Thread: listen_addresses = '*' ok, specific address(es) no
I'm running PostgreSQL 8.1.3. In my postgresql.conf, the following works: listen_addresses = '*' but the following does not: listen_addresses = '192.168.1.33' I get an error: WARNING: could not create listen socket for "192.168.1.33" FATAL: could not create any TCP/IP sockets I'm running Mac OS X 10.4.6 on PPC, if that makes a difference. For now, listen_addresses = '*' works for me, but I was curious why I couldn't use the more restrictive listen_addresses. Geoffrey -- Geoffrey S. Knauth | http://knauth.org/gsk
On Thu, Jun 15, 2006 at 10:05:26AM -0400, Geoffrey Knauth wrote: > I get an error: > WARNING: could not create listen socket for "192.168.1.33" > FATAL: could not create any TCP/IP sockets > > I'm running Mac OS X 10.4.6 on PPC, if that makes a difference. Well, do you actually have an interface with that address? A -- Andrew Sullivan | ajs@crankycanuck.ca "The year's penultimate month" is not in truth a good way of saying November. --H.W. Fowler
Geoffrey Knauth <geoff@knauth.org> writes:
> I'm running PostgreSQL 8.1.3. In my postgresql.conf, the following
> works:
> listen_addresses = '*'
> but the following does not:
> listen_addresses = '192.168.1.33'
> I get an error:
> WARNING: could not create listen socket for "192.168.1.33"
> FATAL: could not create any TCP/IP sockets
There should be more info than that --- AFAICS all the failure paths in
that code emit LOG messages. Perhaps you have log_min_messages set too
high to allow the info to come out?
regards, tom lane
Tom, I omitted the LOG and HINT lines before. LOG: could not bind IPv4 socket: Can't assign requested address HINT: Is another postmaster already running on port 5432? If not, wait a few seconds and retry. WARNING: could not create listen socket for "192.168.1.33" FATAL: could not create any TCP/IP sockets This works fine if I use '*' instead of '192.168.1.33'. Andrew Sullivan wrote: > Well, do you actually have an interface with that address? I think I do, in that the machine's wireless interface is set up with a 192.168.1.x/24 address and 1.33 is on the same subnet. Or maybe I'm misunderstanding. I thought the purpose of listen_addresses was to allowing incoming connections only from listed addresses. Geoff On Jun 15, 2006, at 10:40, Tom Lane wrote: > Geoffrey Knauth <geoff@knauth.org> writes: >> I'm running PostgreSQL 8.1.3. In my postgresql.conf, the following >> works: >> listen_addresses = '*' > >> but the following does not: >> listen_addresses = '192.168.1.33' > >> I get an error: >> WARNING: could not create listen socket for "192.168.1.33" >> FATAL: could not create any TCP/IP sockets > > There should be more info than that --- AFAICS all the failure > paths in > that code emit LOG messages. Perhaps you have log_min_messages set > too > high to allow the info to come out?
Geoffrey Knauth <geoff@knauth.org> writes:
> Andrew Sullivan wrote:
>> Well, do you actually have an interface with that address?
> I think I do, in that the machine's wireless interface is set up with
> a 192.168.1.x/24 address and 1.33 is on the same subnet. Or maybe
> I'm misunderstanding. I thought the purpose of listen_addresses was
> to allowing incoming connections only from listed addresses.
You're misunderstanding then. What listen_addresses can bind to is IP
addresses of *your own machine*. For example, if you bind to only
127.0.0.1 then only local loopback connections will work. Binding to
just one external IP address is only interesting if your machine has
more than one such address; then it prevents connections that're coming
in through one of the other addresses.
The right way to limit incoming connections to only come *from*
particular IP addresses is to use pg_hba.conf.
regards, tom lane
Re: listen_addresses = '*' ok, specific address(es) no (.... and a thread hi-jack!)
