Thread: weird network issue
Hi LIst;
I have 2 Linux servers:
192.168.111.11
192.168.111.13
Both are running postgres v 8.2.6
I can ping the .11 box from .13 and vice versa
I can connect remotely from the .11 box to the .13 box but I cannot connect to the .11 box from the .13 box.
I can do this:
on the 192.168.111.11 box:
-bash-3.1$ psql -h 192.168.111.13
Welcome to psql 8.2.6, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
postgres=#
However if I do this it fails:
on the 192.168.111.13 box:
-bash-3.1$ psql -h 192.168.111.11 postgres
psql: could not connect to server: No route to host
Is the server running on host "192.168.111.11" and accepting
TCP/IP connections on port 5432?
Both boxes have the same copy of the postgresql.conf file and the pg_hba.conf file.
Here's the listen address setting (on the 192.168.111.11 box) from the postgresql.conf file:
listen_addresses = '*'
I also checked (after a restart) that the listen address and port was in fact as I thought
on 192.168.111.11 :
Welcome to psql 8.2.6, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
postgres=# show listen_addresses;
listen_addresses
------------------
*
(1 row)
postgres=# show port
;
port
------
5432
(1 row)
postgres=#
Here's the current pg_hba.conf file on 192.168.111.11 :
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all ident sameuser
# IPv4 local connections:
host all all 127.0.0.1/32 ident sameuser
# IPv6 local connections:
host all all ::1/128 ident sameuser
#DRW. This should be tighted up once the db instances are figured out
host all all 192.168.111.0/24 trust
I'm stumped..
Anyone have any thoughts ?
Thanks in advance.
Not sure. I'm not so well versed in the firewall/networking areas. I can however do an scp pull from both machines : scp a file from 192.168.111.13 while logged onto 192.168.111.11 and scp a file from 192.168.111.11 while logged onto 192.168.111.13 Can you point me where to look for firewall/iptables/SE issues? Thanks in advance On Mar 28, 2008, at 10:45 AM, Jonathan Nalley wrote: > are you running any kind of firewall/iptables/SELinux where the > settings are perhaps not the same on the two machines? > > > From: pgsql-admin-owner@postgresql.org [mailto:pgsql-admin-owner@postgresql.org > ] On Behalf Of kevin kempter > Sent: Friday, March 28, 2008 12:31 > To: pgsql-admin@postgresql.org > Subject: [ADMIN] weird network issue > > Hi LIst; > > I have 2 Linux servers: > 192.168.111.11 > 192.168.111.13 > > Both are running postgres v 8.2.6 > > I can ping the .11 box from .13 and vice versa > I can connect remotely from the .11 box to the .13 box but I cannot > connect to the .11 box from the .13 box. > > I can do this: > > on the 192.168.111.11 box: > > -bash-3.1$ psql -h 192.168.111.13 > Welcome to psql 8.2.6, the PostgreSQL interactive terminal. > > Type: \copyright for distribution terms > \h for help with SQL commands > \? for help with psql commands > \g or terminate with semicolon to execute query > \q to quit > > postgres=# > > However if I do this it fails: > > on the 192.168.111.13 box: > > -bash-3.1$ psql -h 192.168.111.11 postgres > psql: could not connect to server: No route to host > Is the server running on host "192.168.111.11" and accepting > TCP/IP connections on port 5432? > > > > Both boxes have the same copy of the postgresql.conf file and the > pg_hba.conf file. > > Here's the listen address setting (on the 192.168.111.11 box) from > the postgresql.conf file: > listen_addresses = '*' > > > I also checked (after a restart) that the listen address and port > was in fact as I thought > on 192.168.111.11 : > > > Welcome to psql 8.2.6, the PostgreSQL interactive terminal. > > Type: \copyright for distribution terms > \h for help with SQL commands > \? for help with psql commands > \g or terminate with semicolon to execute query > \q to quit > > postgres=# show listen_addresses; > listen_addresses > ------------------ > * > (1 row) > > postgres=# show port > ; > port > ------ > 5432 > (1 row) > > postgres=# > > > Here's the current pg_hba.conf file on 192.168.111.11 : > > > > # TYPE DATABASE USER CIDR-ADDRESS METHOD > > # "local" is for Unix domain socket connections only > local all all ident sameuser > # IPv4 local connections: > host all all 127.0.0.1/32 ident sameuser > # IPv6 local connections: > host all all ::1/128 ident sameuser > > #DRW. This should be tighted up once the db instances are figured out > host all all 192.168.111.0/24 trust > > > > I'm stumped.. > > Anyone have any thoughts ? > > Thanks in advance. > >
