1

I've been reading tutorials extensively to help figure out my problem, but to no avail.

I have a Redhat VM that I've installed Postgres on that I'm trying to make available for remote connections. When I'm on the machine, if I run the following command, I am able to connect to my desired table.

psql -U philhouse -d pwap

However, when I try running this:

psql -U philhouse -d pwap -h servername.nu.edu

I always time out.

I've read multiple tutorials and guides, but still cannot figure it out. I've edited pg_hba.conf file, my postgres.conf file, as well as attempted to work with iptables. Here are the outputs of the following just so that you can see:

pg_hba.conf I've changed to allow all connections for testing purposes

# TYPE DATABASE USER CIDR-ADDRESS METHOD # "local" is for Unix domain socket connections only local all all trust # IPv4 local connections: host all all 0.0.0.0/0 trust # IPv6 local connections: host all all ::1/128 trust

postgres.conf - here I changed listen_addresses to * just for testing purposes

#------------------------------------------------------------------------------ # CONNECTIONS AND AUTHENTICATION #------------------------------------------------------------------------------ # - Connection Settings - #listen_addresses = '*' # what IP address(es) to listen on; # comma-separated list of addresses; # defaults to 'localhost', '*' = all # (change requires restart) #port = 5432 # (change requires restart) max_connections = 100 # (change requires restart) # Note: Increasing max_connections costs ~400 bytes of shared memory per # connection slot, plus lock space (see max_locks_per_transaction). #superuser_reserved_connections = 3 # (change requires restart) #unix_socket_directory = '' # (change requires restart) #unix_socket_group = '' # (change requires restart) #unix_socket_permissions = 0777 # begin with 0 to use octal notation # (change requires restart) #bonjour_name = '' # defaults to the computer name # (change requires restart) # - Security and Authentication - #authentication_timeout = 1min # 1s-600s #ssl = off # (change requires restart) #ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' # allowed SSL ciphers # (change requires restart) #ssl_renegotiation_limit = 512MB # amount of data between renegotiations #password_encryption = on #db_user_namespace = off

** iptables ** I just attempted this .. not 100% sure what to do here.

# Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :NETBKP - [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -p tcp -m multiport --dports 13720,13721,13782,13724,13783,13722,13723 -j NETBKP -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT #-A INPUT -s 129.105.214.0/255.255.255.0 -p tcp -m tcp --dport 22 -j ACCEPT #-A INPUT -s 129.105.106.0/255.255.255.128 -p tcp -m tcp --dport 22 -j ACCEPT #-A INPUT -s 165.124.200.32/255.255.255.240 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -s 129.105.106.0/255.255.255.128 -p udp -m udp --dport 161 -j ACCEPT # #FP 121688 -A INPUT -s 129.105.0.0/255.255.0.0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -s 165.124.0.0/255.255.0.0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 3000 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5432 -j ACCEPT # # #-A INPUT -s 129.105.119.86 -j ACCEPT -A INPUT -j RH-Firewall-1-INPUT -A NETBKP -s 129.105.106.0/255.255.255.128 -j ACCEPT -A NETBKP -s 129.105.208.18 -j ACCEPT -A NETBKP -s 129.105.208.20 -j ACCEPT -A NETBKP -s 129.105.208.82 -j ACCEPT -A NETBKP -s 129.105.208.115 -j ACCEPT -A NETBKP -s 129.105.208.116 -j ACCEPT -A NETBKP -s 129.105.215.131 -j ACCEPT -A NETBKP -s 165.124.61.0/255.255.255.128 -j ACCEPT -A NETBKP -j REJECT --reject-with icmp-port-unreachable -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #-A RH-Firewall-1-INPUT -j LOG -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT

Any thoughts or things that I'm missing? I've been working on this for 3 days and haven't made a bit of progress...

Thanks for the help!!

Improve this question
1
  • Can you show the output of a 'netstat -tulpn' ? Commented Nov 5, 2014 at 10:26

2 Answers 2

Reset to default
0

Set your listen_address appropriately (i.e. remove the comment character in front of the listen_address that's already there). By default postgres only listens to the local socket and localhost (loopback interface).

Improve this answer
-1

Let me tell you the whole process, please recheck step by step:

  1. Add the following line into '/etc/postgres/10/main/postgres.conf':

    listen_addresses = '*'

  2. Add the following lines into '/etc/postgres/10/main/pg_hba.conf':

    host all all 0.0.0.0/0 md5 host replication all 0.0.0.0/0 md5

  3. Run the following command:

    sudo ufw allow 5432/tcp
Improve this answer
1
  • host all all 0.0.0.0/0 md5 is a security disaster begging to happen. Commented Aug 10 at 18:26

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.