Thread: another can't connect
PostgreSQL version 8.1.11 (With schemas)
I have read the recent emails and believe I have covered all the bases
from net stat
tcp 0 0 127.0.0.1:5432 0.0.0.0:*
LISTEN 5091/postmaster
I do a
psql -h 127.0.0.1 -U ofbiz -d ofbiz
from a terminal on the server.
and get this after a time
psql: could not connect to server: Connection timed out
Is the server running on host "127.0.0.1" and accepting
TCP/IP connections on port 5432?
Note this was working till about Fri.
then only thing I have been doing is adding to my IPtables.
this is my Iptables
hain INPUT (policy ACCEPT)
target prot opt source destination
LOG all -- anywhere anywhere LOG level
debug prefix `BANDWIDTH_IN:'
DROP icmp -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp
dpt:5868 reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere tcp dpt:ndmp
ACCEPT tcp -- localhost localhost tcp
dpt:postgres state NEW
RH-Firewall-1-INPUT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
there is not filtering on output.
--
BJ Freeman
http://www.businessesnetwork.com/automation
http://bjfreeman.elance.com
http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro
Systems Integrator.
BJ Freeman wrote: > PostgreSQL version 8.1.11 (With schemas) > I have read the recent emails and believe I have covered all the bases > from net stat > tcp 0 0 127.0.0.1:5432 0.0.0.0:* > LISTEN 5091/postmaster > > I do a > psql -h 127.0.0.1 -U ofbiz -d ofbiz > from a terminal on the server. > > and get this after a time > psql: could not connect to server: Connection timed out > Is the server running on host "127.0.0.1" and accepting > TCP/IP connections on port 5432? > > Note this was working till about Fri. > then only thing I have been doing is adding to my IPtables. > ACCEPT tcp -- localhost localhost tcp > dpt:postgres state NEW What about established connections? -- Postgresql & php tutorials http://www.designmagick.com/
tcp 0 0 127.0.0.1:5432 0.0.0.0:*
LISTEN
is the only line for that port
Chris sent the following on 6/28/2009 7:33 PM:
> BJ Freeman wrote:
>> PostgreSQL version 8.1.11 (With schemas)
>> I have read the recent emails and believe I have covered all the bases
>> from net stat
>> tcp 0 0 127.0.0.1:5432 0.0.0.0:*
>> LISTEN 5091/postmaster
>>
>> I do a
>> psql -h 127.0.0.1 -U ofbiz -d ofbiz
>> from a terminal on the server.
>>
>> and get this after a time
>> psql: could not connect to server: Connection timed out
>> Is the server running on host "127.0.0.1" and accepting
>> TCP/IP connections on port 5432?
>>
>> Note this was working till about Fri.
>> then only thing I have been doing is adding to my IPtables.
>
>
>> ACCEPT tcp -- localhost localhost tcp
>> dpt:postgres state NEW
>
> What about established connections?
>
--
BJ Freeman
http://www.businessesnetwork.com/automation
http://bjfreeman.elance.com
http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro
Systems Integrator.