Could you send us the distro and version of Linux that you're using on these two boxes? Just as a sanity check and assuming you have a telnet client on the .13 box, can you perform the following command: telnet 192.168.111.11 5432 and then paste the output to us. I guess conceptually there's not a whole lot of difference between doing that and usingpsql -h 192.168.111.11 but it might eliminate some layer of issues. If you're familiar with nmap or similar programsyou can accomplish the same thing to ping .11 on port 5432 > -----Original Message----- > From: kevin kempter [mailto:kevin@kevinkempterllc.com] > Sent: Friday, March 28, 2008 12:56 > To: Jonathan Nalley > Cc: 'pgsql-admin@postgresql.org' > Subject: Re: [ADMIN] weird network issue > > Not sure. I'm not so well versed in the firewall/networking areas. I > can however do an scp pull from both machines : > > scp a file from 192.168.111.13 while logged onto 192.168.111.11 > and > scp a file from 192.168.111.11 while logged onto 192.168.111.13 > > > Can you point me where to look for firewall/iptables/SE issues? > > > Thanks in advance > > > > > > On Mar 28, 2008, at 10:45 AM, Jonathan Nalley wrote: > > > are you running any kind of firewall/iptables/SELinux where the > > settings are perhaps not the same on the two machines? > > > > > > From: pgsql-admin-owner@postgresql.org [mailto:pgsql-admin- > owner@postgresql.org > > ] On Behalf Of kevin kempter > > Sent: Friday, March 28, 2008 12:31 > > To: pgsql-admin@postgresql.org > > Subject: [ADMIN] weird network issue > > > > Hi LIst; > > > > I have 2 Linux servers: > > 192.168.111.11 > > 192.168.111.13 > > > > Both are running postgres v 8.2.6 > > > > I can ping the .11 box from .13 and vice versa > > I can connect remotely from the .11 box to the .13 box but I cannot > > connect to the .11 box from the .13 box. > > > > I can do this: > > > > on the 192.168.111.11 box: > > > > -bash-3.1$ psql -h 192.168.111.13 > > Welcome to psql 8.2.6, the PostgreSQL interactive terminal. > > > > Type: \copyright for distribution terms > > \h for help with SQL commands > > \? for help with psql commands > > \g or terminate with semicolon to execute query > > \q to quit > > > > postgres=# > > > > However if I do this it fails: > > > > on the 192.168.111.13 box: > > > > -bash-3.1$ psql -h 192.168.111.11 postgres > > psql: could not connect to server: No route to host > > Is the server running on host "192.168.111.11" and accepting > > TCP/IP connections on port 5432? > > > > > > > > Both boxes have the same copy of the postgresql.conf file and the > > pg_hba.conf file. > > > > Here's the listen address setting (on the 192.168.111.11 box) from > > the postgresql.conf file: > > listen_addresses = '*' > > > > > > I also checked (after a restart) that the listen address and port > > was in fact as I thought > > on 192.168.111.11 : > > > > > > Welcome to psql 8.2.6, the PostgreSQL interactive terminal. > > > > Type: \copyright for distribution terms > > \h for help with SQL commands > > \? for help with psql commands > > \g or terminate with semicolon to execute query > > \q to quit > > > > postgres=# show listen_addresses; > > listen_addresses > > ------------------ > > * > > (1 row) > > > > postgres=# show port > > ; > > port > > ------ > > 5432 > > (1 row) > > > > postgres=# > > > > > > Here's the current pg_hba.conf file on 192.168.111.11 : > > > > > > > > # TYPE DATABASE USER CIDR-ADDRESS METHOD > > > > # "local" is for Unix domain socket connections only > > local all all ident sameuser > > # IPv4 local connections: > > host all all 127.0.0.1/32 ident sameuser > > # IPv6 local connections: > > host all all ::1/128 ident sameuser > > > > #DRW. This should be tighted up once the db instances are figured > out > > host all all 192.168.111.0/24 trust > > > > > > > > I'm stumped.. > > > > Anyone have any thoughts ? > > > > Thanks in advance. > > > > > >
are you running any kind of firewall/iptables/SELinux where the settings are perhaps not the same on the two machines?
From: pgsql-admin-owner@postgresql.org [mailto:pgsql-admin-owner@postgresql.org] On Behalf Of kevin kempter
Sent: Friday, March 28, 2008 12:31
To: pgsql-admin@postgresql.org
Subject: [ADMIN] weird network issue
Hi LIst;
I have 2 Linux servers:
192.168.111.11
192.168.111.13
Both are running postgres v 8.2.6
I can ping the .11 box from .13 and vice versa
I can connect remotely from the .11 box to the .13 box but I cannot connect to the .11 box from the .13 box.
