地址为 IP 'yyy.yy.yy.yy' 的客户端不允许访问服务器。 我的客户ip是xxx.xx.xx.xx
[英]Client with IP address 'yyy.yy.yy.yy' is not allowed to access the server. My client ip is xxx.xx.xx.xx
问题描述
I am trying to login to a newly created sql server in azure. Before connection, I am adding my client ip programmatically using azure-python sdk. Once my client ip is added, I try to login to database.
我正在尝试登录到 azure 中新创建的 sql 服务器。在连接之前,我使用 azure-python sdk 以编程方式添加我的客户端 ip。添加我的客户端 ip 后,我尝试登录数据库。
ProgrammingError: ('42000', "[42000] [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Cannot open server 'x' requested by the login. Client with IP address 'yyy.yy.yy.yy' is not allowed to access the server. To enable access, use the Windows Azure Management Portal or run sp_set_firewall_rule on the master database to create a firewall rule for this IP address or address range. It may take up to five minutes for this change to take effect. (40615) (SQLDriverConnect)")
This ip is different from the public ip that I get in my machine.这个ip和我机器上得到的public ip不一样。 What is the reason?是什么原因? I am connected to my company vpn.我已连接到我公司的 vpn。
I used this to retrieve my client ip - https://checkip.amazonaws.com/ - xxx.xx.xx.xx我用它来检索我的客户 ip - https://checkip.amazonaws.com/ - xxx.xx.xx.xx
Also, used the add client ip in azure - this gives the same result as xxx.xx.xx.xx.此外,在 azure 中使用了添加客户端 ip - 这给出了与 xxx.xx.xx.xx 相同的结果。
What is the ip yyy.yy.yy.yy here?这里的ip yyy.yy.yy.yy是什么? How can I retrieve this so that I will be able to whitelist this programmatically?我如何检索它以便我能够以编程方式将其列入白名单?
1 个解决方案
解决方案1
0 已采纳 2021-10-12 02:31:43
My suspicion is that you are connecting to your Azure service via your VPN tunnel, not your primary interface;我怀疑您是通过 VPN 隧道而不是主接口连接到 Azure 服务; therefore you would not be presenting your public IP to the Azure service.因此,您不会将您的公共 IP 提供给 Azure 服务。 The IP you are fetching from your checkip URL is your public IP.您从 checkip URL 获取的 IP 是您的公共 IP。
You can verify this by checking the output of route print in a Windows terminal or simply route in Linux. While your VPN is active, you should see the su.net of your Azure service listed with an interface that does not match your LAN IP. Something like this:您可以通过在 Windows 终端中检查route route print的 output 或简单地在 Linux 中路由来验证这一点。当您的 VPN 处于活动状态时,您应该看到 Azure 服务的 su.net 列出了一个与您的 LAN IP 不匹配的接口。是这样的:
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.12 25
172.31.0.0 255.255.0.0 10.168.0.100 10.168.44.64 1
In the above example, the first row shows my LAN interface as the default route (192.168.2.12) which will be used for everything (0.0.0.0);在上面的示例中,第一行显示我的 LAN 接口作为默认路由 (192.168.2.12),它将用于所有内容 (0.0.0.0); except when I'm trying to get to 172.31.0.0/16 (my "azure service", hypothetically).除非我试图到达 172.31.0.0/16(假设是我的“azure 服务”)。 In which case the 10.168.44.64 interface is used, which in this case is a VPN interface.在这种情况下,使用 10.168.44.64 接口,在这种情况下是 VPN 接口。
The default interface that uses 192.168.2.12 would present my public IP to services online that do not match the VPN rule, for example, your checkip URL.使用 192.168.2.12 的默认接口会将我的公共 IP 呈现给不符合 VPN 规则的在线服务,例如,您的 checkip URL。
If this is the case, then you'll want to add that su.net specified by the route command for your VPN interface, or the exact IP, depending on your requirements.如果是这种情况,那么您将需要为您的 VPN 接口添加路由命令指定的 su.net,或确切的 IP,具体取决于您的要求。 In this example it would be 10.168.0.100.在此示例中,它将是 10.168.0.100。
If you wanted to do it programmatically, then you'd have to fetch the current IP of your VPN interface.如果您想以编程方式执行此操作,则必须获取 VPN 接口的当前 IP。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.