On Mon, Mar 16, 2009 at 6:42 PM, Bob McConnell <rmcconne(at)lightlink(dot)com> wrote:
> P Kapat wrote:
>> On Sun, Mar 15, 2009 at 9:08 AM, Bob McConnell <rmcconne(at)lightlink(dot)com>
>>> P Kapat wrote:
>>>> Host A (IP : 22.214.171.124) has the 8.1.11 postgress server running. I want
>>>> to set it up so that I can connect from Host B (IP 126.96.36.199).
>>>> Relevant lines from /var/lib/pgsql/data/pg_hba.conf (on host A)
>>>> local all postgres ident sameuser
>>>> local all all ident sameuser
>>>> host all all 127.0.0.1/32 md5
>>>> host all foouser 188.8.131.52/32 md5
>>>> Relevant lines form /var/lib/pgsql/data/postgresql.conf (on host A):
>>>> listen_addresses = 'localhost,184.108.40.206'
>>>> Will this work? The firewall has 5432 port open for connection between A
>>>> and B.
>>> Not quite. The listen_addresses should be 'localhost,220.127.116.11'. localhost
>>> 127.0.0.1, which can be reached by any process on that machine. The other
>>> address is the TCP/IP address for the interface you want postgres to
>>> connections on. It has to be an address on the same computer as your
>>> i.e. one that shows up when you run 'ifconfig' on that box. It is
>>> easier to just use '*' unless you have multiple network interfaces.
>>> Don't forget to restart the server after you change those files.
>> @Peter, Bob: Thanks. I had a wrong notion of "listen_addresses"!
>> Everything works fine now...
>> One final question: Is there any "security" related difference
>> between, listen_addresses='localhost, 18.104.22.168' and
>> listen_addresses='*' that I should be aware of? There is only one
>> network card on the server machine, so does it matter?
> AFAICT, when you run 'ifconfig' you get a list of all the interfaces that
> will be able to access the server when you use '*'. As long as you only have
> the one NIC and the loopback device, it shouldn't make any difference. But
> as soon as you add another NIC, configure a VM, or define a TUN or TAP
> device for a VPN, etc., you might want to limit the connection list just to
> minimize the load from that traffic. However, the actual security is set up
> in pg_hba.conf.
Thanks Bob, I guess I'll stick with 'localhost,22.214.171.124' setup for
now.... I already have a restricted config in pg_hba.conf... So,
hopefully things should be OK.
In response to
pgsql-novice by date
|Next:||From: Ed Hudspeth||Date: 2009-03-18 15:02:07|
|Subject: Service start up error "The service name is invalid net helpmsg 2185"|
|Previous:||From: Bob McConnell||Date: 2009-03-16 22:42:25|
|Subject: Re: correct config (and syntax) for remote access|