I can do this:
on the 192.168.111.11 box:
-bash-3.1$ psql -h 192.168.111.13
Welcome to psql 8.2.6, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
postgres=#
However if I do this it fails:
on the 192.168.111.13 box:
-bash-3.1$ psql -h 192.168.111.11 postgres
psql: could not connect to server: No route to host
Is the server running on host "192.168.111.11" and accepting
TCP/IP connections on port 5432?
Both boxes have the same copy of the postgresql.conf file and the pg_hba.conf file.
Here's the listen address setting (on the 192.168.111.11 box) from the postgresql.conf file:
listen_addresses = '*'
I also checked (after a restart) that the listen address and port was in fact as I thought
on 192.168.111.11 :
Welcome to psql 8.2.6, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
postgres=# show listen_addresses;
listen_addresses
------------------
*
(1 row)
postgres=# show port
;
port
------
5432
(1 row)
postgres=#
Here's the current pg_hba.conf file on 192.168.111.11 :
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all ident sameuser
# IPv4 local connections:
host all all 127.0.0.1/32 ident sameuser
# IPv6 local connections:
host all all ::1/128 ident sameuser
#DRW. This should be tighted up once the db instances are figured out
host all all 192.168.111.0/24 trust
I'm stumped..
Anyone have any thoughts ?
Thanks in advance.
I'm not sure how to get the version however given the below listing of /boot/grub/grub.conf it's obviously Cent OS:
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-8.1.6.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-8.1.6.el5 ro root=/dev/VolGroup00/LogVol00 clock=
pit noapic nolapic rhgb quiet
initrd /initrd-2.6.18-8.1.6.el5.img
title CentOS (2.6.18-8.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-8.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.18-8.el5.img
I also did a uname -a:
[root@db1 ~]# uname -a
Linux vmsrv02.myclient.local 2.6.18-8.1.6.el5 #1 SMP Thu Jun 14 17:29:04
EDT 2007 x86_64 x86_64 x86_64 GNU/Linux
I ran the telnet command and got this:
-bash-3.1$ telnet 192.168.111.11 5432
Trying 192.168.111.11...
telnet: connect to address 192.168.111.11: No route to host
telnet: Unable to connect to remote host: No route to host
However a ping works:
-bash-3.1$ ping 192.168.111.11
PING 192.168.111.11 (192.168.111.11) 56(84) bytes of data.
64 bytes from 192.168.111.11: icmp_seq=1 ttl=64 time=0.438 ms
64 bytes from 192.168.111.11: icmp_seq=2 ttl=64 time=0.168 ms
64 bytes from 192.168.111.11: icmp_seq=3 ttl=64 time=0.232 ms
Thanks for the help...
/Kevin
Could you send us the distro and version of Linux that you're using on these two boxes?
Just as a sanity check and assuming you have a telnet client on the .13 box, can you perform the following command:
telnet 192.168.111.11 5432
and then paste the output to us. I guess conceptually there's not a whole lot of difference between doing that and using psql -h 192.168.111.11 but it might eliminate some layer of issues. If you're familiar with nmap or similar programs you can accomplish the same thing to ping .11 on port 5432-----Original Message-----From: kevin kempter [mailto:kevin@kevinkempterllc.com]Sent: Friday, March 28, 2008 12:56To: Jonathan NalleyCc: 'pgsql-admin@postgresql.org'Subject: Re: [ADMIN] weird network issueNot sure. I'm not so well versed in the firewall/networking areas. Ican however do an scp pull from both machines :scp a file from 192.168.111.13 while logged onto 192.168.111.11andscp a file from 192.168.111.11 while logged onto 192.168.111.13Can you point me where to look for firewall/iptables/SE issues?Thanks in advanceOn Mar 28, 2008, at 10:45 AM, Jonathan Nalley wrote:are you running any kind of firewall/iptables/SELinux where thesettings are perhaps not the same on the two machines?From: pgsql-admin-owner@postgresql.org [mailto:pgsql-admin-owner@postgresql.org] On Behalf Of kevin kempterSent: Friday, March 28, 2008 12:31To: pgsql-admin@postgresql.orgSubject: [ADMIN] weird network issueHi LIst;I have 2 Linux servers:192.168.111.11192.168.111.13Both are running postgres v 8.2.6I can ping the .11 box from .13 and vice versaI can connect remotely from the .11 box to the .13 box but I cannotconnect to the .11 box from the .13 box.I can do this:on the 192.168.111.11 box:-bash-3.1$ psql -h 192.168.111.13Welcome to psql 8.2.6, the PostgreSQL interactive terminal.Type: \copyright for distribution terms\h for help with SQL commands\? for help with psql commands\g or terminate with semicolon to execute query\q to quitpostgres=#However if I do this it fails:on the 192.168.111.13 box:-bash-3.1$ psql -h 192.168.111.11 postgrespsql: could not connect to server: No route to hostIs the server running on host "192.168.111.11" and acceptingTCP/IP connections on port 5432?Both boxes have the same copy of the postgresql.conf file and thepg_hba.conf file.Here's the listen address setting (on the 192.168.111.11 box) fromthe postgresql.conf file:listen_addresses = '*'I also checked (after a restart) that the listen address and portwas in fact as I thoughton 192.168.111.11 :Welcome to psql 8.2.6, the PostgreSQL interactive terminal.Type: \copyright for distribution terms\h for help with SQL commands\? for help with psql commands\g or terminate with semicolon to execute query\q to quitpostgres=# show listen_addresses;listen_addresses------------------*(1 row)postgres=# show port;port------5432(1 row)postgres=#Here's the current pg_hba.conf file on 192.168.111.11 :# TYPE DATABASE USER CIDR-ADDRESS METHOD# "local" is for Unix domain socket connections onlylocal all all ident sameuser# IPv4 local connections:host all all 127.0.0.1/32 ident sameuser# IPv6 local connections:host all all ::1/128 ident sameuser#DRW. This should be tighted up once the db instances are figuredouthost all all 192.168.111.0/24 trustI'm stumped..Anyone have any thoughts ?Thanks in advance.
