stackoom
  简体   繁体   中英

Client with IP address 'yyy.yy.yy.yy' is not allowed to access the server. My client ip is xxx.xx.xx.xx

 原文  2021-10-12 01:46:12       azure/ networking/ ip

Question

I am trying to login to a newly created sql server in azure. Before connection, I am adding my client ip programmatically using azure-python sdk. Once my client ip is added, I try to login to database.

ProgrammingError: ('42000', "[42000] [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Cannot open server 'x' requested by the login. Client with IP address 'yyy.yy.yy.yy' is not allowed to access the server.  To enable access, use the Windows Azure Management Portal or run sp_set_firewall_rule on the master database to create a firewall rule for this IP address or address range.  It may take up to five minutes for this change to take effect. (40615) (SQLDriverConnect)")

This ip is different from the public ip that I get in my machine. What is the reason? I am connected to my company vpn.

I used this to retrieve my client ip - https://checkip.amazonaws.com/ - xxx.xx.xx.xx

Also, used the add client ip in azure - this gives the same result as xxx.xx.xx.xx. 在此处输入图像描述

What is the ip yyy.yy.yy.yy here? How can I retrieve this so that I will be able to whitelist this programmatically?

1 answers

solution1
 0 ACCPTED  2021-10-12 02:31:43

My suspicion is that you are connecting to your Azure service via your VPN tunnel, not your primary interface; therefore you would not be presenting your public IP to the Azure service. The IP you are fetching from your checkip URL is your public IP.

You can verify this by checking the output of route print in a Windows terminal or simply route in Linux. While your VPN is active, you should see the su.net of your Azure service listed with an interface that does not match your LAN IP. Something like this:

       0.0.0.0         0.0.0.0        192.168.2.1     192.168.2.12     25
       172.31.0.0      255.255.0.0    10.168.0.100    10.168.44.64      1

In the above example, the first row shows my LAN interface as the default route (192.168.2.12) which will be used for everything (0.0.0.0); except when I'm trying to get to 172.31.0.0/16 (my "azure service", hypothetically). In which case the 10.168.44.64 interface is used, which in this case is a VPN interface.

The default interface that uses 192.168.2.12 would present my public IP to services online that do not match the VPN rule, for example, your checkip URL.

If this is the case, then you'll want to add that su.net specified by the route command for your VPN interface, or the exact IP, depending on your requirements. In this example it would be 10.168.0.100.

If you wanted to do it programmatically, then you'd have to fetch the current IP of your VPN interface.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Client with IP address is not allowed to access the server Azure SQL database Cloud Run Service not picking up client correct IP address AWS ELB unhealthy 4xx JVM -XX:MaxRAMPercentage not being applied in container Redshift: SQL Error [XX000]: ERROR: Database my_db not found How to get client IP address in a Firebase cloud function? Unexpected end of JSON input at undefined line XXXX, columns xx-xx while reading in BigQuery How to solve "ssh: connect to host ec2-XX-XX-XX-XX.compute-1.amazonaws.com port 22: Connection timed out" error in AWS EC2 Unable to access workload at the IP address of the Kubernetes Service Why is my Docker Container not assigned with an IP Address?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM