From: | "Greg Campbell" <greg(dot)campbell(at)us(dot)michelin(dot)com> |
---|---|
To: | "pgsql-odbc(at)postgresql(dot)org" <pgsql-odbc(at)postgresql(dot)org> |
Subject: | Port blocked by iptables firewall |
Date: | 2003-12-12 20:47:43 |
Message-ID: | 3FDA296F.83305998@us.michelin.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-odbc |
I just installed a new Red Hat 9 server with PostgreSQL 7.2-3.
After enabling tcpip_sockets (true) in postgresql.conf and restarting
the postmaster, I was not able to connect to the server remotely,
apparently because the port (5432) was not being responded to.
Using a working server I would use #psql -h hostname -d my_db_name -U
my_username
The response was
could not connect to the server: connection refused
Is the server running on host xxx.xxx.xxx.xxx and accepting
TCP/IP connections on port 5432?
Yes the server was running. I could use it via localhost. I even used
#nmap -sT -O localhost
where the port showed open.
I found RH9 seems to have upgrade its security using iptables instead of
ipchains -- and the default security level (high) was keeping me out. I
did not want to completely drop my security level (a test of dropping it
to medium and using configure opened too much stuff).
The trick seems to be to either use lokkit (gnone-lokkit in GUI) or hand
code iptables rules. The lokkit utilities are making changes to the
/etc/sysconfig/iptables file, which in-turn work with the firewall to
intercept packets as they going to or coming from NICs.
Hand coding iptables rules is not recommended for newbies.
The man iptables and iptables --help are essential. There are some
helpful links at
www.redhat.com/support/resources/networking/firewall.htm
iptables --list, is a pretty safe start
I just used lokkit and chose Customize. I included 5432 in the optional
ports area.
I had not seen any posting on this topic, so I thought I'd share.
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2003-12-12 21:19:00 | Re: Port blocked by iptables firewall |
Previous Message | Richard Combs | 2003-12-11 17:58:32 | Re: Sniffer to trace ODBC calls? |