Cannot Connect to a Firebird 2.5 database remotely

0
votes

I currently have a Firebird 2.5 database at a client premises, installed on a Windows 7 Pro machine (32 bit), that has multiple stations in their local network that can connect to the database, along with the local machine being able to connect with our application and IBExpert.

However, for some of our software packages, a remote connection is required (outside of the local network). This previously was working but no longer works.

When I connect with FlameRobin from my office (I'm located in a different city / different network), I receive the following error message:

IBPP::SQLException

Context: Database::Connect

Message: isc_attach_database failed

SQL Message: -923

Connection not established

Engine Code : 335544421

Engine Message : 

connection rejected by remote interface.

Performing this connection attempt with IBExpert, both from my office and from other external networks fail with a same message.

However, I am getting TCP/IP communication from what I can see. Here are the details of my troubleshooting steps for the last week:

  • Originally, I was receiving the following error when connecting from outside the network:

    "Connection not established

    Connection refused by remote interface"

Since that time, we have done a restart of the router and now have the current "connection rejected by remote interface." error message.

  • I can telnet to the public IP through port 3050 from my office and other outside networks.

  • I tested port 3050 on sites like YouGetSignal.com or CanYouSeeMe.org and they appear as open.

  • Other ports that we communicate on publicly are open and communicating.

  • The site has Kaspersky antivirus installed but all tests to connect via IBExpert while Kaspersky was in sleep mode behaved the same.

  • Installation of Firebird 2.5 to another workstation in the same local network, pointing to port 3051 (both in Firebird.conf and in the Windows Firewall and Router) show up as being open through Telnet and CanYouSeeMe.org but again, cannot be communicated on from outside via port 3051.

  • IBExpert works from a workstation in the network to the server

  • The server currently has no entry for RemoteBindAddress in the Firebird.conf

  • Wireshark shows that when a connecting from outside, there are packets coming through.

  • The TCP/IP test in IBexpert under Communication Diagnostics for the public IP as the host and the Service show the following Test Results:

    Attempt connecting to XX.YY.ZZ.AAA.

    Socket for connection obtained.

    Found service 'GDS_DB' at port '3050'

    Connection established to host 'XX.YY.ZZ.AAA',

    on port 3050.

    TCP/IP Communication Test Passed!

  • Database path, username, and password have all been checked multiple times.

  • locally on the server, I've changed security of the database.FDB and the security2.FDB to have Everyone, Full Control

At this point, we have a scheduled restart of the ISP's modem happening soon, although the fact that we have full TCP/IP communication over the port makes me doubtful that this is the issue.

If anyone can lead me down any recommended next steps to debug or to any tools that are available to help in this situation, that would be greatly appreciated.

1
database-connectionfirebird
Maybe the following like my help. stackoverflow.com/questions/745494/… The link explains that maybe the client dll in your remote client is corrupted. HTH - Ed Mendez
It looks like whatever listens on the public IP port 3050 - is not Firebird. Whatever there is. Maybe there is some TCP proxy, that has to route your incoming connection to some fixed server in the LAN - and that internal server is down, or something. I think that client has to wireshark his net and see what exactly happens on their end when you try to connect. Additionally, letting FB uncontrollably out to the public net is maybe not the best idea. Try to use Zebedee or OpenVPN or something like that to make an encrypted tunnel between your station and client's LAN, then connect from inside - Arioch 'The
@EdMendez That question (and its solution) sound to me like a very uncommon edge case. The problem here seems to be more one of network configuration, routing, firewalls, etc. - Mark Rotteveel
I'd be really surprised if opening up a port on a random workstation in a network (your 'port 3051' example) would make that port on that machine publicly accessible from outside that network without some explicit configuration on the network gateway or firewall. You don't provide sufficient information to even begin troubleshooting this. - Mark Rotteveel
@MarkRotteveel, my port 3051 example was shortened but for clarity, I performed a standard 2.5 install on a workstation in the network, I stopped Firebird and changed the Firebird.conf RemoteServicePort value to port 3051, added an exclusion to the Firewall for port 3051 in Windows Firewall, confirmed connectivity from the problematic server to the local IP and custom 3051 port via IBExpert, then provided port forwarding to the workstations IP to the 3051 port. The behavior was the same. - Chris L

1 Answers

0
votes

This turns out to be a networking issue. We performed the following tests:

  • We performed a power cycle on the ISP's modem which showed no change in behavior
  • We connected a laptop directly to the ISP's modem but couldn't communicate to FB even with proper port forwarding rules in place on the machine and firewall.
  • We ran wireshark on both sides and on connection attempts, we found many attempts to connect with retransmissions that failed.

The technical team at the client side decided to install a VPN capable router and now we're good to go. From what we found there may be some kind of ISP blocking occurring as many of the tech teams remote services were failing to connect with similar behavior.

Hopefully this post helps people in the future with remote connectivity debugging, and all of the places you can look at when you're running into this problem.