Grokbase Groups PostgreSQL pgsql-novice December 2008
FAQ

--- On Fri, 12/12/08, Bastiaan Olij wrote:

If you are on Mac or
Linux, are
the privileges set correctly? On one of our Mac servers we
it took us
some time to figure out Postgres was simply ignoring the
files because
the privileges where set different then it wanted, even
though it did
seem to have access.

Greetz,

Bas
I think the problem is something along these lines. I originally had the authentication method set to "MD5" in pg_hba.conf. I changed it to "trust" (and restarted postgres) just to try to get it working, without success. I happened to reboot the postgres host (linux) and httpd wouldn't start because it couldn't find mod_auth_pgsql.so. I commented out the line in auth_pgsql.conf loading it and apache complained that it needed the ssl passphrase.

I have mod_auth_pgsql.so so I'm going to try to mollify apache with that and see where it leads.

As for Tom's suggestion that the firewall is the problem, I don't think it is, having looked at the IPTables rules. There are essentially no restrictions (the network is behind a firewall). Having said that, I don't know much about IPTables and there were 1 or 2 entries that I definitely didn't understand. I plan to learn IPTables too though.

Thanks for the help,
Bruce Hyatt
Bruce Hyatt wrote:
I've been over my pg_hba.conf and postgresql.conf
files again and again, restarting after changes and I always
get 08004 connection refused when I try to connect through
the postgresql jdbc from another machine.
The user name I'm using works from the postgresql
host and I have enabled IP/TCP connections to the database.
Anything else? Surely this is something obvious
I'm overlooking.
Thanks,
Bruce Hyatt

Search Discussions

  • Bruce Hyatt at Dec 23, 2008 at 1:55 am

    --- On Mon, 12/22/08, Ognjen Blagojevic wrote:

    Bruce Hyatt wrote:
    I got 'connect failed' but here's my
    iptables chains:
    ...
    Chain RH-Firewall-1-INPUT (2 references)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
    ACCEPT icmp -- anywhere anywhere icmp any
    ACCEPT ipv6-crypt-- anywhere anywhere
    ACCEPT ipv6-auth-- anywhere anywhere
    ACCEPT udp -- anywhere 224.0.0.251
    udp dpt:5353
    ACCEPT udp -- anywhere anywhere
    udp dpt:ipp
    ACCEPT all -- anywhere anywhere
    state RELATED,ESTABLISHED
    ACCEPT tcp -- anywhere anywhere
    state NEW tcp dpt:http
    REJECT all -- anywhere anywhere
    reject-with icmp-host-prohibited
    It doesn't look to me like anything is restricted
    (except icmp).

    I don't think this is good. I only see port 80 being
    open. I'm not an expert with iptables, but you should
    have something like

    ACCEPT tcp -- anywhere anywhere
    state NEW tcp dpt:postgres

    listed above the reject line.
    I tried "iptables -A RH-Firewall-1-INPUT -p tcp --dport postgres" and "iptables -I RH-Firewall-1-INPUT 7 -p tcp --dport postgres" and neither worked. It looks like the problem is it didn't have "ACCEPT" in front of the rule:

    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
    tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

    Bruce
  • Ognjen Blagojevic at Dec 23, 2008 at 12:13 pm

    Bruce Hyatt wrote:
    --- On Mon, 12/22/08, Ognjen Blagojevic wrote:
    Bruce Hyatt wrote:
    I got 'connect failed' but here's my
    iptables chains:
    ...
    Chain RH-Firewall-1-INPUT (2 references)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
    ACCEPT icmp -- anywhere anywhere icmp any
    ACCEPT ipv6-crypt-- anywhere anywhere
    ACCEPT ipv6-auth-- anywhere anywhere
    ACCEPT udp -- anywhere 224.0.0.251
    udp dpt:5353
    ACCEPT udp -- anywhere anywhere
    udp dpt:ipp
    ACCEPT all -- anywhere anywhere
    state RELATED,ESTABLISHED
    ACCEPT tcp -- anywhere anywhere
    state NEW tcp dpt:http
    REJECT all -- anywhere anywhere
    reject-with icmp-host-prohibited
    It doesn't look to me like anything is restricted
    (except icmp).

    I don't think this is good. I only see port 80 being
    open. I'm not an expert with iptables, but you should
    have something like

    ACCEPT tcp -- anywhere anywhere
    state NEW tcp dpt:postgres

    listed above the reject line.
    I tried "iptables -A RH-Firewall-1-INPUT -p tcp --dport postgres" and "iptables -I RH-Firewall-1-INPUT 7 -p tcp --dport postgres" and neither worked. It looks like the problem is it didn't have "ACCEPT" in front of the rule:

    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
    tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

    Bruce
    I think you need to add "-j ACCEPT" to the command.

    -Ognejn
  • Bruce Hyatt at Dec 25, 2008 at 8:00 pm

    --- On Tue, 12/23/08, Ognjen Blagojevic wrote:

    I tried "iptables -A RH-Firewall-1-INPUT -p tcp
    --dport postgres" and "iptables -I
    RH-Firewall-1-INPUT 7 -p tcp --dport postgres" and
    neither worked. It looks like the problem is it didn't
    have "ACCEPT" in front of the rule:
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0
    udp dpt:631 tcp -- 0.0.0.0/0
    0.0.0.0/0 tcp dpt:5432 ACCEPT all --
    0.0.0.0/0 0.0.0.0/0 state
    RELATED,ESTABLISHED
    Bruce
    I think you need to add "-j ACCEPT" to the
    command.
    Thanks Ognejn. That did it.

    Bruce

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppgsql-novice @
categoriespostgresql
postedDec 16, '08 at 12:12a
activeDec 25, '08 at 8:00p
posts4
users2
websitepostgresql.org
irc#postgresql

2 users in discussion

Bruce Hyatt: 3 posts Ognjen Blagojevic: 1 post

Content

People

Support

Translate

site design / logo © 2022 Grokbase