Re: Access to PostgreSQL database from external world

On Tue, Sep 19, 2006 at 06:05:12AM -0700, Lukasz wrote:
> I would like to install a PostgreSQL. I know how to manage the database
> itself, creae databases, user, groups and so on. But I don't know how
> to allow other users, who are outside LAN to connect to database
> through Internet.
>
> For example, my external IP is xxx.xxx.xxx.xxx, and my IP in the local
> network is yyy.yyy.yyy.yyy. I want to install PostgreSQL on the
> computer with yyy.yyy... What and where I need to configure to have
> access to my database from Internet?

The device that does the xxx.xxx.xxx.xxx <=> yyy.yyy.yyy.yyy
translation needs to be configured to translate incoming (from the
Internet) TCP connections to xxx.xxx.xxx.xxx:5432 to yyy.yyy.yyy.yyy:5432
(substitute 5432 with whatever port(s) you're using for PostgreSQL;
5432 is the default).  In addition to the translation the device
might also need a firewall rule to allow those inbound connections.
I'd recommend using as restrictive a filter as possible -- if only
one or a handful of hosts need access to the database then allow
only those hosts to connect.  You might also consider allowing or
even requiring SSL connections ("hostssl" in pg_hba.conf), possibly
with SSL client authentication.

What kind of device is doing your address translation?  Somebody
here has probably used whatever you're using and might be able to
provide specific instructions or commands.

--
Michael Fuhr