Login

Consultor Eletrônico



Kbase P131950: Can I use port forwarding and an SSH tunnel to connect to a database with ODBC or JDBC?
Autor   Progress Software Corporation - Progress
Acesso   Público
Publicação   5/30/2008
Status: Unverified

GOAL:

Can I use port forwarding to connect to a database with ODBC?

GOAL:

Can I use port forwarding to connect to a database with JDBC?

GOAL:

Can I use an SSH tunnel to connect to a database with ODBC?

GOAL:

Can I use SSH tunnel to connect to a database with JDBC?

FACT(s) (Environment):

All Supported Operating Systems
OpenEdge 10.0x
OpenEdge 10.1x
Progress 9.1x

FIX:

SSH and port forwarding will work as long as you keep in mind the
following:
An OpenEdge client-server database connection requires two TCP connections, one for the broker, and another one to the remote server. The TCP port number for the connection to the
remote server is allocated dynamically. It would lie somewhere above 1024 on Unix and 3000 on Windows, but there is no way to know it in advance. It will be between the minport and maxport values used at database startup.
You would need to ensure that the port numbers stay the same at both ends of the tunnel.
There is an additional issue that while most SSH clients can redirect any number of port numbers, they cannot be configured for a range. Therefore if don't know what your port range is, you
would need to set up a very large number of port redirections in your connection to cover all possibilities, which would be possibly very expensive for the SSH client.
These are some possible solutions:
1. Do not use SSH port forwarding, but rather SSH virtual networking (ssh
-w on supported platforms)
2. Use OpenVPN, which uses a SSH tunnel. This will essentially create a VPN using a SSH connection,
removing the need to redirect individual ports. See http://openvpn.net/ for further information.
3. Use OpenVPN on its own or another VPN solution.
4. Set up a secondary database broker for the remote SSH-based
connections, with a restricted remote server port range serving on only
5-10 different ports. The drawback of this method is that only 5-10
clients would be able to connect using this broker, and you would need
to grow the number of secondary brokers to cover such uses.