Re: Allowing client access

Hi Timmy

You need to use CIDR form in your pg_hba.conf. So:

host all testuser 111.222.333.444/32 md5

Most likely you would probably want to ensure ssl connection if coming
over untrusted network. So, at minimum, this is better:

hostssl all testuser 111.222.333.444/32 md5

This is better still:

hostssl testdb testuser 111.222.333.444/32 md5

Better still (IMHO) is to keep it local and use ssh tunnel, but I
understand that might be difficult and not necessarily desirable,
depending on the context.

Regards
Bob

On Wed, 9 Oct 2019 at 13:34, Timmy Siu <timmy(dot)siu(at)aol(dot)com> wrote:
>
> Dear All Users,
>
> How do I allow an external client IP address access to my pgsql server?
>
> According to my own experience and test, if I set the external client IP address to, for example, 111.222.333.444 in the file /etc/postgresql/11/main/pg_hba.conf, it will not be able to connect to the server:
> #TYPE?????? DATABASE?????? ?? USER?????? ?????? ?????? ADDRESS?????? ?????? ?????? METHOD
> host?????? all?????? ?????? ?????? testuser ???? ?????? 111.222.333.444?????? md5
>
> I must set "address" to "any" as in the following:
> #TYPE?????? DATABASE?????? ?? USER?????? ?????? ?????? ADDRESS?????? ?????? METHOD
> host?????? all?????? ?????? ?????? testuser ???? ?????? 0.0.0.0/0?????? ?? md5
>
>
> Can I limit access to my pgsql server through TCP Wrapper? What is the related executable?
>
>
> Regards,
> Timmy
>
> ??