Re: pg_hba.conf is driving me nuts

On Sat, Dec 15, 2007 at 01:39:44PM +0200, Klay Martens wrote:

> Hi..yes, I have set the "listen_addresses" to "*"...rather an obvious first
> stop...As I said - I have no problems connecting locally, or on a LAN - no
> sweat at all. Simply cannot get the connection to work from another network
> over a WAN. I believe the problem stems from my not setting pg_hba.conf
> correctly, but I would love to test this!
> This is my pg_hba.conf file from my developement box:
>
> # TYPE DATABASE USER CIDR-ADDRESS METHOD
> # IPv4 local connections:
> host all all 127.0.0.1/32 md5
> # IPv6 local connections:
> host all all 10.0.0.0/24 md5
> host all all 0.0.0.0 0.0.0.0 md5
>
> At one stage, I even looked up the source ip address reported by aports when
> I was logged onto the machine remotely..even that address did not work. So I
> figure there is a problem with the subnet mask (don't realy understand the
> address masks all that well - I am a programmer, not a network tekkie, so it
> is kind of new territory for me). What I was wondering is if there was some
> way to allow any host to connect, regardless of ip and subnet which was the
> behaviour I expected from the 0.0.0.0 0.0.0.0 setting - of course it did
> absolutely nothing.

What does the logfile say? Does PostgreSQL get a connection at all? It
should list the IP of the connecting host and a reason.

Netmasks in short (and incomplete): IPv4 address is 32bit
(0.0.0.0-255.255.255.255), netmask says how many bits neet to match,
counted from left. E.g. netmask /8 says: first 8 bits have to match,
that is, first number must be equal. /16 says: first 16 bits have to
match - first and second number must be equal. /32 means: IP has to
match.

HTH,

Tino.

--
www.craniosacralzentrum.de
www.lebensraum11.de
www.spiritualdesign-chemnitz.de

Tino Schwarze * Parkstraße 17h * 09120 Chemnitz