0

I am trying to connect to Firebird 4.0 on my server from a remote PC but always failed. It always reports: "connection rejected by remote interface."

My server uses Windows Server 2012 R2. I already test using telnet to my server on port 3050 and it did not block. So I guess it is not because of a firewall issue.

This does not happen when I am using Firebird 2.5.

Is there any additional setting that I must do if using Firebird 4.0?

Mark Rotteveel
  • 100,966
  • 191
  • 140
  • 197
Ongky
  • 39
  • 1
  • 4
  • You need to provide more information. How are you connecting? What language do you use, which driver do you use? Is it compatible with Firebird 4.0? The error _"connection rejected by remote interface"_ has a lot of potential causes, but with Firebird 3.0 and higher, it generally means that you're trying to connect with a library that does not support the wire protocol encryption introduced in Firebird 3.0, and that you need to configure your Firebird server with `WireCrypt=Enabled` (instead of the default `Required`), and possibly you need to use legacy authentication. – Mark Rotteveel Nov 30 '21 at 12:07
  • For example see ["connection rejected by remote interface" in C# program connecting to Firebird 3](https://stackoverflow.com/questions/47786337/connection-rejected-by-remote-interface-in-c-sharp-program-connecting-to-fireb), and [GDS Exception. 335544421. connection rejected by remote interface](https://stackoverflow.com/questions/46942199/gds-exception-335544421-connection-rejected-by-remote-interface) – Mark Rotteveel Nov 30 '21 at 12:09
  • It can also occur if you're using fbclient, but using a fbclient of Firebird 2.5 or earlier instead of Firebird 4.0. – Mark Rotteveel Nov 30 '21 at 12:10
  • Hi Mark, I am connected from Windows 11 using IBExpert. I want to migrate my current database using Firebird 2.5 to Firebird 4.0. – Ongky Dec 01 '21 at 05:52

2 Answers2

1

You should try to set the following parameters in firebird.conf file:

AuthServer=Srp256,Srp,Legacy_auth 
AuthClient=Srp256,Srp,Legacy_auth 
UserManager=Srp,Legacy_UserManager 
WireCrypt=Enabled

If the problem remains you can try to completely switch off newest security features of FB 3.0/4.0 with following set of parameters:

AuthServer = Legacy_Auth
AuthClient = Legacy_Auth
UserManager = Legacy_UserManager
WireCrypt = Disabled
WireCompression = false
DataTypeCompatibility = 2.5

These will set for the server a mode fully compatible with older clients.

Andrej Kirejeŭ
  • 5,381
  • 2
  • 26
  • 31
  • Blindly applying these settings will reduce security for clients that do support wire encryption and the more secure authentication protocols. It is better to set `AuthServer=Srp256,Srp,Legacy_auth`, `AuthClient=Srp256,Srp,Legacy_auth`, `UserManager=Srp,Legacy_UserManager` and `WireCrypt=Enabled`. Changing `WireCompression` to false doesn't make much sense, as this is a client setting, and if the client doesn't support compression, it simply won't ask for it. – Mark Rotteveel Nov 30 '21 at 13:41
  • I see, but bet @Ongky has some legacy windows system. And based on our experience parameters above allows us to quickly connect older applications to the newer versions of FB 3.0/4.0 with a level of security not less than it was before. – Andrej Kirejeŭ Nov 30 '21 at 15:09
  • The parameters I suggested will still allow legacy applications to connect, without hampering security for applications that do support wire encryption and the more recent authentication plugins. – Mark Rotteveel Nov 30 '21 at 15:28
  • I have updated the answer. – Andrej Kirejeŭ Nov 30 '21 at 15:40
  • I have updated "firebird.conf" with the configuration suggested by Andrej and I have successfully connected to the database using IBExpert remotely. With "DataTypeCompatibility=2.5", remotely can edit stored procedures normally but when I use IBExpert on my server I get the error "Invalid value in SQLDA structure.". When I erase "DataTypeCompatibility=2.5" and restart Firebird, I get the opposite. How can I edit the stored procedure remotely or from the server directly without error messages? Is there any configuration I need to set on my laptop? – Ongky Dec 01 '21 at 06:14
  • Can you look at what exactly fbclient.dll/gds32.dll ibexpert uses? The library with the full path to it is specified at the bottom of the DB registration screen. – Andrej Kirejeŭ Dec 01 '21 at 07:19
  • it uses gds32.dll not fbclient.dll. when I uses fbclient.dll it generate error: Client Library is missing or invalid: C:\Program Files\Firebird\Firebird_4_0\fbclient.dll Notice, that you have to use 32-bit client library even if you connect to 64-bit version of Firebird/Interbase because IBExpert is a 32-bit application. In case you specify a 64-bit version of client library dll instead of 32-bit one you can get this error. – Ongky Dec 01 '21 at 08:33
  • @Ongky I would suggest that you create a new question with a[mre] of this problem instead of trying to ask follow-up questions in the comments. Alternatively, asking your question on the [firebird-support Google Group](https://groups.google.com/g/firebird-support). As an aside, if your application uses gds32.dll, then use the installer (or instclient) to install the gds32.dll shim. – Mark Rotteveel Dec 01 '21 at 09:03
1

ibExpert expects the remote system to provide a 32 bit fblibclient.so, even if all machines are 64 bits. But if you downgrade the server from Firebird 64 to 32 you are no more able to read 64 bit generated .fdb files. A solution for presenting to ibExpert a 32 bit fblibclient.so in a 64 bit environment is needed.

Marco Bassi
  • 11
  • 1