Skip site navigation (1) Skip section navigation (2)

Re: correct config (and syntax) for remote access

From: Bob McConnell <rmcconne(at)lightlink(dot)com>
To: P Kapat <kap4lin(at)gmail(dot)com>
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: correct config (and syntax) for remote access
Date: 2009-03-16 22:42:25
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-novice
P Kapat wrote:
> On Sun, Mar 15, 2009 at 9:08 AM, Bob McConnell <rmcconne(at)lightlink(dot)com> wrote:
>> P Kapat wrote:
>>> Host A (IP : has the 8.1.11 postgress server running. I want
>>> to set it up so that I can connect from Host B (IP
>>> Relevant lines from /var/lib/pgsql/data/pg_hba.conf (on host A)
>>> local   all         postgres                          ident sameuser
>>> local   all         all                               ident sameuser
>>> host    all         all          md5
>>> host    all         foouser       md5
>>> Relevant lines form /var/lib/pgsql/data/postgresql.conf (on host A):
>>> listen_addresses = 'localhost,'
>>> Will this work? The firewall has 5432 port open for connection between A
>>> and B.
>> Not quite. The listen_addresses should be 'localhost,'. localhost is
>>, which can be reached by any process on that machine. The other
>> address is the TCP/IP address for the interface you want postgres to receive
>> connections on. It has to be an address on the same computer as your server.
>> i.e. one that shows up when you run 'ifconfig' on that box. It is probably
>> easier to just use '*' unless you have multiple network interfaces.
>> Don't forget to restart the server after you change those files.
> @Peter, Bob: Thanks. I had a wrong notion of "listen_addresses"!
> Everything works fine now...
> One final question: Is there any "security" related difference
> between, listen_addresses='localhost,' and
> listen_addresses='*' that I should be aware of? There is only one
> network card on the server machine, so does it matter?

AFAICT, when you run 'ifconfig' you get a list of all the interfaces 
that will be able to access the server when you use '*'. As long as you 
only have the one NIC and the loopback device, it shouldn't make any 
difference. But as soon as you add another NIC, configure a VM, or 
define a TUN or TAP device for a VPN, etc., you might want to limit the 
connection list just to minimize the load from that traffic. However, 
the actual security is set up in pg_hba.conf.

Bob McConnell

In response to


pgsql-novice by date

Next:From: P KapatDate: 2009-03-17 16:05:48
Subject: Re: correct config (and syntax) for remote access
Previous:From: P KapatDate: 2009-03-16 18:40:28
Subject: Re: correct config (and syntax) for remote access

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group