Re: Firewalls and Postgres

Поиск
Список
Период
Сортировка
От eric soroos
Тема Re: Firewalls and Postgres
Дата
Msg-id 95527930.1168274981@[4.42.179.151]
обсуждение исходный текст
Ответ на Re: Firewalls and Postgres  (Holger Klawitter <lists@klawitter.de>)
Ответы Re: Firewalls and Postgres
Список pgsql-general
Дерево обсуждения 
On Wed, 29 Jan 2003 16:47:35 +0100 in message <200301291647.35376.lists@klawitter.de>, Holger Klawitter
<lists@klawitter.de>wrote: 
> Am Mittwoch, 29. Januar 2003 22:11 schrieb Tony Grant:
> > On Wed, 2003-01-29 at 10:04, Alan Carbutt wrote:
> > > Does anyone know if postgres uses any additional ports that might be
> > > blocked by a firewall?  I'm setting up a data warehouse prototype using
> > > pgAccess as the front end and I'm not having too much success with
> > > firewalling.  Any help is greatly appreciated
> >
> > 5432 works fine with my firewall.
> >
> > I can not figure yet how to do ssh port forwarding on it. Any tips
> > appreciated.
>
> No problems with that (at least with openssh), even through a firewall:
>
> ssh -l my-secret-key-file -n -N \
>     -L 15432:other.host.com:5432 \
>     other.host.com </dev>
> psql -h localhost -p 15432 my_database
>
> However,you have to keep in mind that this connection ends up on
> other.host.com as a tcp/ip connection on 11.22.33.44, not on 127.0.0.1.
> Might need some tweaking in postgresl.conf and pg_hba.conf.

I don't think you're right here            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

on one machine:

ssh -L 15432:127.0.0.1:5432 eds  (+ pw and stuff)
psql -p 15432 -h localhost

and on the other I see:
[eds:ops/logs] erics% ps ax | grep post
  272  ??  S      0:01.75 /usr/local/bin/postmaster -i -D /Volumes/db/pgsql/data
  313  ??  S      0:00.01 postgres: stats buffer process
                                            
  314  ??  S      0:00.15 postgres: stats collector process
                                            
 1363  ??  S      0:00.08 postgres: erics erics 127.0.0.1 idle
                                            

[eds:ops/logs] erics% netstat -a | grep 5432
tcp        0      0  localhost.5432         localhost.51398        ESTABLISHED
tcp        0      0  localhost.51398        localhost.5432         ESTABLISHED
tcp        0      0  *.5432                 *.*                    LISTEN

It's pretty clearly coming in over loopback internet sockets.

eric

В списке pgsql-general по дате отправления: