Skip site navigation (1) Skip section navigation (2)

Re: ssl tunneling in postgres 8.1

From: "Obe, Regina" <robe(dot)dnd(at)cityofboston(dot)gov>
To: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>,"P Kapat" <kap4lin(at)gmail(dot)com>
Cc: <pgsql-novice(at)postgresql(dot)org>
Subject: Re: ssl tunneling in postgres 8.1
Date: 2008-11-19 20:20:11
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-novice
> They're not wrong.  There's still something funny about your setup
> if that doesn't work ... and I'm afraid Regina's suggestion of a
> reverse channel is just nonsense.

>> The correct commands are (at least the ones that worked in my case):

>> client$ ssh -R 5432:localhost:3333 -L 3333:localhost:5432 joe(at)foo(dot)com

> The -R switch is useless here.  The important point AFAICT is that you
> used localhost rather than in the -L switch.  That name is being
> evaluated at the remote end.  What I suppose is happening is that the
> Postgres server is configured to listen to (ie, "localhost")
> but not its external IP address (whatever "" resolves as).
> If you don't want to change that then "localhost" is the correct thing
> to be using.

I'll have to try this with just an ssh raw command.  I was trying it in putty
and in order for it to work if my localhost port was different from the server's listening port
I had to put in that extra forward rule. I fiddled with the port thingys and it seemed I needed 2. I'll give it another go.

If the ports were the same, all worked fine.  This is in situation similar to above where my remote postgresql is only listening on localhost.

I thought it was strange too, but that was just merely my speculation of why I needed to put that extra rule in there.  Maybe I just had the command wrong to begin with.  

So why did I need to put that extra one in?  Anyrate all these forwarding port direction/firewall inbound/outbound things confuse the hell out of me.  I do have a firewall that doesn't allow inbound connections on my local network.  Wonder if that plays a role somehow.

The substance of this message, including any attachments, may be
confidential, legally privileged and/or exempt from disclosure
pursuant to Massachusetts law. It is intended
solely for the addressee. If you received this in error, please
contact the sender and delete the material from any computer.

In response to


pgsql-novice by date

Next:From: P KapatDate: 2008-11-19 20:40:14
Subject: Re: ssl tunneling in postgres 8.1
Previous:From: Mark WimerDate: 2008-11-19 19:31:24
Subject: Re: connecting /sharing tables across databases

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group