On Mon, 2005-05-16 at 07:35, Adam Witney wrote:
> Hi,
>
> I have a web application (PHP) which runs on its own box, and connects to a
> database on a second box. The database box is behind the firewall and only
> accepts connections from the web server.
>
> I have set up stunnel on the web server and I would like to allow some
> limited external direct access to the db server, but I would like
> connections from stunnel to only access a specific database. The problem is
> that both the web server and the stunnel connections will come from the same
> box, and hence the same IP address, is there anyway I can distinguish
> between these two connection methods in pg_hba.conf? (I can't do it on
> username either)
Add an alias to each machine's ethernet card, along with a name. So, if
you've got 10.1.1.1 as the IP on the web server and 10.2.1.1 on the db
server, add 10.1.1.2 and 10.2.1.2 on each respectively, and give them
some similar name, like web02 and db02 if their names are web01 and
db01. Set up routes to use the other IP addresses with those names and
you should be able to do it.
I haven't fleshed it out step by step, but you get the basic idea,
right?