log, you should see something there if it's passing or not
also diagnostic / packet capture or wireshark could be useful

dilhanmail

Thanks. Ill try

Gertjan

Hi,

Just to be sure :

You know that a vanilla "MySQL" server setup (should I say : MariaDB ?) only listens to "localhost", which was 127.0.0.1 in the old days, ::1 today.
So check your MySQL server config, so it accepts connections from a server's (host) IP - probably some RFC1918.
You are even accepting connedction form the outside world : that means you have to "accept" - probably by editing the mysql.ini file.
Even MySQL users, used to login, have to have the right to access the server from "any" IP.

@kiokoman said in Cant TELNET my MSSQL SERVER After 1:1 NAT From Internet Side:

x.x.219.157:1433 port is open

Wait !!!!
I'll give it a try using a mysal client, using the default phpmyadmin user/password, see if it works (and work my way up from there )

dilhanmail

@kiokoman

I think i missed something. It looks like i can telnet from a Internet connection other than than the one used in my LAN. Sorry for troubling u guys. I forgot to to do that earlier. Thanks again for your advice's.

kiokoman

nice