Re: ssl tunneling in postgres 8.1

Tom, thanks again for correcting the confusion and my lack of
knowledge in SSH tunneling.

On 11/19/08, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> "P Kapat" <kap4lin(at)gmail(dot)com> writes:
>> The suggested commands are:
>
>> client$ ssh -L 3333:foo.com:5432 joe(at)foo(dot)com
>> client$ psql -h localhost -p 3333 postgres
>
>> They are just INCOMPLETE, half-baked mess :( In fact, they are simply
>> wrong!
>
> They're not wrong. There's still something funny about your setup
> if that doesn't work ...

OK, agreed, it is not wrong, but it is certainly not transparent
either. If I understand the things now, the documentation as is (-L
3333:foo.com:5432) works as long as

listen_addresses = '*' OR listen_addresses = 'a.b.c.d' (where a.b.c.d
is the IP of foo.com)

in postgresql.conf. Am I right? If so, is this obvious from the online
documentation? Unfortunately, it wasn't to me!

>> The correct commands are (at least the ones that worked in my case):
>
>> client$ ssh -R 5432:localhost:3333 -L 3333:localhost:5432 joe(at)foo(dot)com
>
> The -R switch is useless here. The important point AFAICT is that you
> used localhost rather than foo.com in the -L switch. That name is being
> evaluated at the remote end. What I suppose is happening is that the
> Postgres server is configured to listen to 127.0.0.1 (ie, "localhost")
> but not its external IP address (whatever "foo.com" resolves as).

Precisely, that is the configuration: " listen_addresses = 'localhost'
".... In which case, " -L 3333:localhost:5432 " has to be used.
Shouldn't this be mentioned in the documentation? This whole thing is
not trivial!!!

> regards, tom lane

Thanks again for the help, sincerely appreciated.

--
Regards
PK
--------------------------------------
http://counter.li.org #402424