From: | Bruce Hyatt <brucejhyatt(at)yahoo(dot)com> |
---|---|
To: | Ognjen Blagojevic <ognjen(at)etf(dot)bg(dot)ac(dot)rs> |
Cc: | pgsql-novice(at)postgresql(dot)org |
Subject: | Re: Fw: Re: connection refused |
Date: | 2008-12-23 01:54:59 |
Message-ID: | 249793.80275.qm@web34407.mail.mud.yahoo.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
--- On Mon, 12/22/08, Ognjen Blagojevic <ognjen(at)etf(dot)bg(dot)ac(dot)rs> wrote:
> Bruce Hyatt wrote:
> > I got 'connect failed' but here's my
> iptables chains:
> ...
> > Chain RH-Firewall-1-INPUT (2 references)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> > ACCEPT icmp -- anywhere anywhere
> icmp any
> > ACCEPT ipv6-crypt-- anywhere anywhere
> > ACCEPT ipv6-auth-- anywhere anywhere
> > ACCEPT udp -- anywhere 224.0.0.251
> udp dpt:5353
> > ACCEPT udp -- anywhere anywhere
> udp dpt:ipp
> > ACCEPT all -- anywhere anywhere
> state RELATED,ESTABLISHED
> > ACCEPT tcp -- anywhere anywhere
> state NEW tcp dpt:http
> > REJECT all -- anywhere anywhere
> reject-with icmp-host-prohibited
> >
> > It doesn't look to me like anything is restricted
> (except icmp).
>
> I don't think this is good. I only see port 80 being
> open. I'm not an expert with iptables, but you should
> have something like
>
> ACCEPT tcp -- anywhere anywhere
> state NEW tcp dpt:postgres
>
> listed above the reject line.
I tried "iptables -A RH-Firewall-1-INPUT -p tcp --dport postgres" and "iptables -I RH-Firewall-1-INPUT 7 -p tcp --dport postgres" and neither worked. It looks like the problem is it didn't have "ACCEPT" in front of the rule:
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Bruce
From | Date | Subject | |
---|---|---|---|
Next Message | Ognjen Blagojevic | 2008-12-23 12:13:17 | Re: Fw: Re: connection refused |
Previous Message | Stephen Choularton | 2008-12-22 22:04:59 | internet explorer patch |