Configuring firewalls for Easysoft server processes

Contents

• Easysoft services and programs affected by firewalls on Windows
• Windows
  • Configuring firewall access in Windows Firewall
    • Defining an exception
    • Defining ports under a network connection
    • Firewall profiles
  • Logging dropped connections
  • Blocked connection dialog box
• ZoneAlarm
  • Installation

Easysoft services and programs affected by firewalls on Windows

Easysoft distribute the following services and programs which either listen on the specified ports or connect to the specified remote ports.

Service or program	Port	Connection type
Easysoft ODBC-ODBC Bridge server or Easysoft ODBC-ODBC Bridge server x64	8888 (for ODBC-ODBC Bridge clients)	Listening services
Easysoft ODBC-ODBC Bridge HTTP Admin or Easysoft ODBC-ODBC Bridge HTTP Admin x64	8890 Note that in pre-2.1 versions of the ODBC-ODBC Bridge, the HTTP Admin Server was a separate process started by the ODBC-ODBC Bridge server, rather than a separate service.	Listening services
JDBC-ODBC Bridge server or JDBC-ODBC Bridge server x64	8031 (HTTP Admin Server) 8831 (for JDBC-ODBC Bridge clients)	Listening services
ODBC-ODBC Bridge client	8888	Outgoing connection to ODBC-ODBC Bridge server
JDBC-ODBC Bridge client	8031	Outgoing connection to JDBC-ODBC Bridge server.
License Manager	8884	Outgoing connection to license.easysoft.com

Notes

• The table shows the default ports for Easysoft services and programs. These may be changed during and after installation.
• The ODBC-ODBC Bridge installation program creates Windows Firewall exceptions that allow remote machines to access the Easysoft listening services. No further Windows Firewall configuration should be necessary.

  If you are using a pre 2.1 version of ODBC-ODBC Bridge or a pre 1.5 version of JDBC-ODBC Bridge, you need to manually define Windows Firewall exceptions.

• On Windows Vista, the Windows Firewall can block outgoing connections as well as incoming connections. By default, the Windows Firewall allows outgoing connections. If this setting is changed and you are using an Easysoft client, an outbound rule needs to be added in Windows Firewall with Advanced Security that allows the client to connect to the remote port shown in the table.
• The program names for the ODBC-ODBC Bridge and JDBC-ODBC Bridge servers are esoobserver.exe and esjobserver.exe. esoobserver.exe is usually found in %programfiles%\Easysoft\Easysoft ODBC-ODBC Bridge\Server (for example, C:\Program Files\Easysoft\Easysoft ODBC-ODBC Bridge\Server). esjobserver.exe is usually found in %programfiles%\Easysoft\Easysoft JDBC-ODBC Bridge\Server (for example, C:\Program Files\Easysoft\Easysoft JDBC-ODBC Bridge\Server). Pre-2.1 versions of esoobserver.exe and pre-1.5 versions of esjobserver.exe are usually found in %systemroot%\system32 (for example, c:\windows\system32).

This document describes how to enable the above services and programs in Windows Firewall and ZoneAlarm. The same principles apply to other firewalls.

Windows

Windows contains a Firewall. The firewall is enabled by default unless you are using another recognised firewall.

If you are using group policies in your network then a number of the fields in the Windows Firewall may be greyed out, and, in any case, you should consult your system manager. Editing Windows firewall properties with group policies is beyond the scope of this document.

Configuring firewall access in Windows Firewall

There are two ways to allow remote machines to access listening services on your machine with Windows Firewall. The first is defined in the exceptions and the second in the network connections. In both cases, you need to log on to the machine hosting the service in an administrative role, for example, as the local or domain administrator.

Defining an exception

You need to manually configure Windows Firewall to allow connections to a new service.

The quick way to do this is using netsh firewall:

netsh firewall set portopening
protocol=tcp
port=8888
name="Easysoft ODBC-ODBC Bridge server"
mode=enable
scope=subnet

Set port and name as per the table here. mode can also be disable to turn off this port specifically and scope can also be all (for from any computer) or custom (more specific but needs additional arguments).

Alternatively, you can allow connections to any port the service is listening on. The way to do this is using netsh firewall:

netsh firewall set allowedprogram
program=c:\windows\system32\esoobserver.exe
name="Easysoft ODBC-ODBC Bridge server"
mode=enable
scope=subnet

The example above is for the ODBC-ODBC Bridge server but you can use the same method for the JDBC-ODBC Bridge server.

