From: | Network Administrator <netadmin(at)vcsn(dot)com> |
---|---|
To: | "Nigel J(dot) Andrews" <nandrews(at)investsystems(dot)co(dot)uk> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: - what protocol for an Internet postgres |
Date: | 2003-05-20 21:04:11 |
Message-ID: | 1053464651.3eca984b8c96f@webmail.vcsn.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
I just wanted to be complete. In that I mixed too different things. I think
the mentioning of X11 connections was in the context of providing documentation
but as you point out, it is not needed. Only the port forwarding pieces.
Sorry for the confusion. Lack of sleep and not having enough hours in a day to
get stuff done turn my mind into mush.
Quoting "Nigel J. Andrews" <nandrews(at)investsystems(dot)co(dot)uk>:
> On Tue, 20 May 2003, Network Administrator wrote:
>
> > Sorry for being MIA gentlemen but I thought I would just pop a note in
> here- my
> > apologies if this has been answered already it has been 4 days :)
> >
> > On the firewall thing- the only port I have open is 22. The trick was to
> make
> > sure the sshd process was going allow X11 forwarding.
>
> I almost hate to restart this thread along with you but...but do you why X11
> forwarding makes the difference?
>
> It never occured to me to flip the X11 forwarding toggle for the ssh comms
> corp
> client because a) I don't have a x server running on the Windows systems
> (nor
> do the developers) and b) X11 forwarding isn't the same thing as tunneling to
> a
> remote postgres server. I do not have it set fwiw.
>
> > On the client side, whether it ssh or say PuTTY, you have to make sure you
> are
> > allowing X11 connections back to yourself.
> >
> > For example the default ssh on the slackware run-time CD does not have
> this
> > feature enabled so if I'm at a clients site, I boot from this CD, mount my
> > floppy with my private key on it and type something like this (in an xterm
> > window after I bring up X-windows):
> >
> > ssh -X -C -i /mnt/privkey someaccount(at)someserver(dot)com
> >
> > The "-C" compresses the datastream. At this point, I can launch X apps
> and
> > they'll display on my screen.
> >
> > I'll provide the exact options if needed...
>
> That could be useful but I'm starting to wonder if we're on about slightly
> different things. I'm on about a client process on a local system talking to
> a
> postgresql server on a remote system. May be you are concerned with the
> issue
> of logging into a remote system and running client applications there but
> displaying on the local system?
>
> On the documentation front, I don't think this is a 7.3 series issue but
> just
> so you know I'll probably not get around to do anything before the deadline
> this week.
>
>
> > I agree Tom, I don't quite understand why you are not seeing the traffic
> unless
> > it is denied.
>
> You can still colour me baffled on that.
>
> >
> > Quoting Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
> >
> > > "Nigel J. Andrews" <nandrews(at)investsystems(dot)co(dot)uk> writes:
> > > > I probably wasn't clear. The rule was a _permit_ from localhost to any
> > > remote
> > > > host/port for something that looked like a core Windows service. I
> never
> > > saw
> > > > the network traffic (with tcpdump of course) for the port forwarding
> until
> > > I
> > > > disabled that permit rule, thereby actually tightening the firewall.
> > >
> > > [ scratches head... ] That makes no sense at all to me; does it to you?
> > >
> > > regards, tom lane
> > >
>
>
> --
> Nigel J. Andrews
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)
>
--
Keith C. Perry
Director of Networks & Applications
VCSN, Inc.
http://vcsn.com
____________________________________
This email account is being host by:
VCSN, Inc : http://vcsn.com
From | Date | Subject | |
---|---|---|---|
Next Message | Dave Krieger | 2003-05-20 21:05:07 | Building 7.1.3 on Solaris 2.6 |
Previous Message | Dmitri Bichko | 2003-05-20 20:45:15 | Re: Subqueries and the optimizer |