Thread: correct config (and syntax) for remote access
Host A (IP : 1.2.3.4) has the 8.1.11 postgress server running. I want to set it up so that I can connect from Host B (IP 5.6.7.8). Relevant lines from /var/lib/pgsql/data/pg_hba.conf (on host A) local all postgres ident sameuser local all all ident sameuser host all all 127.0.0.1/32 md5 host all foouser 5.6.7.8/32 md5 Relevant lines form /var/lib/pgsql/data/postgresql.conf (on host A): listen_addresses = 'localhost,5.6.7.8' Will this work? The firewall has 5432 port open for connection between A and B. -- Regards PK -------------------------------------- http://counter.li.org #402424
P Kapat wrote: > Host A (IP : 1.2.3.4) has the 8.1.11 postgress server running. I want > to set it up so that I can connect from Host B (IP 5.6.7.8). > > Relevant lines from /var/lib/pgsql/data/pg_hba.conf (on host A) > local all postgres ident sameuser > local all all ident sameuser > host all all 127.0.0.1/32 md5 > host all foouser 5.6.7.8/32 md5 > > Relevant lines form /var/lib/pgsql/data/postgresql.conf (on host A): > listen_addresses = 'localhost,5.6.7.8' > > Will this work? The firewall has 5432 port open for connection between A and B. > I can definitely say the last line wont the listen addresses must be the local one, so localhost 1.2.3.4 Peter Jackson
P Kapat wrote: > Host A (IP : 1.2.3.4) has the 8.1.11 postgress server running. I want > to set it up so that I can connect from Host B (IP 5.6.7.8). > > Relevant lines from /var/lib/pgsql/data/pg_hba.conf (on host A) > local all postgres ident sameuser > local all all ident sameuser > host all all 127.0.0.1/32 md5 > host all foouser 5.6.7.8/32 md5 > > Relevant lines form /var/lib/pgsql/data/postgresql.conf (on host A): > listen_addresses = 'localhost,5.6.7.8' > > Will this work? The firewall has 5432 port open for connection between A and B. > Not quite. The listen_addresses should be 'localhost,1.2.3.4'. localhost is 127.0.0.1, which can be reached by any process on that machine. The other address is the TCP/IP address for the interface you want postgres to receive connections on. It has to be an address on the same computer as your server. i.e. one that shows up when you run 'ifconfig' on that box. It is probably easier to just use '*' unless you have multiple network interfaces. Don't forget to restart the server after you change those files. Bob McConnell N2SPP
On Sun, Mar 15, 2009 at 9:08 AM, Bob McConnell <rmcconne@lightlink.com> wrote: > P Kapat wrote: >> >> Host A (IP : 1.2.3.4) has the 8.1.11 postgress server running. I want >> to set it up so that I can connect from Host B (IP 5.6.7.8). >> >> Relevant lines from /var/lib/pgsql/data/pg_hba.conf (on host A) >> local all postgres ident sameuser >> local all all ident sameuser >> host all all 127.0.0.1/32 md5 >> host all foouser 5.6.7.8/32 md5 >> >> Relevant lines form /var/lib/pgsql/data/postgresql.conf (on host A): >> listen_addresses = 'localhost,5.6.7.8' >> >> Will this work? The firewall has 5432 port open for connection between A >> and B. >> > > Not quite. The listen_addresses should be 'localhost,1.2.3.4'. localhost is > 127.0.0.1, which can be reached by any process on that machine. The other > address is the TCP/IP address for the interface you want postgres to receive > connections on. It has to be an address on the same computer as your server. > i.e. one that shows up when you run 'ifconfig' on that box. It is probably > easier to just use '*' unless you have multiple network interfaces. > > Don't forget to restart the server after you change those files. @Peter, Bob: Thanks. I had a wrong notion of "listen_addresses"! Everything works fine now... One final question: Is there any "security" related difference between, listen_addresses='localhost, 1.2.3.4' and listen_addresses='*' that I should be aware of? There is only one network card on the server machine, so does it matter? -- Regards PK -------------------------------------- http://counter.li.org #402424