Please don't top-post, it's so hard to follow discussions. > Chris sent the following on 6/28/2009 7:33 PM: >> BJ Freeman wrote: >>> PostgreSQL version 8.1.11 (With schemas) >>> I have read the recent emails and believe I have covered all the bases >>> from net stat >>> tcp 0 0 127.0.0.1:5432 0.0.0.0:* >>> LISTEN 5091/postmaster >>> >>> I do a >>> psql -h 127.0.0.1 -U ofbiz -d ofbiz >>> from a terminal on the server. >>> >>> and get this after a time >>> psql: could not connect to server: Connection timed out >>> Is the server running on host "127.0.0.1" and accepting >>> TCP/IP connections on port 5432? >>> >>> Note this was working till about Fri. >>> then only thing I have been doing is adding to my IPtables. >> >>> ACCEPT tcp -- localhost localhost tcp >>> dpt:postgres state NEW >> What about established connections? > tcp 0 0 127.0.0.1:5432 0.0.0.0:* > LISTEN > is the only line for that port established connections for the firewall, not just new connections. see man iptables, --ctstate . -- Postgresql & php tutorials http://www.designmagick.com/
2009/6/29 BJ Freeman <bjfree@free-man.net>: >>> ACCEPT tcp -- localhost localhost tcp >>> dpt:postgres state NEW >> >> What about established connections? > tcp 0 0 127.0.0.1:5432 0.0.0.0:* > LISTEN > is the only line for that port I think Chris meant "What about iptables rules for established connection?" ... Cheers, Andrej -- Please don't top post, and don't use HTML e-Mail :} Make your quotes concise. http://www.american.edu/econ/notes/htmlmail.htm
sorry about the post did not do a reply all and sent a personal replay yes in the chain I have ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED it is the next to last rule. Andrej sent the following on 6/28/2009 8:14 PM: > 2009/6/29 BJ Freeman <bjfree@free-man.net>: >>>> ACCEPT tcp -- localhost localhost tcp >>>> dpt:postgres state NEW >>> What about established connections? >> tcp 0 0 127.0.0.1:5432 0.0.0.0:* >> LISTEN >> is the only line for that port > I think Chris meant "What about iptables rules for established connection?" ... > > > Cheers, > Andrej > > -- BJ Freeman http://www.businessesnetwork.com/automation http://bjfreeman.elance.com http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro Systems Integrator.
BJ Freeman <bjfree@free-man.net> writes:
> sorry about the post did not do a reply all and sent a personal replay
> yes in the chain I have
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> it is the next to last rule.
You sure that works? This notation for iptables isn't familiar to me,
but I'd have thought you have to specify the "state" module. The
comparable line in my iptables looks like
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Come to think of it, the "state NEW" test in your other line would
have to addressed to the state module as well.
BTW, usual practice is to put the established-connections rule near the
start of the chain, not the end, on the grounds that the majority of
packets the kernel will see will match this rule and so you want to test
it sooner rather than later.
regards, tom lane
Thanks for you help found that this not connect problem is server wide. not just Isolated to postgresql. so tracking down what i did to mess it up :D BJ Freeman sent the following on 6/28/2009 8:23 PM: > sorry about the post did not do a reply all and sent a personal replay > yes in the chain I have > ACCEPT all -- anywhere anywhere state > RELATED,ESTABLISHED > it is the next to last rule. > > > Andrej sent the following on 6/28/2009 8:14 PM: >> 2009/6/29 BJ Freeman <bjfree@free-man.net>: >>>>> ACCEPT tcp -- localhost localhost tcp >>>>> dpt:postgres state NEW >>>> What about established connections? >>> tcp 0 0 127.0.0.1:5432 0.0.0.0:* >>> LISTEN >>> is the only line for that port >> I think Chris meant "What about iptables rules for established connection?" ... >> >> >> Cheers, >> Andrej >> >> > -- BJ Freeman http://www.businessesnetwork.com/automation http://bjfreeman.elance.com http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro Systems Integrator.
added this to iptables ACCEPT all -- localhost localhost BJ Freeman sent the following on 6/28/2009 8:23 PM: > sorry about the post did not do a reply all and sent a personal replay > yes in the chain I have > ACCEPT all -- anywhere anywhere state > RELATED,ESTABLISHED > it is the next to last rule. > > > Andrej sent the following on 6/28/2009 8:14 PM: >> 2009/6/29 BJ Freeman <bjfree@free-man.net>: >>>>> ACCEPT tcp -- localhost localhost tcp >>>>> dpt:postgres state NEW >>>> What about established connections? >>> tcp 0 0 127.0.0.1:5432 0.0.0.0:* >>> LISTEN >>> is the only line for that port >> I think Chris meant "What about iptables rules for established connection?" ... >> >> >> Cheers, >> Andrej >> >> > -- BJ Freeman http://www.businessesnetwork.com/automation http://bjfreeman.elance.com http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro Systems Integrator.