Skip site navigation (1) Skip section navigation (2)

Re: Postgres database and firewall

From: Shane Ambler <pgsql(at)Sheeky(dot)Biz>
To: Bhella Paramjeet-PFCW67 <PBhella(at)Motorola(dot)com>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: Postgres database and firewall
Date: 2008-03-20 07:48:10
Message-ID: 47E216BA.50406@Sheeky.Biz (view raw or flat)
Thread:
Lists: pgsql-admin
Bhella Paramjeet-PFCW67 wrote:
> Hi 
> 
> 
> We will be setting up a production postgres database to which an
> application will connect through a firewall. Can any one please tell me
> if there is any configuration that needs to be done on the postgres
> database side for firewall. Is there any documentation that I can refer
> to. Any help will be appreciated. 
> 
> Thanks
> Paramjeet Bhella
>  
> 

If you are using NAT then you need port forwarding setup on the 
firewall. If not then you need to make sure it allows the pg traffic 
through.
Your firewall docs will show how to setup that. Default port for pg is 5432

As far as pg config goes the client ip addresses need to be allowed to 
connect. This is setup in pg_hba.conf

see chapter 21 
http://www.postgresql.org/docs/8.3/interactive/client-authentication.html

For connections over the internet you should configure postgresql with 
SSL support and use something like -

hostssl    mydb  +usergroup  192.168.1.0/24  md5


The problems arise if you want to allow roaming users that can have 
varying ip addresses - try to find a solution that doesn't allow any 
computer on the net to connect.


Will you (or can you) have VPN access to the internal network?



-- 

Shane Ambler
pgSQL (at) Sheeky (dot) Biz

Get Sheeky @ http://Sheeky.Biz

In response to

Responses

pgsql-admin by date

Next:From: Aftab AlamDate: 2008-03-20 09:42:43
Subject: Postgres Performance
Previous:From: Aftab AlamDate: 2008-03-20 05:38:09
Subject: Postgres Performance

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group