From
"Phillip Smith"
Date:
Hi Geoff, Listen_addresses means what local interface to listen to connections - ie, if you have 2 network interfaces (cards) in the machine that go to 2 different networks - such as one to the internet and one to your LAN, you could tell Postgres to only listen on the LAN interface for connections so it won't accept connections from anything on the internet. What you're after would be better done by a firewall (ipchains / iptables) <HIJACK> I've just installed Postgres 8.1 on RedHat 7.1 and I'm getting the error: "2006-06-16 14:49:00 NZST @ []LOG: could not create IPv6 socket: Address family not supported by protocol" RedHat 7.1 does not support IPv6, but I don't need it - how can I disable it? I've set my listen_addresses to:listen_addresses = '172.23.0.1' Yes, I do have a local address 172.23.0.1 as per output from ifconfig: [postgres@wbnz pgsql]$ ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:20:ED:38:EB:F4 inet addr:172.23.0.1 Bcast:172.23.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2548578 errors:0 dropped:0overruns:0 frame:0 TX packets:2479774 errors:0 dropped:0 overruns:1 carrier:0 collisions:0 txqueuelen:100 Interrupt:18 Base address:0xe000 Memory:e0998000-e0998c40 </HIJACK> Cheers, -p -----Original Message----- From: pgsql-sql-owner@postgresql.org [mailto:pgsql-sql-owner@postgresql.org] On Behalf Of Geoffrey Knauth Sent: Friday, 16 June 2006 12:06 PM To: pgsql-sql@postgresql.org Subject: Re: [SQL] listen_addresses = '*' ok, specific address(es) no Tom, I omitted the LOG and HINT lines before. LOG: could not bind IPv4 socket: Can't assign requested address HINT: Is another postmaster already running on port 5432? If not, wait a few seconds and retry. WARNING: could not create listen socket for "192.168.1.33" FATAL: could not create any TCP/IP sockets This works fine if I use '*' instead of '192.168.1.33'. Andrew Sullivan wrote: > Well, do you actually have an interface with that address? I think I do, in that the machine's wireless interface is set up with a 192.168.1.x/24 address and 1.33 is on the same subnet. Or maybe I'm misunderstanding. I thought the purpose of listen_addresses was to allowing incoming connections only from listed addresses. Geoff On Jun 15, 2006, at 10:40, Tom Lane wrote: > Geoffrey Knauth <geoff@knauth.org> writes: >> I'm running PostgreSQL 8.1.3. In my postgresql.conf, the following >> works: >> listen_addresses = '*' > >> but the following does not: >> listen_addresses = '192.168.1.33' > >> I get an error: >> WARNING: could not create listen socket for "192.168.1.33" >> FATAL: could not create any TCP/IP sockets > > There should be more info than that --- AFAICS all the failure > paths in > that code emit LOG messages. Perhaps you have log_min_messages set > too > high to allow the info to come out? ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster *******************Confidentiality and Privilege Notice******************* The material contained in this message is privileged and confidential to the addressee. If you are not the addressee indicated in this message or responsible for delivery of the message to such person, you may not copy or deliver this message to anyone, and you should destroy it and kindly notify the sender by reply email. Information in this message that does not relate to the official business of Weatherbeeta must be treated as neither given nor endorsed by Weatherbeeta. Weatherbeeta, its employees, contractors or associates shall not be liable for direct, indirect or consequential loss arising from transmission of this message or any attachments
quote:
"The right way to limit incoming connections to only come *from*
particular IP addresses is to use pg_hba.conf."
Apologies Geoff - that would be the easier way rather than ipchains /
iptables.
-p
-----Original Message-----
From: pgsql-sql-owner@postgresql.org [mailto:pgsql-sql-owner@postgresql.org]
On Behalf Of Tom Lane
Sent: Friday, 16 June 2006 12:47 PM
To: Geoffrey Knauth
Cc: pgsql-sql@postgresql.org
Subject: Re: [SQL] listen_addresses = '*' ok, specific address(es) no
Geoffrey Knauth <geoff@knauth.org> writes:
> Andrew Sullivan wrote:
>> Well, do you actually have an interface with that address?
> I think I do, in that the machine's wireless interface is set up with
> a 192.168.1.x/24 address and 1.33 is on the same subnet. Or maybe
> I'm misunderstanding. I thought the purpose of listen_addresses was
> to allowing incoming connections only from listed addresses.
You're misunderstanding then. What listen_addresses can bind to is IP
addresses of *your own machine*. For example, if you bind to only
127.0.0.1 then only local loopback connections will work. Binding to
just one external IP address is only interesting if your machine has
more than one such address; then it prevents connections that're coming
in through one of the other addresses.
The right way to limit incoming connections to only come *from*
particular IP addresses is to use pg_hba.conf.