Firewall profiles

Be careful when defining exceptions in the Windows Firewall as the configuration is per profile. For example, if you log into the machine with a domain account, change the firewall and then log back into the same machine with a local account, the Windows Firewall profile is different.

Logging dropped connections

Windows Firewall does not display a dialog box when a connection is blocked by the firewall. Neither does it log to the event log. If you want to list blocked connections you need to use the Windows Firewall interface to do this.

Once firewall logging is turned on, you can examine the specified file to find out what the firewall is blocking.

For connection packets blocked to the ODBC-ODBC Bridge server port 8888, the log will contain lines like this:

2004-09-07 21:31:32 DROP TCP 192.168.5.4 192.168.5.1 1027 8888 60 S 863130960 0 32120 - - - RECEIVE

For packets blocked to the ODBC-ODBC Bridge HTTP administration server, the log will contain lines like this:

2004-09-07 21:42:41 DROP TCP 192.168.5.4 192.168.5.1 1030 8890 60 S 2151300017 0 32120 - - - RECEIVE

where DROP indicates that the firewall threw the packets away.

Blocked connection dialog box

The ODBC-ODBC Bridge and JDBC-ODBC Bridge servers are usually run as a service under the service manager in Windows. However, they can be run from the command prompt as well; although not recommended. If you attempt to do this without defining access under Windows Firewall then the blocked connection dialog box is displayed.

What happens next depends on which option you select:

• Keep Blocking

  Blocks the process and adds an entry into your Firewall configuration under exceptions. The entry blocks the process and prevents the dialog box from displaying again.

• Unblock

  Unblocks the process and adds an entry into your Firewall configuration under exceptions. This means the process is permanently unblocked and you will not be asked again.

  Note The entry added has a scope of Any Computer so anyone who can connect to this computer has access to this service.

• Ask Me Later

  The process remains blocked but no entries are added to your firewall configuration.

ZoneAlarm

If you're using ZoneAlarm to protect your computer, you'll need to tell ZoneAlarm about the ODBC-ODBC Bridge or JDBC-ODBC Bridge. The example below is for the ODBC-ODBC Bridge but the process is very similar for the JDBC-ODBC Bridge.

Installation

ZoneAlarm displays a warning dialog box when a program you have not registered with ZoneAlarm attempts to access the Internet or attempts to act as a server. During the ODBC-ODBC Bridge installation, a ZoneAlarm dialog box may appear at these points:

• If you choose to install the ODBC-ODBC Bridge server, the installation creates and attempts to start the ODBC-ODBC Bridge server and HTTP Admin Server. By default, these services listen on ports 8888 (for ODBC-ODBC Bridge client connections) and 8890 (for HTTP requests) respectively. (In pre 2.1 versions of ODBC-ODBC Bridge, the HTTP Admin Server was a separate process that listened on port 8890 rather than a separate service.) Each attempt by the ODBC-ODBC Bridge server to listen on these ports causes ZoneAlarm to display a dialog box.

  You need to choose Allow and probably Remember this setting (to avoid future alerts) to allow the ODBC-ODBC Bridge server to work correctly. If you Deny either, the ODBC-ODBC Bridge server will be blocked from receiving connections from ODBC-ODBC Bridge clients and browsers using the ODBC-ODBC Bridge HTTP Administration server.

• If you choose to install the ODBC-ODBC Bridge server, the installation starts the Easysoft License Manager. If you attempt to obtain a license automatically, a ZoneAlarm dialog box is displayed.

When you connect to an ODBC-ODBC Bridge client data source, a Zone Alarm security alert displays. For example, if you click Test when configuring an ODBC-ODBC Bridge client data source, ZoneAlarm displays a dialog box.

You need to choose Allow and perhaps Remember this setting if you don't want to be prompted about this again.

• About Easysoft

• Contact us
• About us
• Clients
• Blog
• Careers

• Products

• ODBC drivers
• JDBC drivers
• Bridges and gateways
• In development

• Services

• Consultancy
• Training
• Custom development

• Licensing

• Product licenses
• Prices

• Support

• Support home
• Solution wizard
• Getting Started Guides
• User Guides
• Knowledge Base

• Search

• Easysoft.com
• Documentation
• Knowledge Base

• Popular Resources

• Developer area
• Client applications

• Legal

• Privacy statement

© 1993 - 2024 Easysoft Limited. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other trademarks and registered trademarks appearing on easysoft.com are the property of their respective owners.

• 
• 
•