Port blocked by iptables firewall

From: "Greg Campbell" <greg(dot)campbell(at)us(dot)michelin(dot)com>
To: "pgsql-odbc(at)postgresql(dot)org" <pgsql-odbc(at)postgresql(dot)org>
Subject: Port blocked by iptables firewall
Date: 2003-12-12 20:47:43
Message-ID: 3FDA296F.83305998@us.michelin.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-odbc

I just installed a new Red Hat 9 server with PostgreSQL 7.2-3.

After enabling tcpip_sockets (true) in postgresql.conf and restarting
the postmaster, I was not able to connect to the server remotely,
apparently because the port (5432) was not being responded to.

Using a working server I would use #psql -h hostname -d my_db_name -U
my_username

The response was
could not connect to the server: connection refused
Is the server running on host xxx.xxx.xxx.xxx and accepting
TCP/IP connections on port 5432?

Yes the server was running. I could use it via localhost. I even used
#nmap -sT -O localhost
where the port showed open.

I found RH9 seems to have upgrade its security using iptables instead of
ipchains -- and the default security level (high) was keeping me out. I
did not want to completely drop my security level (a test of dropping it
to medium and using configure opened too much stuff).

The trick seems to be to either use lokkit (gnone-lokkit in GUI) or hand
code iptables rules. The lokkit utilities are making changes to the
/etc/sysconfig/iptables file, which in-turn work with the firewall to
intercept packets as they going to or coming from NICs.

Hand coding iptables rules is not recommended for newbies.
The man iptables and iptables --help are essential. There are some
helpful links at
www.redhat.com/support/resources/networking/firewall.htm

iptables --list, is a pretty safe start

I just used lokkit and chose Customize. I included 5432 in the optional
ports area.

I had not seen any posting on this topic, so I thought I'd share.

Responses

Browse pgsql-odbc by date

  From Date Subject
Next Message Tom Lane 2003-12-12 21:19:00 Re: Port blocked by iptables firewall
Previous Message Richard Combs 2003-12-11 17:58:32 Re: Sniffer to trace ODBC calls?