From: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
---|---|
To: | Yvon Thoraval <yvon(dot)thoraval(at)gmail(dot)com> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: PostgreSQL and IPV6 |
Date: | 2012-11-03 09:14:00 |
Message-ID: | 20121103091400.GB5938@svana.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Sat, Nov 03, 2012 at 09:11:51AM +0100, Yvon Thoraval wrote:
> I'm using to computers :
> - a laptop under Xubuntu 12.04 with PostgreSQL 9.1
> - a desktop under Mac OS X Mountain Lion with PostgreSQL 9.2
>
> After the switch to Mountain Lion, i had a small prob connecting to a
> database on my laptop.
<snip>
> However when connecting from desktop to laptop, altough the IPV6 address of
> my desktop is in my pg_hba.conf,psql rejected the connection because an
> address terminating by "18cf" isn't in my pg_hba.conf.
>
> Then i did verify my mac os x setup showing that this address is a valid
> one for my desktop, in fact my desktop does have up to eight IPV6 addresses.
IIRC MacOS X uses the IPv6 privacy extensions which means that clients
will regularly get different source IPs. The machine does this by
adding a new address every now and then.
A side effect of this is that you can't firewall on specific IP. A few
things I can think of:
- Find a way to fix the IP address.
- Use the link-local address (beginning with fe80) as they won't
change. Only works on a single network ofcourse.
- Allow the whole subnet, rather than individual IPs.
> Why, in one direction from laptop to desktop i use successfully :
>
> psql -h IPV6-terminating-by-2559
>
> and the other way, from desktop to laptop this is IPV6-terminating-by-18cf
> being seen by the laptop's PostgreSQL ?
Linux does not use privacy extensions by default, so the IP address
doesn't change. Maybe that explains it?
Have a nice day,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> He who writes carelessly confesses thereby at the very outset that he does
> not attach much importance to his own thoughts.
-- Arthur Schopenhauer
From | Date | Subject | |
---|---|---|---|
Next Message | Yvon Thoraval | 2012-11-03 09:23:52 | Re: PostgreSQL and IPV6 |
Previous Message | Yvon Thoraval | 2012-11-03 08:11:51 | PostgreSQL and IPV6 |