The following bug has been logged online:
Bug reference: 3968
Logged by: Faheem Mitha
Email address: faheem@email.unc.edu
PostgreSQL version: 8.1.11
Operating system: Debian etch
Description: ssh tunnel instructions could use improvement
Details:
Hi,
Currently http://www.postgresql.org/docs/8.3/static/ssh-tunnels.html
has instructions that say to set up a local port forward
to do
ssh -L 333ssh -L 3333:foo.com:5432 joe@foo.com
I think this should be changed to
ssh -L 3333:localhost:5432 joe@foo.com
The reason is that this assumes the postgres server on foo.com allows
connections from foo.com, since trying to connect to port 3333 on the local
machine using the instructions given in the docs, will attempt to initiate a
connection to the postgres server, which will appear to it to be coming from
foo.com.
However, it appears more likely, and is the Debian default, that the server
only allows connections on localhost. This is a major source of potential
confusion for people not familar with port forwarding.
Also, I'd suggest mentioning that you can put other
addresses in place of localhost, but that the database needs to give
permission to connect from those addresses, and in particular for
ssh -L 3333:localhost:5432 joe@foo.com
psql -h localhost -p 3333 postgres
to work, the database needs to allow a TCP/IP connection from localhost.
This seems a pretty standard default, though.
Faheem.
