Thread: pgAdmin Firewall, SSH problem

Hi,

I have a couple of postgresql servers running and they work great. I
develop with pgAdmin using SSH and pageant, putty and tunneling. I
have one problem server
though and I am looking for help.

One server is firewalled, and I configured the firewall (Smoothwall)
to port forward port 5432. My postgresql server private IP at
192.168.100.18 works fine connecting via localhost.

My pg_hba.conf contains the following setup:

local   all     all md5
host    all     all             127.0.0.1       255.255.255.255         md5
host    all     all             192.168.100.18  255.255.255.255     md5
host    all     all             66.66.66.66   255.255.255.255         md5
host    all     all             77.77.77.77   255.255.255.255         md5

Where 66.66.66.66 is my development machine public IP and 77.77.77.77
is my firewall public IP and hence the route to the postgresql
program.

I setup my putty connection tunnel on my development machine to
forward 35432 to the
public IP of the postgresql server, 77.77.77.77:5432, which is my
firewall, which should port forward packets to the IP of postgresql.

In pgadmin I connect to localhost on port 35432 and all is well,
when I do not have a firewall in the chain...

In my case with the firewall, even with port forwarding setup for port
5432, pgAdmin times out after 5 minutes or so complaining about SSL
handshake not working...

I am not using SSL, although I do have that option with server.crt and
server.key files available.

What might be causing pgAdmin these connection problems... I am not sure
if the firewall is the culprit or if I screwed up. All my other boxes
w/o firewalls work fine this way....

Any insight most appreciated...

Dave

> -----Original Message-----
> From: pgadmin-support-owner@postgresql.org
> [mailto:pgadmin-support-owner@postgresql.org] On Behalf Of Dave Lazar
> Sent: 13 January 2005 02:24
> To: pgadmin-support@postgresql.org
> Subject: [pgadmin-support] pgAdmin Firewall, SSH problem
>
> Hi,
>
> I have a couple of postgresql servers running and they work great. I
> develop with pgAdmin using SSH and pageant, putty and tunneling. I
> have one problem server
> though and I am looking for help.
>
> One server is firewalled, and I configured the firewall (Smoothwall)
> to port forward port 5432. My postgresql server private IP at
> 192.168.100.18 works fine connecting via localhost.
>
> My pg_hba.conf contains the following setup:
>
> local   all     all md5
> host    all     all             127.0.0.1
> 255.255.255.255         md5
> host    all     all             192.168.100.18
> 255.255.255.255     md5
> host    all     all             66.66.66.66   255.255.255.255
>         md5
> host    all     all             77.77.77.77   255.255.255.255
>         md5
>
> Where 66.66.66.66 is my development machine public IP and 77.77.77.77
> is my firewall public IP and hence the route to the postgresql
> program.
>
> I setup my putty connection tunnel on my development machine to
> forward 35432 to the
> public IP of the postgresql server, 77.77.77.77:5432, which is my
> firewall, which should port forward packets to the IP of postgresql.
>
> In pgadmin I connect to localhost on port 35432 and all is well,
> when I do not have a firewall in the chain...
>
> In my case with the firewall, even with port forwarding setup for port
> 5432, pgAdmin times out after 5 minutes or so complaining about SSL
> handshake not working...
>
> I am not using SSL, although I do have that option with server.crt and
> server.key files available.
>
> What might be causing pgAdmin these connection problems... I
> am not sure
> if the firewall is the culprit or if I screwed up. All my other boxes
> w/o firewalls work fine this way....

Hi Dave,

I'm not entirely clear on your setup - I assume it's something like:

Dev Box -> Firewall -> PG Server

You then tunnel a connection to the firewall, which is then forwarded to
the PostgreSQL port on the server. I assume then, that the firewall is
the endpoint of the tunnel?

Is there any reason that you don't just forward a port on the firewall
to the PG server, change the 77.77.77.77 line to a hostssl, and enable
SSL in pgAdmin, thus eliminating the need to use pagent etc?

Regards, Dave