Skip site navigation (1) Skip section navigation (2)

Re: correct config (and syntax) for remote access

From: Bob McConnell <rmcconne(at)lightlink(dot)com>
To: P Kapat <kap4lin(at)gmail(dot)com>
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: correct config (and syntax) for remote access
Date: 2009-03-16 22:42:25
Message-ID: 49BED5D1.4090803@lightlink.com (view raw or flat)
Thread:
Lists: pgsql-novice
P Kapat wrote:
> On Sun, Mar 15, 2009 at 9:08 AM, Bob McConnell <rmcconne(at)lightlink(dot)com> wrote:
>> P Kapat wrote:
>>> Host A (IP : 1.2.3.4) has the 8.1.11 postgress server running. I want
>>> to set it up so that I can connect from Host B (IP 5.6.7.8).
>>>
>>> Relevant lines from /var/lib/pgsql/data/pg_hba.conf (on host A)
>>> local   all         postgres                          ident sameuser
>>> local   all         all                               ident sameuser
>>> host    all         all         127.0.0.1/32          md5
>>> host    all         foouser      5.6.7.8/32       md5
>>>
>>> Relevant lines form /var/lib/pgsql/data/postgresql.conf (on host A):
>>> listen_addresses = 'localhost,5.6.7.8'
>>>
>>> Will this work? The firewall has 5432 port open for connection between A
>>> and B.
>>>
>> Not quite. The listen_addresses should be 'localhost,1.2.3.4'. localhost is
>> 127.0.0.1, which can be reached by any process on that machine. The other
>> address is the TCP/IP address for the interface you want postgres to receive
>> connections on. It has to be an address on the same computer as your server.
>> i.e. one that shows up when you run 'ifconfig' on that box. It is probably
>> easier to just use '*' unless you have multiple network interfaces.
>>
>> Don't forget to restart the server after you change those files.
> 
> @Peter, Bob: Thanks. I had a wrong notion of "listen_addresses"!
> Everything works fine now...
> 
> One final question: Is there any "security" related difference
> between, listen_addresses='localhost, 1.2.3.4' and
> listen_addresses='*' that I should be aware of? There is only one
> network card on the server machine, so does it matter?
> 

AFAICT, when you run 'ifconfig' you get a list of all the interfaces 
that will be able to access the server when you use '*'. As long as you 
only have the one NIC and the loopback device, it shouldn't make any 
difference. But as soon as you add another NIC, configure a VM, or 
define a TUN or TAP device for a VPN, etc., you might want to limit the 
connection list just to minimize the load from that traffic. However, 
the actual security is set up in pg_hba.conf.

Bob McConnell
N2SPP

In response to

Responses

pgsql-novice by date

Next:From: P KapatDate: 2009-03-17 16:05:48
Subject: Re: correct config (and syntax) for remote access
Previous:From: P KapatDate: 2009-03-16 18:40:28
Subject: Re: correct config (and syntax) for remote access

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group