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings
*******************Confidentiality and Privilege Notice*******************
The material contained in this message is privileged and confidential to
the addressee. If you are not the addressee indicated in this message or
responsible for delivery of the message to such person, you may not copy
or deliver this message to anyone, and you should destroy it and kindly
notify the sender by reply email.
Information in this message that does not relate to the official business
of Weatherbeeta must be treated as neither given nor endorsed by Weatherbeeta.
Weatherbeeta, its employees, contractors or associates shall not be liable
for direct, indirect or consequential loss arising from transmission of this
message or any attachments
Re: listen_addresses = '*' ok, specific address(es) no (.... and a thread hi-jack!)
From
Tom Lane
Date:
"Phillip Smith" <phillips@weatherbeeta.com.au> writes:
> <HIJACK>
> I've just installed Postgres 8.1 on RedHat 7.1
Uh ... *why*? I wouldn't use RH 7.1 today any more than I'd use PG 7.1 ...
> and I'm getting the error:
> "2006-06-16 14:49:00 NZST @ []LOG: could not create IPv6 socket: Address
> family not supported by protocol"
It seems you've got libc code that supports IPv6 even though your kernel
does not (else PG would not have been told that an IPv6 address was a
possible translation of "localhost"). PG copes with this but will issue
LOG messages complaining about it. If you don't like the warnings, fix
your system so it's all on the same page about whether IPv6 is supported.
regards, tom lane
Re: listen_addresses = '*' ok, specific address(es) no (.... and a thread hi-jack!)
From
"Phillip Smith"
Date:
Dang - Our NZ operations are a lot smaller than ours. They only have the one
Linux server and it's primary role is to run the D3 gear I was talking about
the other day - same in Australia!! I am trying to get the number crunchers
to fork out the $$$ for RH ES4 and a nice new server.
Thanks Tom, I'll put up with the errors for now until I can get them a new
server.
-p
-----Original Message-----
From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
Sent: Friday, 16 June 2006 1:04 PM
To: phillips@weatherbeeta.com.au
Cc: pgsql-sql@postgresql.org
Subject: Re: [SQL] listen_addresses = '*' ok, specific address(es) no (....
and a thread hi-jack!)
"Phillip Smith" <phillips@weatherbeeta.com.au> writes:
> <HIJACK>
> I've just installed Postgres 8.1 on RedHat 7.1
Uh ... *why*? I wouldn't use RH 7.1 today any more than I'd use PG 7.1 ...
> and I'm getting the error:
> "2006-06-16 14:49:00 NZST @ []LOG: could not create IPv6 socket: Address
> family not supported by protocol"
It seems you've got libc code that supports IPv6 even though your kernel
does not (else PG would not have been told that an IPv6 address was a
possible translation of "localhost"). PG copes with this but will issue
LOG messages complaining about it. If you don't like the warnings, fix
your system so it's all on the same page about whether IPv6 is supported.
regards, tom lane
*******************Confidentiality and Privilege Notice*******************
The material contained in this message is privileged and confidential to
the addressee. If you are not the addressee indicated in this message or
responsible for delivery of the message to such person, you may not copy
or deliver this message to anyone, and you should destroy it and kindly
notify the sender by reply email.
Information in this message that does not relate to the official business
of Weatherbeeta must be treated as neither given nor endorsed by Weatherbeeta.
Weatherbeeta, its employees, contractors or associates shall not be liable
for direct, indirect or consequential loss arising from transmission of this
message or any attachments
Thank you Tom Lane and Phillip Smith, you've answered my questions. --Geoff On Jun 15, 2006, at 22:46, Tom Lane wrote: > Geoffrey Knauth <geoff@knauth.org> writes: >> Andrew Sullivan wrote: >>> Well, do you actually have an interface with that address? > >> I think I do, in that the machine's wireless interface is set up with >> a 192.168.1.x/24 address and 1.33 is on the same subnet. Or maybe >> I'm misunderstanding. I thought the purpose of listen_addresses was >> to allowing incoming connections only from listed addresses. > > You're misunderstanding then. What listen_addresses can bind to is IP > addresses of *your own machine*. For example, if you bind to only > 127.0.0.1 then only local loopback connections will work. Binding to > just one external IP address is only interesting if your machine has > more than one such address; then it prevents connections that're > coming > in through one of the other addresses. > > The right way to limit incoming connections to only come *from* > particular IP addresses is to use pg_hba.conf. > > regards, tom lane