Using ODBC across a firewall

I'm trying to use iptables for locking-down Vertica to a limited list of trusted source IPs. I'm using the community edition in a single-node mode (no cluster) with a pyodbc client. According to the "EnsurePortsAreAvailable" page , I only need port tcp/5433 to be opened for making an ODBC connection, but for the sake of debugging I've opened all the ports for this specific source.

 

The problem is my ODBC connection hangs when a firewall is configured. I ran tcpdump with and without the firewall, and the network behavior seems similar - the tcp/5433 connection is successfully established and I can see packets going back and forth.

 

When I look into the ODBC driver log, I see that the last message is something like:

VMetadataSource::Execute: out_metadataQuery: select * from (select CASE WHEN (UPPER(type_name) = 'CHAR') ...

 

So clearly the driver sent an SQL statement to the server and never got a reply back. When I run it without the firewall, I can see the following lines in the driver log:

VMetadataSource::Execute: Command status: SELECT, 2 tuples 19 fields
VBaseResultSet::DoMoveToNext: m_rowItr: -1, m_currentResultSetSize: 2, resultStatus: 2
Connection::SQLSetConnectAttr: Attribute: 113

 

Any ideas what's happenning here?

Comments

  • Hi

     

    Can you share the output of

     

    iptables -nvL ?

     

    Regards

    Gayatri

  • I figured this out eventually. It's the udp/4804 Spread port used for daemon-to-daemon connections. it's somewhat weird that iptables is blocking internal loopback connections, which are not a security concern. but then I guess that iptables is used for other stuff than firewalling, so it has to apply for all traffic.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file