Skip site navigation (1) Skip section navigation (2)

Re: correct config (and syntax) for remote access

From: P Kapat <kap4lin(at)gmail(dot)com>
To: Bob McConnell <rmcconne(at)lightlink(dot)com>
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: correct config (and syntax) for remote access
Date: 2009-03-17 16:05:48
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-novice
On Mon, Mar 16, 2009 at 6:42 PM, Bob McConnell <rmcconne(at)lightlink(dot)com> wrote:
> P Kapat wrote:
>> On Sun, Mar 15, 2009 at 9:08 AM, Bob McConnell <rmcconne(at)lightlink(dot)com>
>> wrote:
>>> P Kapat wrote:
>>>> Host A (IP : has the 8.1.11 postgress server running. I want
>>>> to set it up so that I can connect from Host B (IP
>>>> Relevant lines from /var/lib/pgsql/data/pg_hba.conf (on host A)
>>>> local   all         postgres                          ident sameuser
>>>> local   all         all                               ident sameuser
>>>> host    all         all          md5
>>>> host    all         foouser       md5
>>>> Relevant lines form /var/lib/pgsql/data/postgresql.conf (on host A):
>>>> listen_addresses = 'localhost,'
>>>> Will this work? The firewall has 5432 port open for connection between A
>>>> and B.
>>> Not quite. The listen_addresses should be 'localhost,'. localhost
>>> is
>>>, which can be reached by any process on that machine. The other
>>> address is the TCP/IP address for the interface you want postgres to
>>> receive
>>> connections on. It has to be an address on the same computer as your
>>> server.
>>> i.e. one that shows up when you run 'ifconfig' on that box. It is
>>> probably
>>> easier to just use '*' unless you have multiple network interfaces.
>>> Don't forget to restart the server after you change those files.
>> @Peter, Bob: Thanks. I had a wrong notion of "listen_addresses"!
>> Everything works fine now...
>> One final question: Is there any "security" related difference
>> between, listen_addresses='localhost,' and
>> listen_addresses='*' that I should be aware of? There is only one
>> network card on the server machine, so does it matter?
> AFAICT, when you run 'ifconfig' you get a list of all the interfaces that
> will be able to access the server when you use '*'. As long as you only have
> the one NIC and the loopback device, it shouldn't make any difference. But
> as soon as you add another NIC, configure a VM, or define a TUN or TAP
> device for a VPN, etc., you might want to limit the connection list just to
> minimize the load from that traffic. However, the actual security is set up
> in pg_hba.conf.

Thanks Bob, I guess I'll stick with 'localhost,' setup for
now.... I already have a restricted config in pg_hba.conf... So,
hopefully things should be OK.

--------------------------------------  #402424

In response to

pgsql-novice by date

Next:From: Ed HudspethDate: 2009-03-18 15:02:07
Subject: Service start up error "The service name is invalid net helpmsg 2185"
Previous:From: Bob McConnellDate: 2009-03-16 22:42:25
Subject: Re: correct config (and syntax) for remote access

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group