Client - Server Communication and Network Protocols

Client IP Address Filtering

602SQL server can be setup so it enables client connection only from some specified IP addresses. IP address filtering disables client access from some computers or some networks and it's one of the tools that enhance SQL server security. IP filtering applies only to clients using the TCP/IP protocol. IP filtering has no effect on clients connecting to local server (on Windows) or clients accessing the server from a HTTP-tunnel.

When running clients on the same computer as the server on Linux, you have to specify 127.0.0.1 and the IP address of the computer to the enabled IP's list. This is not necessary for Windows.

You can specify both addresses that enable client connection and addresses that disable client connection. If you specify some enabled IP addresses, then the client is allowed to connect if its IP address is on the enabled list and isn't on the disable addresses list. If you don't specify any enabled address, then the client is allowed to connect from any address that isn't on the disabled list.

IP addresses can be specified separately, or in groups. An address group is specified by an address X and network mask M. An address Y belongs to such group, if it agrees with the X address in those bits, that are assigned value 1 in the network mask M.

Example:

If a group is described by an address 192.168.2.128 and a 255.255.255.192 mask, then all addresses from 192.168.2.128 to 192.168.2.191 belong to this group.

If a 255 value is set in the mask (11111111 binary), then the Y address must agree with the X address in all bits, i.e. it has to be the same value.

The X address value is 128 or 10000000 binary. The mask value is 192 or 11000000 binary. The Y address must therefore agree with the X address only in the first two bits of X, i.e. it can be a value from 10000000 (128) to 10111111 (191).

If a 0 value is set in the mask (00000000 binary), then the Y address doesn't have to agree with the X address in any bits, i.e. it can be of any value.

IP Address Setting:

IP addresses are specified usually in the 602SQL Development Client, System folder, on the IP filtering tab of the Runtime parameters window. The specified values are stored as server properties:

for TCP/IP protocol: enables addresses as IP_enabled_addrN, groups of enabled addresses as IP_enabled_addrN a IP_enabled_maskN, where N is a sequence number. All specified addresses and groups has to be marked continuously beginning from 1. The disabled addresses are marked likewise as IP_disabled_addrN, groups of disabled addresses as IP_disabled_addrN a IP_disabled_maskN.
for HTTP tunnelling: enables addresses as IP1_enabled_addrN, groups of enabled addresses as IP1_enabled_addrN a IP1_enabled_maskN, where N is a sequence number. The disabled addresses are marked likewise as IP1_disabled_addrN, groups of disabled addresses as IP1_disabled_addrN a IP1_disabled_maskN.
pro Web Access Interace: enables addresses as IP2_enabled_addrN, groups of enabled addresses as IP2_enabled_addrN a IP2_enabled_maskN, where N is a sequence number. PThe disabled addresses are marked likewise as IP2_disabled_addrN, groups of disabled addresses as IP2_disabled_addrN a IP2_disabled_maskN.

As the other server parameters, these can also be set by the Set_property_value function.

Example:

IP_enabled_addr1=192.168.1.0 
IP_enabled_mask1=255.255.255.0
IP_enabled_addr2=192.168.2.128 
IP_enabled_mask2=255.255.255.192
IP_enabled_addr3=192.168.3.33 
IP_disabled_addr1=192.168.1.182 
IP_disabled_mask1=192.168.1.254 
IP_disabled_addr2=192.168.2.170 
IP1_enable_addr1=192.168.3.33

allows TCP/IP access from addresses: 192.168.1.0 to 192.168.1.181, 192.168.1.184 to 192.168.1.255, 192.168.2.128 to 192.168.2.169, 192.168.2.171 to 192.168.2.191 and 192.168.3.33. HTTP tunnel from the address 192.168.3.33 is allowed as well.

A setting:

IP_disabled_addr1=192.168.1.182 
IP_disabled_mask1=192.168.1.254

enables access from all addresses except from 192.168.1.182 and 192.168.1.183.

Registering a Remote Server

Client - Server Communication and Network Protocols

Inactive Clients