Thread: Fw: Re: connection refused

--- On Fri, 12/12/08, Bastiaan Olij <lists@basenlily.nl> wrote:

> If you are on Mac or
> Linux, are
> the privileges set correctly? On one of our Mac servers we
> it took us
> some time to figure out Postgres was simply ignoring the
> files because
> the privileges where set different then it wanted, even
> though it did
> seem to have access.
>
> Greetz,
>
> Bas

I think the problem is something along these lines. I originally had the authentication method set to "MD5" in
pg_hba.conf.I changed it to "trust" (and restarted postgres) just to try to get it working, without success. I happened
toreboot the postgres host (linux) and httpd wouldn't start because it couldn't find mod_auth_pgsql.so. I commented out
theline in auth_pgsql.conf loading it and apache complained that it needed the ssl passphrase. 

I have mod_auth_pgsql.so so I'm going to try to mollify apache with that and see where it leads.

As for Tom's suggestion that the firewall is the problem, I don't think it is, having looked at the IPTables rules.
Thereare essentially no restrictions (the network is behind a firewall). Having said that, I don't know much about
IPTablesand there were 1 or 2 entries that I definitely didn't understand. I plan to learn IPTables too though. 

Thanks for the help,
Bruce Hyatt

>
> Bruce Hyatt wrote:
> > I've been over my pg_hba.conf and postgresql.conf
> files again and again, restarting after changes and I always
> get 08004 connection refused when I try to connect through
> the postgresql jdbc from another machine.
> >
> > The user name I'm using works from the postgresql
> host and I have enabled IP/TCP connections to the database.
> >
> > Anything else? Surely this is something obvious
> I'm overlooking.
> >
> > Thanks,
> > Bruce Hyatt

--- On Mon, 12/22/08, Ognjen Blagojevic <ognjen@etf.bg.ac.rs> wrote:

> Bruce Hyatt wrote:
> > I got 'connect failed' but here's my
> iptables chains:
> ...
> > Chain RH-Firewall-1-INPUT (2 references)
> > target     prot opt source               destination
> > ACCEPT     all  --  anywhere             anywhere
> > ACCEPT     icmp --  anywhere             anywhere
>       icmp any
> > ACCEPT     ipv6-crypt--  anywhere             anywhere
> > ACCEPT     ipv6-auth--  anywhere             anywhere
> > ACCEPT     udp  --  anywhere             224.0.0.251
>       udp dpt:5353
> > ACCEPT     udp  --  anywhere             anywhere
>       udp dpt:ipp
> > ACCEPT     all  --  anywhere             anywhere
>       state RELATED,ESTABLISHED
> > ACCEPT     tcp  --  anywhere             anywhere
>       state NEW tcp dpt:http
> > REJECT     all  --  anywhere             anywhere
>       reject-with icmp-host-prohibited
> >
> > It doesn't look to me like anything is restricted
> (except icmp).
>
> I don't think this is good. I only see port 80 being
> open. I'm not an expert with iptables, but you should
> have something like
>
> ACCEPT     tcp  --  anywhere             anywhere
>  state NEW tcp dpt:postgres
>
> listed above the reject line.

I tried "iptables -A RH-Firewall-1-INPUT -p tcp --dport postgres" and "iptables -I RH-Firewall-1-INPUT 7 -p tcp --dport
postgres"and neither worked. It looks like the problem is it didn't have "ACCEPT" in front of the rule: 

ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
           tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:5432
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED

Bruce

Bruce Hyatt wrote:
> --- On Mon, 12/22/08, Ognjen Blagojevic <ognjen@etf.bg.ac.rs> wrote:
>
>> Bruce Hyatt wrote:
>>> I got 'connect failed' but here's my
>> iptables chains:
>> ...
>>> Chain RH-Firewall-1-INPUT (2 references)
>>> target     prot opt source               destination
>>> ACCEPT     all  --  anywhere             anywhere
>>> ACCEPT     icmp --  anywhere             anywhere
>>       icmp any
>>> ACCEPT     ipv6-crypt--  anywhere             anywhere
>>> ACCEPT     ipv6-auth--  anywhere             anywhere
>>> ACCEPT     udp  --  anywhere             224.0.0.251
>>       udp dpt:5353
>>> ACCEPT     udp  --  anywhere             anywhere
>>       udp dpt:ipp
>>> ACCEPT     all  --  anywhere             anywhere
>>       state RELATED,ESTABLISHED
>>> ACCEPT     tcp  --  anywhere             anywhere
>>       state NEW tcp dpt:http
>>> REJECT     all  --  anywhere             anywhere
>>       reject-with icmp-host-prohibited
>>> It doesn't look to me like anything is restricted
>> (except icmp).
>>
>> I don't think this is good. I only see port 80 being
>> open. I'm not an expert with iptables, but you should
>> have something like
>>
>> ACCEPT     tcp  --  anywhere             anywhere
>>  state NEW tcp dpt:postgres
>>
>> listed above the reject line.
>
> I tried "iptables -A RH-Firewall-1-INPUT -p tcp --dport postgres" and "iptables -I RH-Firewall-1-INPUT 7 -p tcp
--dportpostgres" and neither worked. It looks like the problem is it didn't have "ACCEPT" in front of the rule: 
>
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
>            tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:5432
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
>
> Bruce

I think you need to add "-j ACCEPT" to the command.

-Ognejn

--- On Tue, 12/23/08, Ognjen Blagojevic <ognjen@etf.bg.ac.yu> wrote:

> > I tried "iptables -A RH-Firewall-1-INPUT -p tcp
> --dport postgres" and "iptables -I
> RH-Firewall-1-INPUT 7 -p tcp --dport postgres" and
> neither worked. It looks like the problem is it didn't
> have "ACCEPT" in front of the rule:
> >
> > ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0
>       udp dpt:631            tcp  --  0.0.0.0/0
> 0.0.0.0/0           tcp dpt:5432 ACCEPT     all  --
> 0.0.0.0/0            0.0.0.0/0           state
> RELATED,ESTABLISHED
> >
> > Bruce
>
> I think you need to add "-j ACCEPT" to the
> command.

Thanks Ognejn. That did it.

Bruce