From: | Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> |
---|---|
To: | Greg Smith <gsmith(at)gregsmith(dot)com> |
Cc: | Grzegorz Bus' <gall(at)p-team(dot)org>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: could not bind IPv4 socket |
Date: | 2009-05-01 06:23:12 |
Message-ID: | 49FA9550.9030005@postnewspapers.com.au |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Greg Smith wrote:
> Normal practice here is to set:
>
> listen_address='*'
>
> So that the server is remotely accessible from all of its interfaces,
> and then you can do all filtering of who can connect just via
> pg_hba.conf instead.
Just to expand on that:
listen_addresses is usually used if you want to do things like:
- Have the database running on a gateway host that's directly connected
to the Internet, but only permit connections to the database on the LAN
side, so even pre-auth exploits can't attack the database server from
the Internet side;
- Lock a cluster down to only be accessible from the local host, so
remote hosts can't even see it's running and can't attempt to talk to it; or
- Run multiple clusters on one host, each one bound to a different IP
address on the usual PostgreSQL port, so the machine hosting the
clusters looks like it's really multiple separate machines to outside users.
--
Craig Ringer
From | Date | Subject | |
---|---|---|---|
Next Message | Craig Ringer | 2009-05-01 06:31:48 | Re: 08P01: unexpected EOF on client connection |
Previous Message | Richard Broersma | 2009-05-01 05:38:28 | Re: retrieving primary key for row with MIN function |