| From: | Steve Crawford <scrawford(at)pinpointresearch(dot)com> |
|---|---|
| To: | John Edens <edensjc(at)sfasu(dot)edu> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: How to configure for remote TCP/IP client conncections using MS Visual Basic OLE DB calls and PostgreSQL dll's? |
| Date: | 2011-03-09 18:55:35 |
| Message-ID: | 4D77CD27.4020504@pinpointresearch.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 03/09/2011 09:54 AM, John Edens wrote:
>
> ------------
>
> Using * should be fine unless you have multiple IP addresses and want
> the *server* to *listen* on only some of those addresses - say
> localhost if you were running web and db on the same machine and
> didn't want to listen to connections from the outside. This setting
> only determines where the server listens.
>
> -------------
>
> Okay, done that - what is the difference between listening on only
> some of those addresses and allowing only clients in a certain range
> to connect?
>
>
They are completely different.
Your server can have multiple IP addresses. In fact, it almost certainly
has an IP assigned to your NIC and a localhost address. But you could
have multiple NICs in the machine and/or multiple IP addresses assigned
to each NIC. This is very common - especially for web servers hosting
several sites on different addresses. The addresses can be on different
networks, as well.
Suppose your server has addresses 10.1.1.2, 10.1.1.3 and 192.168.1.4. If
listen_addresses is set to *, a client could connect to PostgreSQL by
connecting to any of those addresses - i.e. the host in their connection
string could be any of the addresses you listen on. If that is not what
you want, you need to explicitly list the addresses you want PostgreSQL
to use.
Now that you are listening on one or more addresses, the pg_hba.conf
determines who is allowed to connect. It is completely independent of
where you listen. It could include all IP addresses, or one or more
individual IPs or IP ranges. And the IP addresses allowed for clients do
not need to overlap your listen_address or be on the same IP network.
By way of example, you could have three independent instances of
PostgreSQL running on your machine - perhaps one for dev, one for QA and
one for deployment-staging. You could have dev listen only on .2, QA on
.3 and deploy on .4. You could even have a 4th, say "sandbox", listening
on all (though it would have to have a different port). And each one of
those instances could have different pg_hba.conf settings to restrict
client access as appropriate.
Cheers,
Steve
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rajesh Kumar Mallah | 2011-03-09 19:09:43 | Re: select count(*) |
| Previous Message | Adrian Klaver | 2011-03-09 18:27:50 | Re: How to configure for remote TCP/IP client conncections using MS Visual Basic OLE DB calls and PostgreSQL dll's? |