Re: correct config (and syntax) for remote access - Mailing list pgsql-novice

From Bob McConnell
Subject Re: correct config (and syntax) for remote access
Date
Msg-id 49BED5D1.4090803@lightlink.com
Whole thread Raw
In response to Re: correct config (and syntax) for remote access  (P Kapat <kap4lin@gmail.com>)
Responses Re: correct config (and syntax) for remote access
List pgsql-novice
P Kapat wrote:
> On Sun, Mar 15, 2009 at 9:08 AM, Bob McConnell <rmcconne@lightlink.com> wrote:
>> P Kapat wrote:
>>> Host A (IP : 1.2.3.4) has the 8.1.11 postgress server running. I want
>>> to set it up so that I can connect from Host B (IP 5.6.7.8).
>>>
>>> Relevant lines from /var/lib/pgsql/data/pg_hba.conf (on host A)
>>> local   all         postgres                          ident sameuser
>>> local   all         all                               ident sameuser
>>> host    all         all         127.0.0.1/32          md5
>>> host    all         foouser      5.6.7.8/32       md5
>>>
>>> Relevant lines form /var/lib/pgsql/data/postgresql.conf (on host A):
>>> listen_addresses = 'localhost,5.6.7.8'
>>>
>>> Will this work? The firewall has 5432 port open for connection between A
>>> and B.
>>>
>> Not quite. The listen_addresses should be 'localhost,1.2.3.4'. localhost is
>> 127.0.0.1, which can be reached by any process on that machine. The other
>> address is the TCP/IP address for the interface you want postgres to receive
>> connections on. It has to be an address on the same computer as your server.
>> i.e. one that shows up when you run 'ifconfig' on that box. It is probably
>> easier to just use '*' unless you have multiple network interfaces.
>>
>> Don't forget to restart the server after you change those files.
>
> @Peter, Bob: Thanks. I had a wrong notion of "listen_addresses"!
> Everything works fine now...
>
> One final question: Is there any "security" related difference
> between, listen_addresses='localhost, 1.2.3.4' and
> listen_addresses='*' that I should be aware of? There is only one
> network card on the server machine, so does it matter?
>

AFAICT, when you run 'ifconfig' you get a list of all the interfaces
that will be able to access the server when you use '*'. As long as you
only have the one NIC and the loopback device, it shouldn't make any
difference. But as soon as you add another NIC, configure a VM, or
define a TUN or TAP device for a VPN, etc., you might want to limit the
connection list just to minimize the load from that traffic. However,
the actual security is set up in pg_hba.conf.

Bob McConnell
N2SPP

pgsql-novice by date:

Previous
From: P Kapat
Date:
Subject: Re: correct config (and syntax) for remote access
Next
From: P Kapat
Date:
Subject: Re: correct config (and syntax) for remote access