--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
kevin kempter wrote: >>> >>> Can you point me where to look for firewall/iptables/SE issues? >>> Start with the output of iptables -L on both machines (you may need to run that as root). Can every other machine connect to both servers? or is it just the one server that has a problem connecting to the other? -- Shane Ambler pgSQL (at) Sheeky (dot) Biz Get Sheeky @ http://Sheeky.Biz
I'm not sure who all can connect to this box, I have several clients with pgadmin III installed that cannot get to it.
[root@flux ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:syslog
ACCEPT udp -- anywhere anywhere udp dpt:ntp
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTAB
LISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s
sh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h
ttps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h
ttp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:v
mware-authd
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:a
uth
ACCEPT udp -- anywhere anywhere state NEW udp dpt:a
uth
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s
vn
ACCEPT udp -- anywhere anywhere state NEW udp dpt:s
vn
REJECT all -- anywhere anywhere reject-with icmp-ho
st-prohibited
[root@flux ~]#
And this is from the 192.168.111.13 box:
[root@db1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:microsoft-d
s
ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-d
s
ACCEPT udp -- anywhere anywhere udp dpts:netbios-ns
:netbios-ssn
ACCEPT tcp -- anywhere anywhere tcp dpts:netbios-ns
:netbios-ssn
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTAB
LISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s
mtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s
sh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h
ttps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h
ttp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:p
ostgres
LOG all -- anywhere anywhere LOG level warning
REJECT all -- anywhere anywhere reject-with icmp-ho
st-prohibited
[root@db1 ~]#
kevin kempter wrote:Can you point me where to look for firewall/iptables/SE issues?
Start with the output of iptables -L on both machines (you may need to run that as root).
Can every other machine connect to both servers?
or is it just the one server that has a problem connecting to the other?
--
Shane Ambler
pgSQL (at) Sheeky (dot) Biz
Get Sheeky @ http://Sheeky.Biz
--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
kevin kempter wrote: > I'm not sure who all can connect to this box, I have several clients > with pgadmin III installed that cannot get to it. > And this is from the 192.168.111.13 box: > > [root@db1 ~]# iptables -L > ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:postgres So the difference you care about is this line. box .13 accepts connections from anywhere to postgres service. You need this entry to show on your .11 box You need to adjust your iptables config for this I would suggest you may want to refine that to allow only from your network (as well as the other entries that can be refined to that) -- Shane Ambler pgSQL (at) Sheeky (dot) Biz Get Sheeky @ http://Sheeky.Biz
You're missing this entry from your .11 box: ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:postgres So iptables goes right to the end and then rejects with "Host Prohibited" which is reported on your .13 box as "No route to host" I think the command you want on your .11 box is: /sbin/iptables --insert RH-Firewall-1-INPUT 19 --protocol tcp --destination-port 5432 -j ACCEPT THINK BEFORE YOU PRINT - Save paper if you don't really need to print this *******************Confidentiality and Privilege Notice******************* The material contained in this message is privileged and confidential to the addressee. If you are not the addressee indicated in this message or responsible for delivery of the message to such person, you may not copy or deliver this message to anyone, and you should destroy it and kindly notify the sender by reply email. Information in this message that does not relate to the official business of Weatherbeeta must be treated as neither given nor endorsed by Weatherbeeta. Weatherbeeta, its employees, contractors or associates shall not be liable for direct, indirect or consequential loss arising from transmission of this message or any attachments e-mail.