Skip site navigation (1) Skip section navigation (2)

Re: ssl tunneling in postgres 8.1

From: "P Kapat" <kap4lin(at)gmail(dot)com>
To: pgsql-novice(at)postgresql(dot)org
Subject: Re: ssl tunneling in postgres 8.1
Date: 2008-11-19 20:55:50
Message-ID: daef5be80811191255v1a8bb4c4t839a8ade0b85236f@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-novice
Tom, thanks again for correcting the confusion and my lack of
knowledge in SSH tunneling.

On 11/19/08, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> "P Kapat" <kap4lin(at)gmail(dot)com> writes:
>> The suggested commands are:
>
>> client$ ssh -L 3333:foo.com:5432 joe(at)foo(dot)com
>> client$ psql -h localhost -p 3333 postgres
>
>> They are just INCOMPLETE, half-baked mess :( In fact, they are simply
>> wrong!
>
> They're not wrong.  There's still something funny about your setup
> if that doesn't work ...

OK, agreed, it is not wrong, but it is certainly not transparent
either. If I understand the things now, the documentation as is  (-L
3333:foo.com:5432) works as long as

listen_addresses = '*'  OR listen_addresses = 'a.b.c.d' (where a.b.c.d
is the IP of foo.com)

in postgresql.conf. Am I right? If so, is this obvious from the online
documentation? Unfortunately, it wasn't to me!

>> The correct commands are (at least the ones that worked in my case):
>
>> client$ ssh -R 5432:localhost:3333 -L 3333:localhost:5432 joe(at)foo(dot)com
>
> The -R switch is useless here.  The important point AFAICT is that you
> used localhost rather than foo.com in the -L switch.  That name is being
> evaluated at the remote end.  What I suppose is happening is that the
> Postgres server is configured to listen to 127.0.0.1 (ie, "localhost")
> but not its external IP address (whatever "foo.com" resolves as).

Precisely, that is the configuration: " listen_addresses = 'localhost'
".... In which case, " -L 3333:localhost:5432 " has to be used.
Shouldn't this be mentioned in the documentation? This whole thing is
not trivial!!!

> 			regards, tom lane

Thanks again for the help, sincerely appreciated.

-- 
Regards
PK
--------------------------------------
http://counter.li.org  #402424

In response to

Responses

pgsql-novice by date

Next:From: Obe, ReginaDate: 2008-11-19 21:46:31
Subject: Re: ssl tunneling in postgres 8.1
Previous:From: P KapatDate: 2008-11-19 20:40:14
Subject: Re: ssl tunneling in postgres 8.1

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group