Re: correct config (and syntax) for remote access
| От | P Kapat |
|---|---|
| Тема | Re: correct config (and syntax) for remote access |
| Дата | |
| Msg-id | daef5be80903170905u74a47681oa73e01ca96629ecf@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: correct config (and syntax) for remote access (Bob McConnell <rmcconne@lightlink.com>) |
| Список | pgsql-novice |
On Mon, Mar 16, 2009 at 6:42 PM, Bob McConnell <rmcconne@lightlink.com> wrote: > P Kapat wrote: >> >> On Sun, Mar 15, 2009 at 9:08 AM, Bob McConnell <rmcconne@lightlink.com> >> wrote: >>> >>> P Kapat wrote: >>>> >>>> Host A (IP : 1.2.3.4) has the 8.1.11 postgress server running. I want >>>> to set it up so that I can connect from Host B (IP 5.6.7.8). >>>> >>>> Relevant lines from /var/lib/pgsql/data/pg_hba.conf (on host A) >>>> local all postgres ident sameuser >>>> local all all ident sameuser >>>> host all all 127.0.0.1/32 md5 >>>> host all foouser 5.6.7.8/32 md5 >>>> >>>> Relevant lines form /var/lib/pgsql/data/postgresql.conf (on host A): >>>> listen_addresses = 'localhost,5.6.7.8' >>>> >>>> Will this work? The firewall has 5432 port open for connection between A >>>> and B. >>>> >>> Not quite. The listen_addresses should be 'localhost,1.2.3.4'. localhost >>> is >>> 127.0.0.1, which can be reached by any process on that machine. The other >>> address is the TCP/IP address for the interface you want postgres to >>> receive >>> connections on. It has to be an address on the same computer as your >>> server. >>> i.e. one that shows up when you run 'ifconfig' on that box. It is >>> probably >>> easier to just use '*' unless you have multiple network interfaces. >>> >>> Don't forget to restart the server after you change those files. >> >> @Peter, Bob: Thanks. I had a wrong notion of "listen_addresses"! >> Everything works fine now... >> >> One final question: Is there any "security" related difference >> between, listen_addresses='localhost, 1.2.3.4' and >> listen_addresses='*' that I should be aware of? There is only one >> network card on the server machine, so does it matter? >> > > AFAICT, when you run 'ifconfig' you get a list of all the interfaces that > will be able to access the server when you use '*'. As long as you only have > the one NIC and the loopback device, it shouldn't make any difference. But > as soon as you add another NIC, configure a VM, or define a TUN or TAP > device for a VPN, etc., you might want to limit the connection list just to > minimize the load from that traffic. However, the actual security is set up > in pg_hba.conf. Thanks Bob, I guess I'll stick with 'localhost,1.2.3.4' setup for now.... I already have a restricted config in pg_hba.conf... So, hopefully things should be OK. -- Regards PK -------------------------------------- http://counter.li.org #402424
В списке pgsql-novice по дате отправления: