Thread: Fw: Re: connection refused
--- On Fri, 12/12/08, Bastiaan Olij <lists@basenlily.nl> wrote: > If you are on Mac or > Linux, are > the privileges set correctly? On one of our Mac servers we > it took us > some time to figure out Postgres was simply ignoring the > files because > the privileges where set different then it wanted, even > though it did > seem to have access. > > Greetz, > > Bas I think the problem is something along these lines. I originally had the authentication method set to "MD5" in pg_hba.conf.I changed it to "trust" (and restarted postgres) just to try to get it working, without success. I happened toreboot the postgres host (linux) and httpd wouldn't start because it couldn't find mod_auth_pgsql.so. I commented out theline in auth_pgsql.conf loading it and apache complained that it needed the ssl passphrase. I have mod_auth_pgsql.so so I'm going to try to mollify apache with that and see where it leads. As for Tom's suggestion that the firewall is the problem, I don't think it is, having looked at the IPTables rules. Thereare essentially no restrictions (the network is behind a firewall). Having said that, I don't know much about IPTablesand there were 1 or 2 entries that I definitely didn't understand. I plan to learn IPTables too though. Thanks for the help, Bruce Hyatt > > Bruce Hyatt wrote: > > I've been over my pg_hba.conf and postgresql.conf > files again and again, restarting after changes and I always > get 08004 connection refused when I try to connect through > the postgresql jdbc from another machine. > > > > The user name I'm using works from the postgresql > host and I have enabled IP/TCP connections to the database. > > > > Anything else? Surely this is something obvious > I'm overlooking. > > > > Thanks, > > Bruce Hyatt
--- On Mon, 12/22/08, Ognjen Blagojevic <ognjen@etf.bg.ac.rs> wrote: > Bruce Hyatt wrote: > > I got 'connect failed' but here's my > iptables chains: > ... > > Chain RH-Firewall-1-INPUT (2 references) > > target prot opt source destination > > ACCEPT all -- anywhere anywhere > > ACCEPT icmp -- anywhere anywhere > icmp any > > ACCEPT ipv6-crypt-- anywhere anywhere > > ACCEPT ipv6-auth-- anywhere anywhere > > ACCEPT udp -- anywhere 224.0.0.251 > udp dpt:5353 > > ACCEPT udp -- anywhere anywhere > udp dpt:ipp > > ACCEPT all -- anywhere anywhere > state RELATED,ESTABLISHED > > ACCEPT tcp -- anywhere anywhere > state NEW tcp dpt:http > > REJECT all -- anywhere anywhere > reject-with icmp-host-prohibited > > > > It doesn't look to me like anything is restricted > (except icmp). > > I don't think this is good. I only see port 80 being > open. I'm not an expert with iptables, but you should > have something like > > ACCEPT tcp -- anywhere anywhere > state NEW tcp dpt:postgres > > listed above the reject line. I tried "iptables -A RH-Firewall-1-INPUT -p tcp --dport postgres" and "iptables -I RH-Firewall-1-INPUT 7 -p tcp --dport postgres"and neither worked. It looks like the problem is it didn't have "ACCEPT" in front of the rule: ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631 tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED Bruce
Bruce Hyatt wrote: > --- On Mon, 12/22/08, Ognjen Blagojevic <ognjen@etf.bg.ac.rs> wrote: > >> Bruce Hyatt wrote: >>> I got 'connect failed' but here's my >> iptables chains: >> ... >>> Chain RH-Firewall-1-INPUT (2 references) >>> target prot opt source destination >>> ACCEPT all -- anywhere anywhere >>> ACCEPT icmp -- anywhere anywhere >> icmp any >>> ACCEPT ipv6-crypt-- anywhere anywhere >>> ACCEPT ipv6-auth-- anywhere anywhere >>> ACCEPT udp -- anywhere 224.0.0.251 >> udp dpt:5353 >>> ACCEPT udp -- anywhere anywhere >> udp dpt:ipp >>> ACCEPT all -- anywhere anywhere >> state RELATED,ESTABLISHED >>> ACCEPT tcp -- anywhere anywhere >> state NEW tcp dpt:http >>> REJECT all -- anywhere anywhere >> reject-with icmp-host-prohibited >>> It doesn't look to me like anything is restricted >> (except icmp). >> >> I don't think this is good. I only see port 80 being >> open. I'm not an expert with iptables, but you should >> have something like >> >> ACCEPT tcp -- anywhere anywhere >> state NEW tcp dpt:postgres >> >> listed above the reject line. > > I tried "iptables -A RH-Firewall-1-INPUT -p tcp --dport postgres" and "iptables -I RH-Firewall-1-INPUT 7 -p tcp --dportpostgres" and neither worked. It looks like the problem is it didn't have "ACCEPT" in front of the rule: > > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631 > tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432 > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED > > Bruce I think you need to add "-j ACCEPT" to the command. -Ognejn
--- On Tue, 12/23/08, Ognjen Blagojevic <ognjen@etf.bg.ac.yu> wrote: > > I tried "iptables -A RH-Firewall-1-INPUT -p tcp > --dport postgres" and "iptables -I > RH-Firewall-1-INPUT 7 -p tcp --dport postgres" and > neither worked. It looks like the problem is it didn't > have "ACCEPT" in front of the rule: > > > > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 > udp dpt:631 tcp -- 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:5432 ACCEPT all -- > 0.0.0.0/0 0.0.0.0/0 state > RELATED,ESTABLISHED > > > > Bruce > > I think you need to add "-j ACCEPT" to the > command. Thanks Ognejn. That did it. Bruce