Skip site navigation (1) Skip section navigation (2)

Re: Fw: Re: connection refused

From: Ognjen Blagojevic <ognjen(at)etf(dot)bg(dot)ac(dot)yu>
To: pgsql-novice(at)postgresql(dot)org
Subject: Re: Fw: Re: connection refused
Date: 2008-12-23 12:13:17
Message-ID: 4950D5DD.6030400@etf.bg.ac.yu (view raw or flat)
Thread:
Lists: pgsql-novice
Bruce Hyatt wrote:
> --- On Mon, 12/22/08, Ognjen Blagojevic <ognjen(at)etf(dot)bg(dot)ac(dot)rs> wrote:
> 
>> Bruce Hyatt wrote:
>>> I got 'connect failed' but here's my
>> iptables chains:
>> ...
>>> Chain RH-Firewall-1-INPUT (2 references)
>>> target     prot opt source               destination
>>> ACCEPT     all  --  anywhere             anywhere
>>> ACCEPT     icmp --  anywhere             anywhere     
>>       icmp any
>>> ACCEPT     ipv6-crypt--  anywhere             anywhere
>>> ACCEPT     ipv6-auth--  anywhere             anywhere
>>> ACCEPT     udp  --  anywhere             224.0.0.251  
>>       udp dpt:5353
>>> ACCEPT     udp  --  anywhere             anywhere     
>>       udp dpt:ipp
>>> ACCEPT     all  --  anywhere             anywhere     
>>       state RELATED,ESTABLISHED
>>> ACCEPT     tcp  --  anywhere             anywhere     
>>       state NEW tcp dpt:http
>>> REJECT     all  --  anywhere             anywhere     
>>       reject-with icmp-host-prohibited
>>> It doesn't look to me like anything is restricted
>> (except icmp).
>>
>> I don't think this is good. I only see port 80 being
>> open. I'm not an expert with iptables, but you should
>> have something like
>>
>> ACCEPT     tcp  --  anywhere             anywhere          
>>  state NEW tcp dpt:postgres
>>
>> listed above the reject line.
> 
> I tried "iptables -A RH-Firewall-1-INPUT -p tcp --dport postgres" and "iptables -I RH-Firewall-1-INPUT 7 -p tcp --dport postgres" and neither worked. It looks like the problem is it didn't have "ACCEPT" in front of the rule:
> 
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631 
>            tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:5432 
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
> 
> Bruce

I think you need to add "-j ACCEPT" to the command.

-Ognejn

In response to

Responses

pgsql-novice by date

Next:From: Bastiaan OlijDate: 2008-12-23 23:02:06
Subject: Difference between dates
Previous:From: Bruce HyattDate: 2008-12-23 01:54:59
Subject: Re: Fw: Re: connection refused

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group