Thread: Need help in enabling remote connection

Need help in enabling remote connection

From
Shruthi A
Date:
Hi,

I want a postgres client to be able to connect to a postgres sever on a remote machine.  But i'm not able to make it work.  Assume both the machines are on a LAN 10.0.0.* .Following available advice, this is what i did:

-- In pg_hba.conf, i added the line
host all all 10.0.0.1/24 trust

-- In postgresql.conf, i added the line
listen_addresses = 10.0.0.*

-- Restarted the server with the cmd
./pg_ctl -D <data_folder> reload


This doesn't work.  What else should i do to make remote connection work?

I'm lost!  Please help!


Thanks a lot,

Shruthi

Re: Need help in enabling remote connection

From
Julius Tuskenis
Date:
Hello,

I think you make mistake writing "listen_addresses = 10.0.0.*". I doubt it can be done like this... Try "listen_addresses = '*'" first. Also see, that addresses are in form '10.0.0.1' and not 10.0.0.1. (use ' )
If this doesn't help try telneting server (port 5432) from client mashine. Maybe theres a firewall in between??


2009.11.02 15:26, Shruthi A rašė:
Hi,

I want a postgres client to be able to connect to a postgres sever on a remote machine.  But i'm not able to make it work.  Assume both the machines are on a LAN 10.0.0.* .Following available advice, this is what i did:

-- In pg_hba.conf, i added the line
host all all 10.0.0.1/24 trust

-- In postgresql.conf, i added the line
listen_addresses = 10.0.0.*

-- Restarted the server with the cmd
./pg_ctl -D <data_folder> reload


This doesn't work.  What else should i do to make remote connection work?

I'm lost!  Please help!


Thanks a lot,

Shruthi


-- 
Julius Tuskenis
Programavimo skyriaus vadovas
UAB nSoft
mob. +37068233050
Attachment

Re: Need help in enabling remote connection

From
Brian Modra
Date:
2009/11/2 Shruthi A <shruthi.iisc@gmail.com>:
> Hi,
>
> I want a postgres client to be able to connect to a postgres sever on a
> remote machine.  But i'm not able to make it work.  Assume both the machines
> are on a LAN 10.0.0.* .Following available advice, this is what i did:
>
> -- In pg_hba.conf, i added the line
> host all all 10.0.0.1/24 trust
>
> -- In postgresql.conf, i added the line
> listen_addresses = 10.0.0.*

Try something like this:

listen_addresses = 'localhost,10.0.0.123'
port = 5432

assuming 123 is the correct number for your server's IP address

> -- Restarted the server with the cmd
> ./pg_ctl -D <data_folder> reload
>
> This doesn't work.  What else should i do to make remote connection work?
>
> I'm lost!  Please help!
>
> Thanks a lot,
>
> Shruthi
>



--
Brian Modra   Land line: +27 23 5411 462
Mobile: +27 79 69 77 082
5 Jan Louw Str, Prince Albert, 6930
Postal: P.O. Box 2, Prince Albert 6930
South Africa
http://www.zwartberg.com/

Re: Need help in enabling remote connection

From
Sam Jas
Date:

host all all 10.0.0.1/24 trust

>> host all all <IP/32> trust

-- In postgresql.conf, i added the line

listen_addresses = 10.0.0.*
>> listen_address = *

& then restart the server.


--
Thanks
Sam

--- On Mon, 2/11/09, Shruthi A <shruthi.iisc@gmail.com> wrote:


From: Shruthi A <shruthi.iisc@gmail.com>
Subject: [ADMIN] Need help in enabling remote connection
To: pgsql-admin@postgresql.org
Date: Monday, 2 November, 2009, 1:26 PM

Hi,

I want a postgres client to be able to connect to a postgres sever on a remote machine.  But i'm not able to make it work.  Assume both the machines are on a LAN 10.0.0.* .Following available advice, this is what i did:

-- In pg_hba.conf, i added the line
host all all 10.0.0.1/24 trust

-- In postgresql.conf, i added the line
listen_addresses = 10.0.0.*

-- Restarted the server with the cmd
./pg_ctl -D <data_folder> reload


This doesn't work.  What else should i do to make remote connection work?

I'm lost!  Please help!


Thanks a lot,

Shruthi


Connect more, do more and share more with Yahoo! India Mail. Learn more.

Re: Need help in enabling remote connection

From
Shruthi A
Date:
Hi all,

Thanks a lot for all your replies.  The problem is solved now.  This is the correct thing to do:    listen_addresses = '*'
And then restart the service. 

Additional notes:
-- Remember to use single quotes around the * else it will give syntax error.
-- The listen_addresses parameter specifies the client addresses, and not the server.
-- Once this service is started, telneting the server on the given port successfully connects.
-- Dear Ian Lea, i guess 10.0.0.1/24  is the same as 10.0.0.0/24  as the mask '24' means that the first 3 octets (24 bits from the left hand side) must match ie both mean simply 10.0.0.*
-- And i think 'trust' should be fine assuming that this will be used on an isolated network with a few trusted machines or a secure network where a firewall protects a given set of ports.
-- Dear Brian Modra, i guess   listen_addresses = 'localhost,10.0.0.123'   will give error. It should be written as   listen_addresses = 'localhost','10.0.0.123'  that is each IP should be quoted separately.

