Firewall connections

There are restrictions on connections when the client application is on one side of a firewall and the database server is on the other side. Firewall software may filter network packets according to network port. Also, it is common to disallow UDP packets from crossing the firewall.

Usually, you can connect through a properly configured firewall using the Host connection parameter and providing the database server address and port. If the database server is using the default port of 2638, the port is not required.

The following connection string fragment connects to a database server named myserver running on a computer at address serverhost using port 2020. No UDP packets are used because the Host connection parameter specifies the TCP/IP address and port.

Server=myserver;Host=serverhost:2020

Firewalls that only allow certain client ports

If the firewall must be configured to allow only certain client ports, then you must use the CommLinks(LINKS) connection parameter instead of the Host connection parameter. The following TCP/IP protocol options are required when you use the CommLinks connection parameter:

Host – Set this protocol option to the host name on which the database server is running. You can use the short form IP.
ServerPort – If your database server is not using the default port of 2638, you must specify the port it is using. You can use the short form PORT.
ClientPort – Set this protocol option to a range of allowed values for the client application to use. You can use the short form CPORT.
DoBroadcast=NONE – Set this protocol option to prevent UDP from being used when connecting to the server. You can use the short from DOBROAD.

Your firewall must be configured to allow TCP/IP traffic between the SAP Sybase IQ database server's address and all the SAP Sybase IQ clients' addresses. The SAP Sybase IQ database server's address is the IP address of the computer running the SAP Sybase IQ server (the HOST protocol option) and the SAP Sybase IQ database server's IP port number (the ServerPort protocol option, default 2638).

Use a range with more client ports than the maximum number of concurrent connections from each client computer since there is a several minute timeout before a client port can be reused. The range of clients specified in the ClientPort protocol option must match the range allowed by the firewall.

Example

The following connection string fragment restricts the client application to ports 5050 through 5060, and connects to a database server named myeng running on the computer at address myhost using the server port 2020. No UDP broadcast is performed because the DoBroadcast protocol option is set to NONE.

Server=myeng;LINKS=tcpip(ClientPort=5050-5060;HOST=myhost;PORT=2020;DoBroadcast=NONE)