P Kapat wrote: > On Sun, Mar 15, 2009 at 9:08 AM, Bob McConnell <rmcconne@lightlink.com> wrote: >> P Kapat wrote: >>> Host A (IP : 1.2.3.4) has the 8.1.11 postgress server running. I want >>> to set it up so that I can connect from Host B (IP 5.6.7.8). >>> >>> Relevant lines from /var/lib/pgsql/data/pg_hba.conf (on host A) >>> local all postgres ident sameuser >>> local all all ident sameuser >>> host all all 127.0.0.1/32 md5 >>> host all foouser 5.6.7.8/32 md5 >>> >>> Relevant lines form /var/lib/pgsql/data/postgresql.conf (on host A): >>> listen_addresses = 'localhost,5.6.7.8' >>> >>> Will this work? The firewall has 5432 port open for connection between A >>> and B. >>> >> Not quite. The listen_addresses should be 'localhost,1.2.3.4'. localhost is >> 127.0.0.1, which can be reached by any process on that machine. The other >> address is the TCP/IP address for the interface you want postgres to receive >> connections on. It has to be an address on the same computer as your server. >> i.e. one that shows up when you run 'ifconfig' on that box. It is probably >> easier to just use '*' unless you have multiple network interfaces. >> >> Don't forget to restart the server after you change those files. > > @Peter, Bob: Thanks. I had a wrong notion of "listen_addresses"! > Everything works fine now... > > One final question: Is there any "security" related difference > between, listen_addresses='localhost, 1.2.3.4' and > listen_addresses='*' that I should be aware of? There is only one > network card on the server machine, so does it matter? > AFAICT, when you run 'ifconfig' you get a list of all the interfaces that will be able to access the server when you use '*'. As long as you only have the one NIC and the loopback device, it shouldn't make any difference. But as soon as you add another NIC, configure a VM, or define a TUN or TAP device for a VPN, etc., you might want to limit the connection list just to minimize the load from that traffic. However, the actual security is set up in pg_hba.conf. Bob McConnell N2SPP
On Mon, Mar 16, 2009 at 6:42 PM, Bob McConnell <rmcconne@lightlink.com> wrote: > P Kapat wrote: >> >> On Sun, Mar 15, 2009 at 9:08 AM, Bob McConnell <rmcconne@lightlink.com> >> wrote: >>> >>> P Kapat wrote: >>>> >>>> Host A (IP : 1.2.3.4) has the 8.1.11 postgress server running. I want >>>> to set it up so that I can connect from Host B (IP 5.6.7.8). >>>> >>>> Relevant lines from /var/lib/pgsql/data/pg_hba.conf (on host A) >>>> local all postgres ident sameuser >>>> local all all ident sameuser >>>> host all all 127.0.0.1/32 md5 >>>> host all foouser 5.6.7.8/32 md5 >>>> >>>> Relevant lines form /var/lib/pgsql/data/postgresql.conf (on host A): >>>> listen_addresses = 'localhost,5.6.7.8' >>>> >>>> Will this work? The firewall has 5432 port open for connection between A >>>> and B. >>>> >>> Not quite. The listen_addresses should be 'localhost,1.2.3.4'. localhost >>> is >>> 127.0.0.1, which can be reached by any process on that machine. The other >>> address is the TCP/IP address for the interface you want postgres to >>> receive >>> connections on. It has to be an address on the same computer as your >>> server. >>> i.e. one that shows up when you run 'ifconfig' on that box. It is >>> probably >>> easier to just use '*' unless you have multiple network interfaces. >>> >>> Don't forget to restart the server after you change those files. >> >> @Peter, Bob: Thanks. I had a wrong notion of "listen_addresses"! >> Everything works fine now... >> >> One final question: Is there any "security" related difference >> between, listen_addresses='localhost, 1.2.3.4' and >> listen_addresses='*' that I should be aware of? There is only one >> network card on the server machine, so does it matter? >> > > AFAICT, when you run 'ifconfig' you get a list of all the interfaces that > will be able to access the server when you use '*'. As long as you only have > the one NIC and the loopback device, it shouldn't make any difference. But > as soon as you add another NIC, configure a VM, or define a TUN or TAP > device for a VPN, etc., you might want to limit the connection list just to > minimize the load from that traffic. However, the actual security is set up > in pg_hba.conf. Thanks Bob, I guess I'll stick with 'localhost,1.2.3.4' setup for now.... I already have a restricted config in pg_hba.conf... So, hopefully things should be OK. -- Regards PK -------------------------------------- http://counter.li.org #402424