Thanks again,
Shruthi


On Mon, Nov 2, 2009 at 6:56 PM, Shruthi A <shruthi.iisc@gmail.com> wrote:
Hi,

I want a postgres client to be able to connect to a postgres sever on a remote machine.  But i'm not able to make it work.  Assume both the machines are on a LAN 10.0.0.* .Following available advice, this is what i did:

-- In pg_hba.conf, i added the line
host all all 10.0.0.1/24 trust

-- In postgresql.conf, i added the line
listen_addresses = 10.0.0.*

-- Restarted the server with the cmd
./pg_ctl -D <data_folder> reload


This doesn't work.  What else should i do to make remote connection work?

I'm lost!  Please help!


Thanks a lot,

Shruthi


Re: Need help in enabling remote connection

From
Scott Marlowe
Date:
On Tue, Nov 3, 2009 at 1:53 AM, Shruthi A <shruthi.iisc@gmail.com> wrote:
> Hi all,
>
> Thanks a lot for all your replies.  The problem is solved now.  This is the
> correct thing to do:    listen_addresses = '*'
> And then restart the service.
>
> Additional notes:
> -- Remember to use single quotes around the * else it will give syntax
> error.
> -- The listen_addresses parameter specifies the client addresses, and not
> the server.

No, the listen_address specifies which SERVER ip address to listen on.
 * means to listen on all interfaces.  You can pick individual
interfaces to listen on on the server by changing * to one of a
server's IP addresses.

> -- Once this service is started, telneting the server on the given port
> successfully connects.
> -- Dear Ian Lea, i guess 10.0.0.1/24  is the same as 10.0.0.0/24  as the
> mask '24' means that the first 3 octets (24 bits from the left hand side)
> must match ie both mean simply 10.0.0.*

Actually 10.0.0.0/24 means that the right hand 24 bits don't matter,
so anything starting with 10. will match.

> -- And i think 'trust' should be fine assuming that this will be used on an
> isolated network with a few trusted machines or a secure network where a
> firewall protects a given set of ports.

Exactly.  Most databases used by an application are firewalled off in
such a way that having strict passworded access just moves the place
your vulnerable to db hacking from the db to the app.

> -- Dear Brian Modra, i guess   listen_addresses = 'localhost,10.0.0.123'
> will give error. It should be written as   listen_addresses =
> 'localhost','10.0.0.123'  that is each IP should be quoted separately.

Yep.  same is true for things like search_path.

Glad you're up and running.  Hope you're having fun with your db.

Re: Need help in enabling remote connection

From
"Kevin Grittner"
Date:
Scott Marlowe <scott.marlowe@gmail.com> wrote:

>> -- Dear Ian Lea, i guess 10.0.0.1/24  is the same as 10.0.0.0/24
>> as the mask '24' means that the first 3 octets (24 bits from the
>> left hand side) must match ie both mean simply 10.0.0.*
>
> Actually 10.0.0.0/24 means that the right hand 24 bits don't matter,
> so anything starting with 10. will match.

I think you're mistaken on that.  The comment in pg_hbs.conf matches
everything else I can find on the topic:

# CIDR-ADDRESS specifies the set of hosts the record matches.
# It is made up of an IP address and a CIDR mask that is an integer
# (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies
# the number of significant bits in the mask.

-Kevin

Re: Need help in enabling remote connection

From
Scott Marlowe
Date:
On Tue, Nov 3, 2009 at 11:26 AM, Kevin Grittner
<Kevin.Grittner@wicourts.gov> wrote:
> Scott Marlowe <scott.marlowe@gmail.com> wrote:
>
>>> -- Dear Ian Lea, i guess 10.0.0.1/24  is the same as 10.0.0.0/24
>>> as the mask '24' means that the first 3 octets (24 bits from the
>>> left hand side) must match ie both mean simply 10.0.0.*
>>
>> Actually 10.0.0.0/24 means that the right hand 24 bits don't matter,
>> so anything starting with 10. will match.
>
> I think you're mistaken on that.  The comment in pg_hbs.conf matches
> everything else I can find on the topic:
>
> # CIDR-ADDRESS specifies the set of hosts the record matches.
> # It is made up of an IP address and a CIDR mask that is an integer
> # (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies
> # the number of significant bits in the mask.

Yeap, got it backwards.  Thanks.

Re: Need help in enabling remote connection

From
"Tim Bruce - Postgres"
Date:
On Tue, November 3, 2009 10:10, Scott Marlowe wrote:
> On Tue, Nov 3, 2009 at 1:53 AM, Shruthi A <shruthi.iisc@gmail.com> wrote:
>> Hi all,
>>
>> -- Once this service is started, telneting the server on the given port
>> successfully connects.
>> -- Dear Ian Lea, i guess 10.0.0.1/24  is the same as 10.0.0.0/24  as the
>> mask '24' means that the first 3 octets (24 bits from the left hand
>> side)
>> must match ie both mean simply 10.0.0.*
>
> Actually 10.0.0.0/24 means that the right hand 24 bits don't matter,
> so anything starting with 10. will match.
>

Actually, it is the 24 left-most bits that matter, so this sets up a
network of 24 bits with 255 hosts that can connect.

I wasn't sure of this, so I just verified it with one of our network
engineers at work.

Tim
--
Timothy J. Bruce

Registered Linux User #325725